Scam Of The Week: LinkedIn Support Phishing Emails
The scam is at least 15 years old if not more, but unfortunately this type of social engineering still works. Remind your users one more time that emails like this can hit their inbox at any time, because some modern spam techniques are able to bypass all the mail filters you have in place. I would send them this, or something close to it. Feel free to edit and send it to all employees and friends. (You could suggest they turn on LinkedIn's two-factor authentication).
Recently, scammers are attacking people with LinkedIn accounts using phishing e-mails claiming to be a LinkedIn Tech Support message. In these fake e-mails it is stated that "irregular activities" are happening on your LinkedIn account which require a mandatory security update of your account.
Obviously this is all a scam, and the purpose of the emails is to get you to fill out an attached HTML form which is a spoofed LinkedIn login page. What you fill out does not get you logged into the site but gets sent to the bad guys who then own your account.
You can recognize this scam because the email uses a lowercase "i" instead of a capital "I" when spelling “Linkedin”. To see what the scam email looks like, check the picture at the KnowBe4 Blog. Remember: "When in doubt, throw it out!"
http://blog.knowbe4.com/scam-of-the-week-linkedin-support-phishing-emails
Despite all the software and hardware protection layers in place, things slip by on a regular basis. The bad guys have their own labs and run all the popular spam filters in-house, so they can test until they have a phishing attack that makes it through.
You really need a "human firewall" in place so stepping your users through effective security awareness training is a must these days.
Warm Regards,
Stu Sjouwerman
Quotes of the Week:
" You can tell more about a person by what he says about others than you can by what others say about him. " - Audrey Hepburn
" If you can't explain it simply, you don't understand it well enough. " - Albert Einstein
Can Bad Guys Impersonate Your Executives?
Can the bad guys impersonate one of your co-workers or your C-level execs? In other words, can your domain be spoofed? KnowBe4 can help you find out in one minute with our free Domain Spoof Test.
The Domain Spoof Test sheds light on a major potential vulnerability; email servers not being correctly configured. Bad guys using your organization's publicly available email addresses can attack your employees by impersonating (spoofing) a co-worker or executive.
We offer a free one-time Domain Spoof Test (DST) that verifies whether a hacker can disguise a malicious phishing email as a normal message from someone within your organization, such as a manager or CEO. If this is possible, hackers can easily launch a spear-phishing attack.
The only thing we do is send one email TO you, FROM you, (spoofed). If you receive this email, bad guys can spoof your domain too. It takes 1 minute, so request the free domain spoof test for your own domain name. Click here and fill out the form:
https://info.knowbe4.com/domainspooftest-15-01-27
Exciting New Features We Recently Released
It's been a while since we released a full list of all recently added Kevin Mitnick Security Awareness Training features. It's getting to be a pretty exciting list! And know this is purely based on feedback you have given us in your earlier survey answers. This is everything you need and nothing you don't. "For admins by admins", and as lean as possible. Check it out, you may not yet know about some new feature that you could use!
https://www.knowbe4.com/security-awareness-training-features/
Focus On Security Obscures Rise Of "Shadow IT"
Nearly three-quarters of IT security professionals are unaware of the amount of “shadow IT” within their organizations, according to a recent survey by the Cloud Security Alliance.
Shadow IT, according to CSA, is technology spending and implementation that occurs outside the IT department, including cloud apps adopted by individual employees, teams and business units. “Employees are more empowered than ever before to find and use cloud applications, often with limited or no involvement from the IT department,” according to the survey report, which interviewed 212 participants around the world in professional IT security roles.
Some organizations block certain cloud services altogether, such as those from Dropbox, Facebook, Apple iCloud, Tumblr, but that can be even riskier if employees seek out alternatives that have less mature security controls, CSA said. More:
https://gcn.com/articles/2015/01/20/shadow-it.aspx?s=gcntech_210115
Harvard Business Review Cybersecurity Article
President Obama’s new raft of proposals aim to address the growing concern that America is not taking tough-enough action against the increasing cybersecurity problem of nation-states and criminals (usually criminal gangs) attacking U.S. consumers and organizations.
The evildoers’ motivation for doing so is most often money, but intellectual property is also being filched, and the internet is also being used for anything from identity theft to illicit political objectives.
Good message at the end of this Harvard article: "Most important is education: Everyone — individuals, employees, companies, and boards of directors — needs to understand the new dangers." More:
https://hbr.org/2015/01/the-flaws-in-obamas-cybersecurity-initiative
This Week's Links We Like. Tips, Hints And Fun Stuff.
Watch two women fall in love with Tesla Model S P85D:
https://www.autoblog.com/2015/01/20/watch-two-women-in-love-tesla-model-s-p85d-video/
May The Best Robot Win! The new DARPA challenge - see this new hardware:
https://youtu.be/27HkxMo6qK0
Codebases - how many millions of lines of code in which product? Enlightening!
https://www.informationisbeautiful.net/visualizations/million-lines-of-code/