CyberheistNews Vol #5 #49 The Top 5 Holiday Scams To Warn Your Users About

This holiday season could be the most wonderful time of year for cyber criminals, according to digital identity company ThreatMetrix. In a new report, the firm reveals that it has detected a 25% jump in attacks.

CyberHeist News CyberheistNews Vol #5 #49 Nov 17, 2015
The Top 5 Holiday Scams To Warn Your Users About
Stu Sjouwerman

This holiday season could be the most wonderful time of year for cyber criminals, according to digital identity company ThreatMetrix. In a new report, the firm reveals that it has detected a 25% jump in attacks.

We did our homework and came up with the Top 5 Holiday Scams that your employees should be warned about. We recommend you send these to everyone in your organization, just to remind them that cyber criminals are going into overdrive this time of year. Edit/Copy/Paste if you want the following as your pre-holiday security messaging!

1. Black Friday/Cyber Monday Specials

This time of year, online scams use a variety of lures to get unsuspecting buyers to click on links or open attachments. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information – but never deliver the goods. Sites that seem to have incredible discounts should be a red flag. Remember that when a "special offer" is too good to be true, it usually is. For instance, never click on links in emails or popups with very deep discount offers for watches, phones or tablets. Go to the website yourself through your browser and check if that offer is legit.

2. Complimentary Vouchers or Gift Cards

A popular holiday scam is big discounts on gift cards. Don't fall for offers from retailers or social media posts that offer phony vouchers or (Starbucks) gift cards paired with special promotions or contests. Some posts or emails even appear to be shared by a friend (who may have been hacked). Develop a healthy dose of skepticism and "Think Before You Click" on offers or attachments with any gift cards or vouchers!

3. Bogus Shipping Notices From UPS and FedEx

You are going to see emails supposedly from UPS and FedEx in your inbox that claim your package has a problem and/or could not be delivered. Many of these are phishing attacks that try to make you click on a link or open an attachment. However, what happens when you do that is that your computer gets infected with a virus or even ransomware which holds all your files hostage until you pay 500 dollars in ransom.

4. Holiday Refund Scams

These emails seem to come from retail chains or e-commerce companies such as Amazon or eBay claiming there's a "wrong transaction" and prompt you to click the refund link. However, when you do that and are asked to fill out a form, the personal information you give out will be sold to cyber criminals who use it against you. Oh, and never, never, never pay online with a debit card, only use credit cards. Why? if the debit card gets compromised, the bad guys can empty your bank account quickly.

5. Phishing on the Dark Side

A new phishing email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, "Star Wars: The Force Awakens," due out on Dec. 18. However, the email is a phishing attack. Leading up to the film’s release, and shortly after, you need to watch out for this social engineering attack and not fall for the scam. Stay safe online!

BONUS TIP: Never use an insecure public Wi-Fi to shop with your credit card. Only shop with a secure connection at home.

(If you are a KnowBe4 customer, we suggest you send the ready-made "Star Wars Tickets" template to all your users to inoculate them against this particular attack, it's available in the Current Events campaign).

KnowBe4 and Kevin Mitnick Featured in USA Today Cybersecurity Supplement

We recently participated in USA Today's “Cyber Security” campaign that aims to encourage readers to recognize the importance of cyber security in their personal, financial and business lives while encouraging them to evaluate their cyber risk and take action to improve it.

The campaign was distributed within the centerfold of USA Today on November 13th, 2015. Here is a link to the PDF, this centerfold has some interesting articles!

Are You A Phishme, Wombat or KnowBe4 Customer?

If so, Osterman Research has a 15-second request for you related to participating in a survey. Please answer this 2-click initial question. Thanks very much!

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"Your task is not to seek for love, but merely to seek and find all the barriers within yourself that you have built against it."- Rumi, Poet (1207-1273)

"Too often we underestimate the power of a touch, a smile, a kind word, a listening ear, an honest compliment, or the smallest act of caring, all of which have the potential to turn a life around."- Leo Buscaglia, Author (1924-1998)

Thanks for reading CyberheistNews

Security News
This Week's Five Most Popular HackBusters Posts
    1. Face-slapping alarm clock refuses to let you sleep in - (Video is NSFW):

    2. Fallout 4 ships 12 million copies in one day, breaks records:

    3. T-Mobile will double the amount of mobile data for customers:

    4. Hackers have Hacked into US Arrest Records Database:

    5. Linux Ransomware Targeting Servers and Threatening Webmasters to Pay:
10 Reasons Why Phishing Attacks
Are Nastier Than Ever

IT Security Guru Roger Grimes has an excellent article at the CSO website. This is a must-read. Roger started out with: "Forget Nigerian princes -- today’s spear-phishing is sophisticated business, fooling even the most seasoned security pros.

Phishing emails have been the scourge of the computer world for decades, defeating even our best efforts to combat them. Most of us can easily spot them by their subject lines and delete without even opening. If we’re not entirely sure and end up opening them, we can immediately identify a phishing attempt by its overly formal greetings, foreign origins, misspellings, and overly solicitous efforts to send us millions of unearned dollars or to sell us dubious products. Most of the time, phishing attempts are a minor menace we solve with a Delete key.

Enter spear-phishing: a targeted approach to phishing that is proving nefariously effective, even against the most seasoned security pros. Why? Because they are crafted by thoughtful professionals who seem to know your business, your current projects, your interests. They don’t tip their hand by trying to sell you anything or claiming to have money to give away. In fact, today’s spear-phishing attempts have far more sinister goals than simple financial theft. Keep on reading here:

Ransomware As A Service Cashing In On Cryptolocker's Name

Also at CSO, Steve Ragan reported about a new service which launched this week which is offering a new Ransomware product under the name CryptoLocker to anyone willing to pay ten percent of the collected ransom. In addition to the core Ransomware product, the ultimate goal of the business owner is to implement additional functions to the malware including linking it to recently produced exploits. The new venture is being run by a well-known cyber criminal using the handle Fakben. More:

Take The "Security and IoT" Survey

Our latest, joint KnowBe4 & ITIC/StrategyAnalytics 2015 – 2016 Security and IoT Survey is live!

In the Digital Age where everyone is connected via IoT, BYOD, the cloud and the Internet, security is more crucial than ever. Hacks into corporate networks and consumer devices are occurring with alarming frequency. Is your firm’s security proactive or reactive? The survey should take about 5 to 10 minutes to complete. Leave a comment with your Email address for a chance to win a 100 dollar Amazon gift card. All responses are confidential. No sales person will call you and we never share your information with anyone.

Once the survey is complete, we will publish an Executive Summary in CyberheistNews. Additionally, anyone who has completed the survey is eligible for a complimentary copy of the full Report by sending a request to or Stu Sjouwerman at:

Thanks very much in advance for your participation. Take the survey here:

Healthcare Employees Often Complacent
About Security

"Non-technical healthcare employees are too complacent about the possibility of a data breach and few are aware that it has happened to their organization, according to a recent Trustwave survey of employees at large and mid-sized healthcare organizations. The 2015 Security Health Check Report, based on a survey of 398 full-time healthcare professionals, found that while 91 percent of respondents believe cyber criminals are increasingly targeting healthcare organizations, only 10 percent or less of their overall IT budget is allocated for cybersecurity and the protection of highly sensitive patient data.

"The findings also reveal employee complacency could actually be putting healthcare data at risk. In the past two years, hackers have stolen data from 81 percent of hospitals and health insurance companies, according to a report released by KPMG." More:

Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff
    • The North Face's Moon Parka is made from synthetic spider silk. Spider silk has some amazing properties. Among other things, it's as strong as steel, tougher than Kevlar, and lighter than carbon fiber:
    • An alarm clock that will not allow you to sleep in - by slapping you in the face: This gal is good, but this video is NOT SAFE FOR WORK- strong language:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews