CyberheistNews Vol 5 #5 Scam Of The Week: Child Predator Phishing Email


Scam Of The Week: Child Predator Phishing Email

Just when you think phishing criminals cannot sink any further, you get  confronted with a "new low". This phishing scam preys a on parent's fear.  The scam email looks like a warning for parents about a child predator  that moved into their zip code area, but it’s a really low phishing scam. I suggest you send your users a warning like this. Feel free to edit:

"You receive an email with a subject line like: “Alert: There is a child  predator living near you!” This information is based on your “local area  zip code.” But you don’t remember signing up for such a service. 

"When you open the email, it "warns" you that a predator has moved into  your area and it provides a link for more information. As you by now have  guessed, clicking the link infects your computer with malware that will  try to steal your passwords, credit information, your passwords up to  and including your identity.

If you might click on the link, you are redirected through several sites  to land on the Kids Live Safe website, which is a service that sells  localized reports on sex offenders. But this phishing attack is not  from that website, it just sends victims there to try to look credible  and distract your attention from the fact your computer is now infected  with malware. Do not click on any links, and delete this email."

   Please send a link to this blog post to your friends and family right away, as the blog is an example of what the phishing email looks like:

For KnowBe4 customers, we have a new template in Current Events that is called: "Child Predator Found in Your Area" and we recommend sending this to all your employees to inoculate them against attacks like this.

Cyber criminals are getting more sophisticated by the month. It is really a  must to step employees through effective security awareness training and send  them simulated phishing attacks on a regular basis. If you are not a KnowBe4 customer yet, find out how affordable this is for your organization today.
Get A Quote Now:

RansomWeb: Cyber Criminals Hold Whole Website Hostage

Now this is a whole new wrinkle in criminal ransomware. Malicious hacker crews  have started taking over whole websites, injecting some code to file-by-file  on-the-fly first encrypt and then decrypt all information in real time, so  that after some months the whole website is encrypted and decrypted with a  key that the bad guys own. The website owner sees nothing strange happening,  all the traffic is https, and apparently it is fast enough to avoid a  performance hit.

Then, one day when the website encryption process is (close to) complete, the  bad guys pull the plug and ask for a ransom to turn things back on. Moreover,  during the period they owned the website they tunneled into the network and  deleted or overwrote all backups so that these do not exist. Swiss security firm  High-TechBridge investigated the breach in December 2014 and reported on it.

Brian Honan, security consultant, said the modus operandi of the RansomWeb  hackers was similar to ransomware attacks against a number of SMBs he had  worked with, whereby the criminals broke into the server of the victim,  overwrote backups with either the encrypted data or blank data, and at a  later date returned to encrypt the server. “At this stage the backups are  no longer useful as they contain no workable data to restore the systems,  thus leaving the victim companies with the choice of either losing all their  data and rebuilding it from scratch, or paying the ransom.”

So, make sure you make regular backups, regularly test your restore function,  and at least make off-site backups weekly so that you can restore if you need to! And obviously, your employees often let these bad guys in unwittingly by  clicking on a link in a phishing email, so stepping them through effective  security awareness training and sending them regular simulated phishing attacks is a must.

Find Out Which New Phishing Features We Added

KnowBe4 uses the Agile software development system and over 2014 we have added  a whole slew of features in the phishing part of our service, all based on your  feedback. We have summarized all of them here, in a brand new 2015 datasheet.

If you're not a customer yet, check out the feature list. And if you are an  existing customer (we have well over 1,000 enterprise accounts) check the list  too, because there are likely a few new things you did not know about yet!  List of New Phishing Features in a web page:

List of New Phishing Features as a print friendly PDF Datasheet:

Warm Regards,
Stu Sjouwerman

Quotes Of The Week


Quotes of the Week:

"We don't stop playing because we grow old; we grow old because we stop  playing."  - George Bernard Shaw

"Work and play are words used to describe the same thing under differing  conditions."  - Mark Twain

Security News


Quick Reminder: InfoSec World Conference & Expo 2015

Put this in your calendar: March 23-25, 2015 - InfoSec World 2015,  coming to Disney’s Contemporary Resort this March, is now just 2  months away!  Don’t miss this 7-track event featuring a lineup of  conference sessions, workshops and summits that address the most  pressing matters in information security today. And, just for being  Cyberheist News subscriber, register with the special discount code  OS15/CHN and you'll receive 10% off the conference registration fee. 

To register, simply call the Customer Service department who can sign  you up over the phone: 508-879-7999 ext. 501, and don't forget to  mention your discount code - OS15/CHN!

Twenty-Eight Percent Of Security Spending Wasted On Shelfware

The average organization spent $115 per user on security-related  software last year, but $33 of it, or 28 percent, was underutilized or  not used at all, according to a new report from Osterman Research.

"As much as 60 percent of security software remains completely unused  in some organizations," the report said. Almost all of this wasted  spending was on traditional packaged software, because cloud services  are typically billed based on use and need little or no additional  configuration or customization.

Specifically, 81 percent of security software was still delivered  in the traditional way, compared to 19 percent that was cloud-based,  according to the survey of IT decision makers in large and small  companies. More at CSO online:

Short, Sharp Spam Attacks Aiming To Spread Dyre Financial Malware

Nick Johnson at Symantec wrote: "Since early January 2015, Symantec has  been seeing multiple instances of [very] short-duration, high-volume  spam attacks targeting millions of users at a time. While these attacks  last only a few minutes at a time, the vast number of emails sent during  each burst was interesting.

"These attacks are related to the growth in link spam that we blogged  about in December 2014, which saw attackers change their tactics and  move towards sending users malicious links instead of malicious  attachments. 

Similar to the previous spam campaigns, these recent bursts of malicious  emails are also linked to the Cutwail botnet (Trojan.Pandex) and contain  malicious URLs that lead to Downloader.Upatre, which in turn leads to  the financial Trojan Infostealer.Dyranges (Dyre) being downloaded to  the computer. 

However in some cases, instead of being sent to a site serving malware,  users were sent to a phishing page. Ultimately, however, it seems the  attackers’ goal is to steal information from victims’ computers as  Infostealer.Dyranges is known to steal financial information and the  phishing sites used in the attack campaign are masquerading as login  pages for financial institutions.

Typical spam emails associated with these attacks use commonly seen  techniques such as appearing to come from a spoofed company or  institution or from an “Administrator” for example. The subject lines  will often grab the user’s attention with something like “Important  information about your account” and the body of the email will contain  text in relation to this."  More at Symantec:

FBI Phishing Tip

This is actually a good simple and smart tip from the Feds if you have not done this yet.

Don Miller wrote: "I got a tip from my local FBI agent about a month ago.  We made a minor change to a transport rule in Exchange, and now my users  are much more savvy about phishing scams.

"I added a transport rule that adds [EXTERNAL] to the subject line of every  email that originates from outside our organization. We have seen a few  spear phishing emails that try to act like they are coming from somewhere  in our organization, but since that change, no one believes them anymore."

We help ransomware victims pay their ransom if all backups have failed. This is the first video I found that explains Bitcoin in a clear way in 3 minutes!

There is a fantastic fan made web series called "Star Trek Continues". They create their own sets and whole episodes. Check them out at:

Young Elon Musk featured in documentary about millionaires. He takes delivery  of his million dollar McLaren F1 - just 3 years after arriving in Silicon Valley:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews