Scam Of The Week #1: Death In The Family
Cybercrime is innovating on a known and disgusting scam; preying on people that have recently suffered a loss. Used to be that old time scam artists read the obituary notices in the paper, dress in black and show up to freeload at funerals. Well, here is the modern equivalent and it's much worse. Keep in mind that over 2.4 million Americans die in accidents every year, and over 1 million of these are sudden.
Unfortunately, the Internet allows crime to scale, so a new criminal industry of death has developed. These criminals scan the Internet for a death in the family and start social engineering the immediate family members via email or social media by claiming the deceased left them a confidential message that must be kept secret. They insist on strict confidentiality and after a few emails it turns out they want $2,500 in exchange for 3 DVDs and other "very important documents". How deep can these people sink? You'd wish for them to be six feet under themselves.
I would send your users something like the following. Feel free to edit:
"By now you are used to seeing spam and phishing emails in your inbox, but cunning cybercriminals are constantly coming up with new ways to find victims. Unfortunately, the direction that this is going is more and more targeted. That means cybercrime can directly target YOU because they have information specifically related to your personal data or events.
"At the moment, cyber criminals scan for deaths in your family (2,4 million Americans die every year, and over 1 million of these are sudden) and then try to scam you by claiming the deceased has left them very confidential information that needs to be kept secret from the rest of the family. They demand you transfer money for DVDs and "very important documents". Don't fall for it. It is a shame if you suffer a major loss that you also need to be on your guard for criminals like this, but they prey on you when you are at your most vulnerable. Keep an eye out for this when something like this happens in your family or a friend's! Here is a link to the blog post:
http://blog.knowbe4.com/scam-of-the-week-death-in-the-family
Scam Of The Week #2: The IRS is Suing You
Feb 20, 2015 at 8am I received a robo-call at the house in a female voice that said the following: "We have been trying to reach you. This call is officially a final notice from IRS, the internal revenue service. The reason of this call is to inform you that the IRS is filing lawsuit against you. To get more information about this case file, please call immediately on our department number 360-362-4254"
The area code 360 is very cleverly western Washington outside of Seattle, but it looks official when you see the "Washington" caller ID. First thing I thought was "wrong mark!" and of course I got really interested to see if I could call them back and mess with them, but the line was busy. Too bad, that would have been fun but don't try this at home.
However, this is another heads-up that these social engineering attacks are happening all the time and are targeting your employees at the house. I would send an email to your users with something like this:
"It's tax season and cybercriminals are trying to make money off this opportunity. At the moment, massive amounts of robo-calls are being made to people at the house claiming that the IRS is suing you, with a callback number in Washington. The same is happening with IRS phishing emails. Don't try to call the number, and delete the emails. These scammers use high pressure tactics to extort your money. Remember to never give out personal information to anyone unless YOU have initiated the contact."
Here is a link to the blog post:
http://blog.knowbe4.com/just-got-a-social-engineering-call-that-the-irs-is-suing-me
Warm Regards,
Stu Sjouwerman
Quotes of the Week:
" The fear of death follows from the fear of life. A man who lives fully is prepared to die at any time. " - Mark Twain
" The only difference between death and taxes is that death doesn't get worse every time Congress meets. " - Will Rogers
|
Thanks for reading CyberheistNews!
|
|
Which Employees Are Most Likely To Fall For Phishing Attacks?
Did you know that 91% of successful data breaches started with a spear-phishing attack... but who clicked?
Take the first step now to significantly improve your organization’s defenses against cybercrime. You will be able to immediately start your Free Phishing Security Test (PST). No need to talk to anyone. The PST allows you to find out what percentage of your users is Phish-prone. Start here. Did we say this is free?
http://www.knowbe4.com/phishing-security-test/
Most Vulnerable Operating Systems And Applications In 2014
Christian Florian at GFI wrote a great blog post. Here is a short extract but I suggest you read the whole thing at their site.
An average of 19 vulnerabilities per day were reported in 2014, according o the data from the National Vulnerability Database (NVD). The NVD provides a comprehensive list of software security vulnerabilities. In this article, I look at some of the trends and key findings for 2014 based on the NVD’s database. Some of the questions asked are:
- What are the latest vulnerability trends? Are we seeing an increase or a decrease in the number of vulnerabilities?
- What percentage of these vulnerabilities are rated as critical? (e.g. high security impact – like allowing remote code execution – and thus easy to exploit)
- In which areas do we see the most vulnerabilities? Are operating systems, third-party applications or network devices such as routers, switches, access points or printers most at risk?
- Which operating systems and applications are listed with most vulnerabilities? This data is important because the products which are on top get the most frequent security updates. To maintain an IT infrastructure secure, sysadmins need to continually monitor these operating systems and applications for the latest updates and ensure they are always fully patched.
7,038 new security vulnerabilities were added to the NVD database in 2014. This means an average of 19 new vulnerabilities per day. The number is significantly higher than in 2013 and continues the ascending trend over the past few years. Read the post and see the trends:
http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/
New Details About $1 Billion Crime Ring
In an exclusive interview with Tracy Kitten, Sergey Golonvanov, a threat researcher at Kaspersky Lab, explains how a highly sophisticated and well-funded crime ring based in Russia, which made headlines over the weekend for successfully defrauding up to $1 billion from banks in Europe, the U.S. and elsewhere, was able to fly under the radar of detection for nearly a year. The ring used a string of seemingly unrelated malware attacks aimed at compromising everything from ATMs and money-transfers to retail point-of-sale systems.
The group, which Kaspersky calls Carbanak, is one the White House, the Federal Bureau of Investigation, Interpol and Europol, as well as numerous security firms, have been keen to learn more about, Golonvanov says. More at:
http://www.bankinfosecurity.com/interviews/new-details-about-1-billion-crime-ring-i-2582?
Cyberheist 'FAVE' LINKS:
This Week's Links We Like. Tips, Hints And Fun Stuff.
Purikura refers to Japanese photo booths that heavily edit your picture and print an instant version of a "perfect you" on a sticker. Armed with heavy makeup, Canadian native Micaela Braithwaite experiments:
https://aplus.com/a/purikura-experiment-japan-photobooths
WATCH: Magnetic silly putty eats a magnet. Weird, scary and there are more videos with magnetic putty fun:
https://boingboing.net/2015/02/20/watch-magnetic-silly-putty-ea.html