CyberheistNews Vol 6 #10 [ALERT] IRS Warns Against Widespread CEO Fraud W-2 Phishing Scam



CyberHeist News CyberheistNews Vol #6 10
[ALERT] IRS Warns Against Widespread CEO Fraud W-2 Phishing Scam
Stu Sjouwerman

OK, Heads Up! This tax season there is a widespread new scam that specifically targets your HR and Accounting professionals. They get an urgent email from "the CEO" who asks them for all W-2 information of all employees. People are falling for this in droves. The reports are coming in by the hundreds and even the IRS has put out an alert about this scam. If they are jumping in you know it's serious.

DO THIS FIRST

So, before anything else, I strongly suggest you warn your Accounting and HR teams NOW that there is a new strain of CEO Fraud asking for W-2s. Tell them to watch out for fraudulent emails asking for W-2 information, and to always verify requests like that using something other than email (phone, text). Warning these teams immediately may prevent a host of expensive problems.

There is a more detailed post at the KnowBe4 blog, with links to recent cases, the IRS alert and a PDF called "Social Engineering Red Flags" which is a great (no cost) job aid that you should forward to HR and Accounting. Do this now:
https://blog.knowbe4.com/irs-warns-against-a-widespread-ceo-fraud-phishing-scam

10 Reasons Why Phishing Attacks Are Nastier
Than Ever

Roger Grimes, very well known author and IT security guru wrote another great article about phishing. He started out with: "Forget Nigerian princes -- today’s spearphishing is sophisticated business, fooling even the most seasoned security pros.

He breaks down the reasons why these attacks are so effective and how people get social engineered. He then explains what you need to do to mitigate this new threat. This is a very good article, also to forward to management if you need budget, it makes a very strong case to train employees:
http://www.csoonline.com/article/3003082/advanced-persistent-threats/10-reasons-why-phishing-attacks-are-nastier-than-ever.html

Don't Miss The March Live Demo: New-School Security Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Wednesday, March 9 at 2:00 p.m. (EST) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform and see how easy it is to train and phish your users:

  • Send Phishing Security Tests to your users and get your Phish-prone percentage.
  • Roll out Training Campaigns for all users (or groups) with follow-up emails to “nudge” users who are incomplete on the training.
  • Point-of-failure training auto-enrollment.
  • NEW Phish Alert Button for Outlook so employees can report phishing attacks.
  • NEW Advanced Reporting to watch your Phish-prone percentage drop, with great ROI.

Find out how thousands of organizations have mobilized their end-users as their first line of defense in just 30 minutes. Register Now:
https://attendee.gotowebinar.com/register/7563326455549377539

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"It had long since come to my attention that people of accomplishment rarely sat back and let things happen to them. They went out and happened to things."
- Leonardo da Vinci

"The natural desire of good men is knowledge."- Leonardo da Vinci


Thanks for reading CyberheistNews


Security News
The Biggest Cyberthreat to Your Bank Might Be Sitting Next to You

American Banker wrote: "In the battle against cybercrime, investing in people is just as important as investing in technology.

Cybercriminals are increasingly targeting individual bank employees to get access inside the organization, observers say. To protect their institutions, bank executives need to instill cybersecurity into their cultures.

"Unfortunately it's not just a case of having better technology, or just installing a smarter firewall and it all goes away," said Chris Thompson, a managing director in the finance and risk practice at Accenture, which recently issued a report on the topic. "People are often the weakest link, whether that is the bank's own employees or third-party vendors." Cybercriminals "are increasingly using social engineering to steal people's credentials."

This article has a lot of very good data about humans being the weak link in IT security and what to do about it, like using mock phishing scams to see how employees respond:
http://www.americanbanker.com/news/bank-technology/the-biggest-cyberthreat-to-your-bank-might-be-sitting-next-to-you-1079599-1.html

Cybersecurity No Longer Merger Afterthought

A powerful argument to help you get more IT security budget...

For a while now, I have been giving presentations to groups of Bankers focusing on the topic of cybersecurity related to mergers and acquisitions. This perspective is now penetrating into the mainstream, and here is an article in CSO Online about the very same topic. They wrote: "As little as four years ago, only about a third of companies considered cybersecurity when planning a merger. Today, that percentage has flipped.

"When you look at mergers where one big company buys another big company, I'd estimate that the cybersecurity teams do get involved about 60 percent of the time prior to the acquisition being executed," said John Pescatore, director of emerging trends at SANS Institute.

It's only going to take a little while longer for this to filter down to Medium and Small business. And that is what makes this so important to help you get budget approval for IT Security. The total value of the business may be severely impacted if you are the victim of a hack and valuable data has been exfiltrated.

Cybersecurity is both tactical and strategic, and at this point can dramatically affect the valuation of the whole company. Now THAT should wake up any business owner to the immediate need for more budget. More:
http://www.csoonline.com/article/3039413/security/cybersecurity-no-longer-merger-afterthought.html

SANS March Issue Of OUCH!

"We are excited to announce the March issue of OUCH! This month, led by Guest Editor Lenny Zeltser, we focus on malware. Specifically, what malware is and the key steps you can take to protect yourself against it. (Hint: it's not just anti-virus software.) As such, we ask you share OUCH! with your family, friends, and coworkers."

English Version (PDF):
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201603_en.pdf


Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff
    • Be Amazed By This Marvelous Music Machine, Powered By 2,000 Marbles: I love this thing, watched it at least 5 times! P.S. Wintergatan means Milky Way in Swedish. Enjoy, this guy is a genius:
      https://www.youtube.com/watch?v=IvUU8joBb1Q
    • Guy Shows You How A Gun Safe Works, And Then Picks It With A Paperclip. Devastating. If you leave it running, there are more gun safe hacks:
      https://vimeo.com/157475085



Subscribe To Our Blog


Cybersecurity Awareness Month 2022 Free Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews