CyberheistNews Vol 6 #12 Scam Of The Week: TurboTax Phishing Attack

CyberHeist News CyberheistNews Vol 6 #12
Scam Of The Week: TurboTax Phishing Attack
Stu Sjouwerman

It's tax season and the bad guys are in full swing. They try to get your Accounting or HR team to send over the W-2s of all employees, but they also target employees in the office and/or at the house. There is a current phishing scam going around you need to warn your employees, friends and family about.

TurboTax is a very popular online tax preparation site, and at the moment the bad guys have massive campaigns going that look like they come from TurboTax. The subject is about "important privacy changes". They want people to click on the link to "opt out" of having their personal information shared, but that's an obvious social engineering trick.

I would send the following to your employees, friends and family.

"At the moment, there is a massive phishing scam that looks like it comes from TurboTax. The email tries to make you click on a link to "opt out" of sharing your personal information with others.

The email is a scam, if you click on the link it will download key logger malware which will steal your identity from your computer or phone.

Remember the following things:

    • Always have your Internet Security software updated, but do not rely on it.
    • Always keep all of your software up to date with the latest patches, computer and phone.
    • Never click on links in emails or text messages unless you are sure it's legit. For instance, if you want to go to TurboTax, visit their website directly by typing their address in your browser.

    • Think Before You Click! Always take a second to ask yourself if this might be a scam."

Let's stay safe out there.

NEW SURVEY: Even If You Don't Pay, Ransomware Attacks Are Very Expensive

According to a new survey by Intermedia called "2016 Crypto-Ransomware Report", ransomware attacks are increasingly targeting larger companies, costing them dearly. Employees are usually locked out for days after an attack, and often the cleanup process causes extensive downtime.

Cyber mafias who infect workstations with their latest ransomware strain often don't get the money they demand - but that doesn't mean that the victim doesn't end up paying one way or another.

Paying the ransom itself was not cited as having the biggest business impact of ransomware attacks, falling far behind the cost of data recovery, reduced statistics, lost sales, missed deadlines, and troubled employees. The cost of the ransom was also behind the cost of the downtime and the breach of sensitive information as a top concern of a ransomware attack.

When IT experts were asked what industry had the most to lose in ransomware attacks, 31 percent chose the legal industry, while twice that amount cited the finance and banking sector. Just under half also indicated Information Technology industry and the government.

Is A Ransomware Infection Equivalent To A Data Breach?

Ransomware is rapidly becoming a nightmare for IT pros, however it has not hit the #1 spot yet.

  • 24% cited ransomware was the top security headache.
  • 54% cited spyware and credit card breaches.
  • 65% cited hacking and privacy breaches.

The jury is out on the determination if a crypto-ransom infection constitutes a data breach. Lawyers are fighting about this issue at the moment.

Over 60 percent of IT pros were at least moderately concerned about ransomware attacks on their networks in 2015, and expect to see an increase in ransomware attacks in 2016.

A surprising 43 percent of those surveyed admitted they have at least one user who fell victim to a ransomware attack. Just under 30% of attacks affected between three and 20 employees, while slightly under a quarter effected 20 to 100+ employees, obviously where a network drive got hit. It’s important that IT pros send simulated phishing tests to employees so they know what to look for.

Downtime Caused By Ransomware Attacks

"Ransomware attacks are becoming more frequent due to the increasing processing powers of computers – which allows criminals to encrypt files in only a few hours – and the rise of anonymous payment systems such as the untraceable Bitcoin," said Ryan Barrett, vice president of security and privacy at Intermedia.

And the disruption and burdens caused by ransomware attacks, he added, is more often measured in days than dollars. Almost all employees (96 percent) were locked out of their files for at least one day due to ransomware, while 72 percent were locked out for at least two days and 61 percent for at least three. By five days, only 32 percent of users were still unable to access their data.

In most cases, cyber criminals stuck to their word: 71 percent of IT professionals reported that files were restored after payment. In KnowBe4's experience, this is closer to 95% of successful decryption after payment.

To Pay Or Not To Pay

“When clients choose to pay the ransom, it’s likely because the files are confidential and crucial to the business, and because they don’t have the proper business continuity tools in place,” Barrett said. “Downtime is a huge threat to businesses of all sizes, and when a business continuity plan is not in place, businesses are often desperate to get back up and running as fast as possible. Businesses also must understand that paying the ransom doesn’t guarantee they’ll get their files back.”

Again, KnowBe4's experience is that cyber mafias are very concerned with their reputation and even provide tech support to decrypt the files. We have dealt with dozens of infections and 95% were able to get their files back.

I'm interviewed in an article at DarkReading that summarizes the 2016 ransomware explosion which explains the reason for this growth: big cyber mafias muscling into the ransomware racket:

Obviously having weapons-grade backups is crucial these days, but preventing the downtime by having security awareness trained employees is much more cost effective. Send a simulated phishing attack to your own employees and find out the Phish-prone percentage of your users as your first step. Get started here:

FBI and Microsoft Warn Against Hybrid Targeted
Ransomware Attack

The FBI and Microsoft have issued a new alert, warning of hybrid targeted ransomware attacks that attempt to encrypt an organization’s entire network. This is a new approach where criminal hackers penetrate the network, wipe out all backups, and infect all key machines with ransomware. They use a little-known strain of ransomware called "Samas" which was first discovered in 2014. The majority of infections are detected in North America, and a few instances in Europe.

It is not clear yet if the current attack starts with phishing emails which infect a single workstation with ransomware and a Trojan that allows the hackers into the network, or if the network gets penetrated first and subsequently gets infected. It could very well be that both attack vectors are used, as Microsoft states that first an attack-scan gets launched, looking for vulnerabilities, and then malware gets deployed using the PSEXEC tool. Click here to see the full schematic:

New Phishing Templates Added

Here is a quick update for the thousands of KnowBe4 customers. We have added a dozen new phishing templates in the past few days. All are based on actual bad guy phishing emails seen in the last 2 weeks. At least one is less than 24 hours old. Most are under the new "Attachments with Macros" category, but we also added March Madness templates in Current Events. Find the list at the KnowBe4 blog and inoculate your employees ASAP:

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"A problem well stated is a problem half-solved."- Charles Kettering

"We cannot solve our problems with the same thinking we used when we created them."- Albert Einstein

Thanks for reading CyberheistNews

Security News
Phishing, W-2 Scams Will Boost 2016 Income Tax Fraud Losses To 21 Billion Dollars

Doug Olenick, Editor of SC Mag had it right: "With Tax Day now just one month away income tax scammers are working overtime to separate hard working tax payers from their yearly refund, employing primarily a single tried and true method, but with a few new wrinkles added in for 2016.

The IRS is estimating income tax fraud will cost American taxpayers about 21 billion dollars in 2016, up from around 6 million dollars in 2014. This huge sum of money will be stolen in a variety of ways, such as falsely filed tax returns, convincing people they owe money for back taxes or tricking them into send personally identifiable information that is then sold.

The one constant in these attacks is the method used to start the process: phishing scams. See the article here:

Customers Write Us: "New Type Of Scam"

Terry, one of our customers sent me this:

"Each week, we receive a report from ProofPoint, our anti-spam and email anti-virus Cloud software. This last week, our email server received 69,000 emails. About 23,400 emails were blocked (12,000 contained harmful attachments, 4,000 contained known viruses, and 10,000 emails were known spam).

Even blocking nearly a third of the known bad emails, some will wind up in your quarantine, and some will wind up in your inbox.

Lately, criminals have been able to take over mailboxes of people you might know and send you a site to download a file. An employee of Department of Insurance and one of our contracted outside firms had this happen.

The criminals will log in the compromised mailbox and then send a link to all the people in the victims contact list to download a file. The criminals will monitor the mailbox, so when you ask if your contact sent you the file to download, the criminal will answer “yes.” Needless to say, if you go forward you will wind up infecting your computer, and you might be tricked into giving out your own email password! (And yes, it’s happened to someone on our email system and even I infected a computer researching the scam!!). The emails are well-constructed and look real!

If you receive an email from someone with an attachment you’re not expecting, or doesn’t quite make sense, call them on the phone before you open it! Asking by email isn’t enough. When I called the DOI employee, I found out she was out of the office for a week.

As always, if you’re not sure, don’t open the attachment and let us know.

Thanks, Terry"

Get A Master Of Cyber Security And Information Assurance

With demand at an all-time high, Southern Utah University’s Master of Cyber Security and Information Assurance has a program you might want to check out. This program focuses on the design and management of systems tasked with defending networks from external threats, such as terrorism.

Students will gain experience in counter intelligence, defense, homeland security, and law enforcement, thereby producing graduates with a multifaceted skill-set.

  • 100% online
  • One of the most cost effective programs in the nation (Less than 20,000 dollars for the entire degree)
  • 33 credits can be completed in 1 year
  • Earn industry certifications along the way
  • Do not need prior experience to start the program
  • Classes designed by professionals in the field who provide training for organizations such as the CIA, USSS, and the Israeli Federal Police

Check out more here:

Chinese Hackers Behind U.S. Ransomware Attacks - Security Firms

Reuters was the first out with a story about criminal Chinese hackers also trying to get into the ransomware racket. They started out with: "Hackers using tactics and tools previously associated with Chinese government-supported computer network intrusions have joined the booming cybercrime industry of ransomware, four security firms that investigated attacks on U.S. companies said. More:

Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews