CyberheistNews Vol 6 #2 Scam Of The Week: Fantasy Football Site Hacked



For this Scam Of The Week, we decided to go out on a limb and run a "What If" scenario" on an attack that we think is very likely. 


blog-chn.jpg
Scam Of The Week: Fantasy Football Site Hacked
Stu Sjouwerman

For this Scam Of The Week, we decided to go out on a limb and run a "What If" scenario" on an attack that we think is very likely.

In 2015 fantasy sports sites like DraftKings and FanDuel caught the attention of states' attorneys general, who wanted to treat the outfits as gambling enterprises.

Americans are spending a huge $15 billion in fantasy sports today. These sites are a super rich hacking target as they have a lot of personal information like credit card numbers, physical addresses, email addresses, and they're moving a lot of dollars around in betting.

Well, let's take that one step further, what would happen if they have already been penetrated? It takes an average of 210 days to discover a hack. That means all this data might already be out there for sale on the Darknet or bought by other cyber criminals who may use it for phishing attacks.

So, this week we are going for a possible scenario where DraftKings and/or FanDuel have been hacked and your employees are receive phishing attacks using that information. We suggest you send them the following email as a heads-up and general security awareness email.

"One of the few types of sites that have not announced a data breach yet are Fantasy sports sites like DraftKings and FanDuel. However, these sites have a target on their back because they move a lot of money around and it is likely they will be hacked.

When you receive an email that looks like it comes from either one of these sites, be very careful to not click on any links or open attachments. As with any other site that you visit often, be very alert for phishing attacks. Visit the site using your browser, type the address in the browser address bar or use a 'favorite button' you put in yourself. Do not use a link in an email to go to the site. Start 2016 by being safe on the Internet: Think Before You Click."


For KnowBe4 customers, we have two new templates in the Online Services section for both FanDuel and DraftKings which we recommend you send to your employees to inoculate them against future attacks like this.

Don't Miss The January Live Demo: New School Security Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Wednesday, January 13 at 2:00 p.m. (EST) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform and see how easy it is to train and phish your users:

  • Send Simulated Phishing tests to your users and get your Phish-prone percentage.
  • Roll out Training Campaigns for all users (or groups) with automated follow-up emails to "nudge" users who are incomplete on the training.
  • Point-of-failure training auto-enrollment.
  • NEW Phish Alert Button for Outlook so employees can report phishing attacks.
  • NEW Advanced Reporting to watch your Phish-prone percentage drop, with great ROI.

Find out how more than 2,500 organizations have mobilized their end-users as their first line of defense. Register Now:
https://attendee.gotowebinar.com/register/4207198052493900546

What Our Customers Have To Say About Us

"Stu, thanks for your follow up. I have to say that I am impressed with all of the follow up I have received from KnowBe44 since we first signed up.

Being a very busy department it is easy to put things on the 'back burner' to deal with later; but the problem is a month goes by which seems like a week. The follow up we received initially from Violet kept us from getting too far behind with our initial training.

The control panel interface is well designed and intuitive. The training content is good. I received feedback from a few of our users thanking me for the training opportunity and stating that they were "enlightened". We are happy with KnowBe4. Keep up the good work!

Thank you, Eric"

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"The mind is the limit. As long as the mind can envision the fact that you can do something, you can do it, as long as you really believe 100 percent."- Arnold Schwarzenegger (Born 1947)

"The day science begins to study non-physical phenomena, it will make more progress in one decade than in all the previous centuries of its existence."- Nikola Tesla (1856 - 1943)


Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/ ADD ADD ADD ADD ADD


Security News
Security Awareness Training – The Numbers

If you are not sure if you need end-user security awareness training, InfoSec Cloud created 12 handy stats that are great ammo to get budget approval. Here are the first 6, the other six are on their site, with source links included:

    • #1 - Yes it only takes one click by a vulnerable IT user to compromise your network.

    • 50% - Over half of internet users receive at least one phishing email per day.

    • 74% - of internet users would download a potentially malicious file, because they lack the ‘cyber-savviness’ they need to spot dangers online:

    • 60 seconds - RSA identifies a phishing attack every minute.

    • 97% of people around the globe cannot identify a phishing email.

  • 1 in 25 - On average, users click on one in every 25 malicious messages, with click rates doubling year-on-year for middle managers.

- See the other six at:
http://www.infosec-cloud.com/security-awareness-training-the-numbers/

SANS Announces The January Issue Of OUCH!

"We are excited to announce the January issue of OUCH! This month, led by Guest Editor Lori Rosenberg, we focus on securing your new tablet. With the holidays over, we figured this was the perfect time for people to secure all of their new mobile devices. As such, we ask you share OUCH! with your family, friends and coworkers." English Version (PDF):
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201601_en.pdf

Overcoming Stubborn Execs For Security Sake

Read why Bob Violino says that overcoming stubborn executives is a must for IT security on CSO Online. Even with the greater awareness for strong security within organizations—and the high-profile hacks that have contributed to that increased awareness—security executives still encounter significant hurdles in doing their jobs to protect data and systems. Read his full article here:
http://www.csoonline.com/article/3019794/data-protection/overcoming-stubborn-execs-for-security-sake.html


Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff









Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews