 CyberheistNews Vol 6 #31 |
| [ALERT] Scam Of The Week: Illegal Game Of Thrones Download Phishing Attack |
.jpg)
Illegally downloading television shows and movies from a variety of torrent websites is done all the time. The HBO series, "Game of Thrones" is the #1 downloaded, not surprisingly.
This Scam Of The Week warns against phishing emails that look like a notice from IP-Echelon, which is the company that enforces copyright claims for companies such as HBO.
The twist in this case is that the attack is forwarded to them directly from their own current Internet Service Provider. For example this last month Cox Cable has been unwittingly sending these notices to targeted subscribers.
The phishing attack is a fake violation notice that IP-Echelon has determined that the person receiving the notice has illegally downloaded "Game of Thrones" or other copyright protected entertainment and that unless they pay a settlement within 72 hours, the matter will be turned over to their attorneys.
The victim is being directed to a website where they can pay up. People falling for this social engineering tactic end up paying to a cybercriminal.
I suggest you send the following to your employees, friends and family. You're welcome to copy/paste/edit:
There is a current email phishing scam going on where you get an official-looking email forwarded by your ISP, which states you have violated HBO copyrights and illegally downloaded Game of Thrones.
The email has a link to a website where they say you can pay the fine. Don't fall for it. The message was sent by cybercriminals and they would get any money you pay.
In general, it's a bad idea to illegally download shows and movies for two reasons. First, you are indeed violating copyrights which can turn out to be very expensive when you get sued. Second, the websites promising these downloads are often compromised and infect your computer with all kinds of malware.
If you receive such a notice and want to verify if this is for real or not, contact the real IP-Echelon directly which you can do here:
https://www.ip-echelon.com/contact-us/
Remember: Think Before You Click!
PS: If you are a KnowBe4 customer, we have a ready-made template that you can send to your users. It's called: "Game Of Thrones Copyright Violation Notice" and you can find it in the Current Events campaigns.
Want to see what other new templates were recently added? Here is the list:
https://blog.knowbe4.com/new-knowbe4-phishing-templates-a-summary-7/30/2016
Let's stay safe out there. Phish your users before the bad guys do.
Warm regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc.
|
| Kevin Mitnick: User Training Could Have Prevented DNC Email Hacks |
|
Great article in TechRepublic, in case you need ammo for budget. "Everyone from famed hacker Kevin Mitnick to the IEEE Computer Society agree that a little end user training goes a long way in preventing phishing attacks.
"Better computer training for members of the Democratic National Committee (DNC) could have prevented the phishing attacks that led to stolen emails, famed hacker turned security consultant Kevin Mitnick said.
"Phishing attacks, in which users are baited into clicking on malicious links or providing personal data to fake websites, are a common method used by black-hat hackers to infiltrate a network or commit financial crimes. White-hat researchers, working everywhere from companies like Mitnick's firm to major corporations, are emphasizing user training methods to prevent such incidents.
"It sounds like people at the DNC would be easy to phish and very easy to exploit," Mitnick speculated in an interview with TechRepublic. More:
http://www.techrepublic.com/article/kevin-mitnick-user-training-could-have-prevented-dnc-email-hacks/
|
| Stop By Our Booth #1566 At Black Hat |
|
Headed to BlackHat? Come say hi to KnowBe4 and enter to win an Oculus Rift! We will also have our experts onsite doing live demos.
|
| New Presidential Directive On Cyber Incidents |
|
The Obama Administration recently released Presidential Policy Directive-41 (PPD-41) on United States Cyber Incident Coordination. This directive establishes a unified federal government response to potential cyber incidents and highlights the important role that the FBI plays in cyber incident response. PPD-41 not only sets forth principles that will govern the federal government’s response to any cyber incident but also develops architecture for how different agencies will coordinate and interact.
PPD-41 directs a unified federal government strategy for cyber incident response which incorporates several key principles: utilization of the unique skills, authorities, and resources of each agency; assessment of the risks posed to U.S. security, safety, and prosperity; and a focus on enabling the restoration and recovery of the affected entity.
My take? I read through the whole thing. Considering the fact that the internet is fundamentally broken, and is an inherent security risk for any organization relying on it, this new policy is nothing more than a complicated band-aid after incidents have occurred. Labeling the severity of an incident does nothing for the victims. I do not see any real benefit here. You are still on your own when it comes to protecting your network.
|
| Cisco: "Ransomware 2.0 Is Around The Corner And It's A Massive Threat To The Enterprise" |
|
Teena Maddox over at TechRepublic wrote: "The profits from ransomware are making it one of the fastest growing types of malware and new versions could negatively impact entire industries, according to a Cisco report." I do not know of better ammo to get more InfoSec budget:
"Despite the efforts made to improve cybersecurity at many organizations, there are too many systems with aging infrastructure and vulnerabilities that leave companies at risk, with ransomware one of the most sinister threats, according to a new Cisco report.
Ransomware is a top concern because it's become an area of intense focus for cybercriminals due to its effectiveness at generating revenue. Once a cybercriminal hacks into a company's files and encrypts them, victims have little option but to pay the asking price for the code to decrypt their files. Ransomware is becoming more ominous as new versions are continually being developed.
"The landscape is simple. Attackers can move at will. They're shifting their tactics all the time. Defenders have a number of processes they have to go through," said Jason Brvenik, principal engineer with Cisco's security business group, discussing the Cisco 2016 Midyear Cybersecurity Report. Here is the full article:
http://www.techrepublic.com/article/ransomware-2-0-is-around-the-corner-and-its-a-massive-threat-to-the-enterprise/
|
| Don’t Miss The August Live Demo: New-School Security Awareness Training |
|
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.
Join us on Wednesday, August 10, 2016, at 2:00 p.m. (EDT) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:
- Send Phishing Security Tests to your users and get your Phish-prone percentage.
- Roll out Training Campaigns for all users (or groups) with automated follow-up emails to “nudge” incomplete users, as well as point-of-failure training auto-enrollment.
- Advanced Reporting to watch your Phish-prone percentage drop, with great ROI.
- NEW EZXploit™ functionality that allows an internal, fully automated "human pentest”.
- NEW USB Drive Test™ allows you to test your user’s reactions to unknown USBs found.
Find out how thousands of organizations have mobilized their end-users as their last line of defense. Register Now:
https://attendee.gotowebinar.com/register/6239792635420875265
|
Warm Regards,
Stu Sjouwerman |
|
|
|
