CyberheistNews Vol 6 #52 [ALERT] Scam of the Week: George Michael Dies at 53. Watch out for Phishing Attacks




CyberheistNews Vol 6 #52
[ALERT] Scam of the Week: George Michael Dies at 53. Watch out for Phishing Attacks

Yesterday, news broke that George Michael was found dead on Sunday at his home in Goring in Oxfordshire, England. He was 53. A police statement said: “Thames Valley Police were called to a property in Goring-on-Thames shortly before 2 p.m. Christmas Day. Sadly, a 53-year-old man was confirmed deceased at the scene. At this stage the death is being treated as unexplained but not suspicious.”

Mr. Michael’s manager, Michael Lippman, told The Hollywood Reporter that Mr. Michael had died of heart failure “in bed, lying peacefully.”

This is a celebrity death similar to Prince that the bad guys are going to exploit in a variety of ways. You have to warn your users right away that a series of scams are underway using the George Michael death as social engineering trick.

Earlier celebrity death scams show there will be a high click rate on scams that claim to show Michael's last words on video. Whatever ruse is being used, your users will wind up with either infected workstations at the house or in the office, giving out personal information or unleashing ransomware on the network. Give them a heads-up that especially now they need to Think Before They Click.

I would send your employees, friends and family something like the following. You're welcome to copy/paste/edit.

"Yesterday, news broke that pop star George Michael was found dead in his home in Oxfordshire, England. He was 53. Internet scum are going to exploit this celebrity death in a number of ways, so be careful with anything related to George Michael's death: emails, attachments, any social media (especially Facebook), texts on your phone, anything. There will be a number of scams related to this, so Think Before You Click!

For KnowBe4 customers, as you read this, there will be a new template "George Michael Dies at 53" in the Current Events campaign that I suggest you send to everyone more or less immediately.

If you are not a KnowBe4 customer yet, at times like this, it is very good to know what percentage of your users are vulnerable to emotional manipulations like this. We recommend you do your complimentary Phishing Security Test and find out what your phish-prone percentage of your users is.

https://info.knowbe4.com/phishing-security-test-chn

Let's stay safe out there.
You Need to Know the Top 10 IT Security Trends for 2017

I have been looking at the coming year and what trends you will probably see actually deployed in your network. These trends are the practical things that will help you to keep your network safer with improved defense-in-depth.
    1. A move from being defensive to a more proactive approach to IT security, for instance application firewalls that actually work and are easy to deploy.

    2. Machine learning that *works* spreads out to legacy endpoint security tools, and is able to do real-time payload analysis to prevent ransomware attacks.

    3. You will finally get affordable and smart enough network traffic analysis tools that will show if your network has been penetrated, combined with:

    4. Platforms that will show you understandable threat intelligence with analytics and reporting that will dramatically shorten the "dwell time" of hackers in your network.

    5. Breach prevention will get easier by automatic OS hardening utilities.

    6. Dedicated network tools will be able to do smart network segmentation and isolation to block hackers from getting to the crown jewels.

    7. You will be able to deploy much improved Enterprise Mobile Management products that are able to do proactive mobile protection.

    8. More intelligent Identity Management tools will be released that will allow you to secure IoT devices, services that are running, and end-users at the same time.

    9. A non-technical trend is that Boards will insist on significantly beefing up IT security policy and procedure, which will make your life significantly easier because you finally have air cover and budget for the things you knew you needed to deploy but got pushback on.

    10. Thousands of your peers have started phishing their own users in 2016 to keep employees on their toes with security top of mind. This will be the trend that catches fire in 2017 and tens of thousands of sites will deploy new-school security awareness training. More:
      https://www.knowbe4.com/
Six Steps to Improve Staff Security Awareness

Sarah Perry, CEO of SnapComms wrote at CIOreview: "Most of us would like to think we could easily spot a scam email. That we'd smugly press "delete" when a fake antivirus software alert, or another heart-wrenching foreign scam story, lands in our inbox.

Think again.

Increasing numbers of US workers are being drawn into the digital devil's lair. Average annual losses caused by cyber criminal activities now exceed 7.7 million dollars per organization."

With digital services at the heart of almost every business function nowadays; think marketing automation, customer relationship management and system logistics - the responsibility no longer rests with the IT team alone. Every employee has a duty to know the risks and exercise caution when working online.

CyberSecurity Ventures projects that cybercrime damages will cost the world 6 trillion dollars annually by 2021. That's a big number. More about that here:
http://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
  • Know what you're up against
  • Tailor content to different audiences
  • Simulate a phishing attack
  • Take a campaign approach
  • Engage using modern communication tools
  • Validate training
Excellent advice. Here is the whole (not too long) article - warmly recommended!
http://cybersecurity.cioreview.com/cxoinsight/six-steps-to-improve-staff-security-awareness-nid-23527-cid-145.html
Download Your Brand New KnowBe4 CEO Fraud Prevention Manual

CEO fraud has caused massive damage in 2016. Don’t be a victim in 2017...

CEO fraud has victimized more than 22,000 organizations and is responsible for over 3 billion dollars in losses. Despite these statistics, CEO fraud remains a blind spot for many C-level executives who quickly learn the consequences of a weak cyber-risk assessment.

In Part I, the manual provides a thorough overview of how executives (especially Finance) are compromised, how millions are siphoned off and the likelihood of recovery. Part II covers how to prevent such an attack and what to do if you become a victim.

You will learn more about:
  • What is CEO fraud?
  • Who is at risk?
  • How can it be prevented?
  • Resolution and restitution options
  • Checklist for CEO fraud response and prevention
Find out how you can proof your organization against this type of sophisticated fraud by creating a human firewall. Download here (PDF-16 pages):
https://info.knowbe4.com/ceo-fraud-prevention-manual-chn

Warm Regards,
Stu Sjouwerman

Quotes Of The Week
Laughter is the sun that drives winter from the human face. - Victor Hugo

The human race has one really effective weapon, and that is laughter. - Mark Twain


Thanks for reading CyberheistNews
Security News
Merry Cryptmas! CryptXXX Ransomware Offers Christmas Discount

The ForcePoint blog wrote: "Like us, cybercriminals enjoy the festive season and that can sometimes reflect in their malicious activities. In 2011 we saw a Zeus banking trojan Panel - a user interface for herding Zeus-infected machines - with a Christmas-themed background. This time Forcepoint Security Labs™ has noticed that the CryptXXX gang have started to offer Christmas discounts to victims who intend to pay ransom.

Also known as UltraCrypter, CryptXXX is one of the active ransomware families currently in the wild. Last June we reported CryptXXX as a malware payload originating from a compromised anime site that silently redirected to the Neutrino Exploit Kit. Upon infecting a system CryptXXX displays multiple ransom notes, such as the following." Full story here:
https://blogs.forcepoint.com/security-labs/merry-cryptmas-cryptxxx-ransomware-offers-christmas-discount
Turkish Bank Hit in SWIFT-Related Cyberheist

Turkey's Akbank was targeted in a financial fraud scheme involving the SWIFT global funds transfer system. The incident will cost the bank no more than US 4 million dollars, as any remaining losses would be covered by insurance. The bank says the December 8 attack did not compromise customer data.

In February, hackers used stolen Bangladesh Bank credentials to request the transfer of nearly 1 billion dollars from its correspondent account at the New York Federal Reserve and succeeded in moving 81 million dollars to four accounts in Manila.

But recent attacks involving criminals sending fraudulent payment instructions after gaining access to a bank's SWIFT interface, either by hacking or with the co-operation of local bank staff, underscore how its role as the backbone of international banking also presents a systemic risk.

Remember that these penetrations often start with phishing attacks. Full story at Reuters:
http://www.reuters.com/article/us-akbank-cyber-idUSKBN1450MC
Remain Paranoid, Err Vigilant, With Online Security in 2017

Article by Ryan Francis at CSO: "Remember those Nigerian prince scams? They almost seem quaint now, but 2017 might put a new spin on them that could set security awareness training back years.

Stu Sjouwerman, CEO of KnowBe4, calls the scam CEO fraud, saying it will be an epidemic equaling the ransomware plague we are suffering now. This time around these cyber gangs are really in Nigeria, but they have climbed up the criminal food chain and CEO fraud is their new focus.

“Train your high-risk users within an inch of their lives,” he warns. More:
http://www.csoonline.com/article/3151850/security-awareness/remain-paranoid-err-vigilant-with-online-security-in-2017.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
    • Snowboarder Casey Neistat soars over mountains and buildings with a drone that can lift a human:
      http://www.flixxy.com/would-you-let-a-drone-lift-you-in-the-sky.htm?utm_source=4

FOLLOW US ON: Twitter | LinkedIn | Google | YouTube
Copyright © 2014-2017 KnowBe4, Inc. All rights reserved.



Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews