CyberheistNews Vol 7 #19 [ALERT] FBI: "CEO Fraud Is Now a 5.3 Billion Email Scam"



CyberheistNews | KnowBe4

CyberheistNews Vol 7 #19
[ALERT] FBI: "CEO Fraud Is Now a 5.3 Billion Email Scam

There is no better budget ammo for new-school security awareness training than this.

Attempts at cyber wire fraud, using spoofed email to impersonate a C-level executive or trusted business associates, surged in the last seven months of 2016, the FBI said in a May 4, 2017 warning.

Cyber criminals tried to steal 5.3 billion dollars through schemes what the FBI calls "business email compromise" -- also known as CEO fraud -- in a new report at its Internet Crime Complaint Center.

The figure is up sharply from previous FBI reports which showed cyber scammers attempted to steal $3.1 billion from October 2013 through May 2016.

The Number of Cases Doubled

The number of business-email compromise cases, in which cyber criminals request wire transfers in emails that look like they are from senior corporate executives or business suppliers who regularly request payments, almost doubled from May to December of last year, rising to 40,203 from 22,143, the FBI said.

The survey does not track how much money was actually lost to criminals. However, the FBI said that about one in four U.S. victims respond by wiring money to fraudsters. Victims have about 24 hours to try to claw back the money, but if it gets past that deadline, the risk of losing everything is high because the bad guys have likely cashed out by that time.

Incidents Known to FBI Are Just 20% of Total

Robert Holmes, a Proofpoint Inc, business email compromise researcher estimates that the incidents known to the FBI are just 20 percent of the total, and that total actual losses could be as much as double the figures reported.

"The losses are growing as scammers become more sophisticated, delving deeper into corporate finance departments to find susceptible targets. This is not a volume play; it’s a carefully researched play," he said.

The United States is by far the biggest target market, though cyber gangs have started to expand in other countries like Australia, the U.K., France and Germany, Holmes said.

The U.S. Department of Justice said in March that it had charged a Lithuanian man with orchestrating a fraudulent email scheme that had tricked agents and employees of Facebook and Google into wiring more than $100 million to overseas bank accounts.

CEO Fraud Prevention Manual Download

CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim. Includes two handy resources:

• CEO Fraud Prevention Checklist
• CEO Fraud Response Checklist

Click Here To Download The Manual: (16-page PDF)
https://info.knowbe4.com/ceo-fraud-prevention-manual
Ransomware Scum Decide What You Have to Pay by Reading The Economist

Russian organized cybercrime now has a surprising method of determining how much to extort you for – the Big Mac index from The Economist.
Security firm Recorded Future blogged that in March, a user of a Russian cybercrime forum promoted a new RaaS (ransomware-as-a-service product) called “Fatboy.” Both parties receive instant transfer of funds once the ransom is paid, so far everything is fairly normal.

Now, here is the twist. The ransom is determined by the Big Mac Index created by The Economist. The Big Mac Index is a guide as to whether or not currencies are correctly valued according to purchasing power of specific goods – in this case, a McDonald’s hamburger. The index reflects those areas globally that have a higher cost of living.

The tool, which The Economist states was originally designed as a lighthearted attempt to gauge currency misalignment, has become a global standard for measuring international purchasing power parity.

This is done by determining the victim's IP, detecting the country to which that IP is assigned, and then using the Big Mac Index to show the final ransom sum.

The victims of Fatboy RaaS who live in higher cost of living areas are extorted a higher amount of ransom to unlock their files. So, infection victims in Switzerland or Norway receive a higher ransom demand compared to targets in Ukraine or Egypt.

Tech Support Through Jabber

The Fatboy ransomware partnership links an interested party directly with the author of the malware, without third-party interference. As part of the partnership, users can receive assistance and support from the malware author directly through Jabber.

Fatboy is promoted as a C++ CryptoLocker with multi-language user interface, and encrypts every file on a workstation plus any available network folders. A new Bitcoin wallet is generated for each infected device, and the code removes itself once payment is received.

Diana Granger, technical threat analyst at Recorded Future says Recorded Future has no data on usage of Fatboy, nor how much exactly its ransom amounts vary by country. From the standpoint of its core functionality, Fatboy is similar to the many other data encryption ransomware tools in the wild. "The automatic rate adjustment and direct partnership is what differentiate it," she says.
NEW: Download the "Weak Password Test" Utility

How weak are your user’s passwords? Are your user’s passwords... P@ssw0rd?

Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks.

KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. WPT tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.

Here's how Weak Password Test works:
  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!
This will take you 5 minutes and may give you some insights you never expected!

Download Now:
https://info.knowbe4.com/weak-password-test-chn
Healthy Security Cultures Eat Lots of Phish

Lance Hayden at CSO wrote: "Our company got hit with the Google Docs phishing scam along with many others. Our security culture protected us from harm.

"Our director of marketing caught the first one.'Hey, check this out,' he wrote at the top of the forwarded email. Beneath was a quick message letting him know that one of his contacts had shared a Google doc with him. The email looked squirrelly, not least due to a recipient email that was nothing but a string of h's.

It's always great when someone in the company forwards a suspicious email to me, especially since that's what I've asked everyone to do over a year-long course of phishing awareness training. But the director of marketing is very tech savvy and has a security background of his own, so I would have expected nothing less.

I hadn't seen any weird emails myself, but as I looked into the forwarded note there were the first rumblings on the internet of what quickly turned into the Google Docs Scam. But several funny (and quite gratifying) things happened as I started crafting out my warning to our users.

First, I got beat to the punch

In the 30 minutes after I got the first forwarded email, I received half a dozen more from people all over the company, most of whom have little security background. They were not aware of the Google Docs scam, but they did know a hinky email when they saw one in their inbox. From our sales managers to our CEO, different people forwarded emails they were receiving and wanted to know if they were legit or if I (or someone else) was trying to phish them."

Full article at CSO:
http://www.csoonline.com/article/3194929/leadership-management/healthy-security-cultures-eat-lots-of-phish.html

More Users Spot Google Docs Phish

A KnowBe4 customer sent us this: "I also just wanted to share a little success story with you. Seven of our users were targets of the Google Docs phishing attack that happened the other day.

I feel that largely due to their KnowBe4 Training and the monthly testing that we do, 5 of the 7 who received it immediately e-mailed or talked to me because they felt it was suspicious even though it came from someone they thought they recognized. The other 2 hadn’t looked at it until after I sent out a warning e-mail to everyone. 100% prevention thanks to awareness training!"" Thanks - RR
Don’t Miss the May Live Demo: Simulated Phishing and Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Wednesday, May 10, 2017, at 2:00 p.m. (EDT) for a 30-minute live product demonstration of KnowBe4’s Security Awareness Training and Simulated Phishing Platform to see the latest features and how easy it is to train and phish your users:
    • NEW Social Engineering Indicators patent-pending technology, turns every simulated phishing email into a tool IT can use to instantly train employees.
    • NEW Access to the world's largest library of awareness training content through our innovative Module Store.
    • Send Simulated Phishing tests to your users during specified business hours with "Reply-to Tracking" that shows you which users fall for spoofed emails and what they answer to the bad guys.
    • Active Directory Integration allows you to easily upload, sync and manage users, set-it-and-forget-it.

    • Reporting to watch your Phish-prone percentage drop, with great ROI.
Find out how 9,000+ organizations have mobilized their end-users as their last line of defense.

Register Now: https://attendee.gotowebinar.com/register/2522614307877554691

Warm Regards,
Stu Sjouwerman

Quotes of the Week
"I choose totally by instinct. And the only time I've ever gone against my instincts, I've regretted it."
- Julia Roberts

"Trust your own instinct. Your mistakes might as well be your own, instead of someone else’s." - Billy Wilder



Thanks for reading CyberheistNews
Security News
Human Weakness Enabling Financial Cybercrime

A Boston police detective told the Boston Fed’s 2017 Cybersecurity Conference that one reason cybercrime is rampant is because victims make it too easy.

Taylor Amerding at CSO wrote: "It may be time for a revision of, “the customer is always right,” at least in the financial sector.

That, Boston Police Detective Steven Blair told an audience of bankers at the Boston Fed’s 2017 Cybersecurity Conference on Monday, is because too many banking “customers” are fraudsters, who take advantage of the generally laudable desire of front-line employees to provide good customer service.

Attendees had heard Kenneth Montgomery, first vice president and COO of the Boston Fed, say earlier that cybersecurity is now, “the number-one operational and enterprise issue” for the financial sector. He said the worldwide costs of cybercrime are estimated at $3 trillion annually now, and expected to double by 2021." More:
http://www.csoonline.com/article/3193706/data-breach/human-weakness-enabling-financial-cybercrime.html?
Behold, the Spear Phish That Just Might Be Good Enough to Hook You

"To understand why Carbanak is one of the Internet's most skilled and successful criminal groups, consider the recent spear-phishing campaign it used to infect computers in the hospitality and restaurant industries with malware that steals banking credentials.

One variation started with an e-mail threatening a lawsuit because a visitor got sick after eating at one of the company's restaurants. To increase the chances the attached Microsoft Word document is opened, the attackers personally follow up with a phone call encouraging the recipient to open the booby-trapped file and click inside.

The attacker calls back a half-hour later to check if the recipient has opened the document. The attacker immediately hangs up in the event the answer is yes." Full story at Arstechnica:
https://arstechnica.com/security/2017/05/spear-phishing-is-getting-good-enough-to-hook-even-savvy-users/
Flagging Treacherous Ground: Converting Security Liabilities Into Assets

Once a month, I write a blog post for SC Media, a dedicated IT security publication. In this one, we categorize ten phishing genres, and how end-users are tricked.

Despite the increasing sophistication of phishing campaigns over the past few years, we have noticed that the majority of phishing emails that customers share with us via the Phish Alert Button (PAB) fall into a small number (roughly ten) of what we have coined as a new term: "phishing genres." Users who learn these genres will be better equipped to recognize when they are dealing with a potentially malicious email. Here is the full post:
https://www.scmagazine.com/flagging-treacherous-ground-converting-security-liabilities-into-assets/article/652222/
Thieves Drain 2FA-Protected Bank Accounts by Abusing SS7 Routing Protocol

In January, thieves exploited SS7 weaknesses to bypass two-factor authentication banks used to prevent unauthorized withdrawals from online accounts, the German-based newspaper Süddeutsche Zeitung reported.

The unidentified attackers exploited weaknesses in Signalling System No. 7, a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks inter-operate.

Specifically, the attackers used SS7 to redirect the text messages the banks used to send one-time passwords. Instead of being delivered to the phones of designated account holders, the text messages were diverted to numbers controlled by the attackers. The attackers then used the mTANs—short for "mobile transaction authentication numbers"—to transfer money out of the accounts.

The interception of the mTANs came only after attackers had compromised bank accounts using phishing and traditional bank-fraud Trojans. These Trojans infect account holders' computers and steal the passwords used to log in to bank accounts. From there, attackers could view available balances, but they were prevented from making transfers without the one-time password the bank sent as a text message. More:
https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/
Other Interesting News Items This Week

Top 10 Most Dangerous Phishing Attack of the Week:
https://blog.knowbe4.com/top-10-most-dangerous-phishing-attacks-of-the-week

Cyber Security: “We have met the enemy and it is us.”
https://blog.knowbe4.com/we-have-met-the-enemy-and-it-is-us

World Password Day (First Thursday in May) Reminds Us to Examine Our Weakest Security Link:
http://www.itbusinessedge.com/blogs/data-security/world-password-day-reminds-us-to-examine-our-weakest-security-link.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
    • Here is your 7-minute Virtual Vacation: Hiking the 2,600 mile Pacific Crest Trail, 3 seconds at a time:
      https://vimeo.com/78531041

FOLLOW US ON: Twitter | LinkedIn | Google | YouTube
Copyright © 2014-2017 KnowBe4, Inc. All rights reserved.



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews