CyberheistNews Vol 9 #29 Scam of the Week: Microsoft OneNote Audio Note Phishing Emails

CyberheistNews Vol 9 #29
Scam of the Week: Microsoft OneNote Audio Note Phishing Emails

Phishing scammers are coming up with more innovative methods to convince their targets to provide login credentials. Such is the case with a new OneNote Audio Note phishing campaign that is currently underway.

Bleepingcomputer reported that: "This campaign comes in the form of an email with the subject "New Audio Note Received" and claims that you have received a new audio message from a contact in your address book. In order to listen to the message, though, you will need to click on a link to listen to it.

Of particular interest is that the phishing scammers are now commonly including footer notes stating the email is safe as it was scanned by a security software. In this case, the email states it was "Scanned by McAfee Ultimate 2019 Antivirus Scanning Service for Microsoft".

When you click on the "Listen to full message here" link, you will be brought to a fake OneNote Online page hosted on This page states that "You have a new audio message" and then prompts you to click on a link to listen to it.

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:

ALERT: Internet Criminals are sending phishing attacks where they try to trick you into listening to a fake "Audio Note". They show you screen shots and attempt to scam you into clicking on links or even log into a fake Microsoft login page.

For Microsoft accounts and logins, it is important to remember that Microsoft login forms will just be on,,, and domains only. If you are presented with a Microsoft login form from any other URL, avoid it and only use your normal bookmarks to go to these sites.

Screen shots and links at the KnowBe4 blog:

For KnowBe4 customers, we have added a template simulating this attack that sits in the Current Events category it's called "Microsoft/OneNote: New Audio Note Received".

RELATED NEWS: An Amazon Phishing Scam Hits Just in Time for Prime Day:

Let's stay safe out there.
[LIVE WEBINAR] Hacking Your Organization: 7 Steps Bad Guys Use to Take Total Control of Your Network

The scary fact is that human error is a contributing factor in more than 90% of breaches. With so many technical controls in place hackers are still getting through to your end users, making them your last line of defense. How are they so easily manipulated into giving the bad guys what they want? Well, hackers are crafty. And the best way to beat them is to understand the way they work.

In this webinar Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will take you through the "Cyber Kill Chain" in detail to show you how a single email slip up can lead to the total takeover of your network.

Roger will show you:
  • How detailed data is harvested using public databases and surprising techniques
  • Tricks used to craft a compelling social engineering attack that your users WILL click
  • Cunning ways hackers deliver malicious code to take control of an endpoint
  • Taking over your domain controller and subsequently your entire network
But not all hope is lost. Roger will also share actionable strategies you can put in place now to greatly reduce your risk. Find out how to protect your organization before it's too late.

Date/Time: THIS WEEK Thursday, July 18 @ 2:00 pm (ET)

Save My Spot!
Pay or Not Pay the Ransom? What’s Your Opinion?

The debate over whether to pay or not to pay the ransom once your system is encrypted is heating up. Last week, the US Conference of Mayors approved a resolution coming down in favor of not paying cybercrooks. There are arguments on either side of the question.

Paying the ransom creates a huge incentive for ransomware crooks to keep plying their trade. However, in many cases, the costs of not complying with the demand can cost many millions more than paying and may not be a realistic option for some smaller cities. And once your system is compromised with ransomware there may be residual malware left behind and the only way to totally reduce that risk is to build back from bare metal.

Tell your peers what *you* think at KnowBe4's Hackbusters Forum:

And you can download the brand new RanSim with two additional ransomware scenarios here:
Get Your Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem.

We listened! KCM now has Compliance, Risk, Policy and Vendor Risk Management modules, transforming KCM into a full SaaS GRC platform!

Join us, Tomorrow, Wednesday, July 17 @ 2:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements and ease your burden when it's time for risk assessments and audits.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • You can assign responsibility for controls to the users who are responsible for maintaining them.
  • Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: TOMORROW Wednesday, July 17 @ 2:00 PM (ET)

Save My Spot!
Multi-Factor Authentication Basics and How MFA Can Be Hacked

Multi-factor authentication is always preferable to single-factor authentication, but it's not unhackable. We created a new website page as well as an infographic, whitepaper and on-demand webinar that explain why. Check it out here and share this page with your friends please:
[July Live Demo] Identify and Respond to Email Threats Faster With PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic... can present a new problem!

With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you handle the real phishing attacks and email threats —and just as importantly— effectively manage the other 90% of user-reported messages accurately and efficiently?

Now you can with PhishER, a product which allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us, Wednesday, July 24 @ 2:00 pm (ET), for a live 30-minute demonstration of the new PhishER platform. With PhishER you can:
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • See clusters of messages to identify a potential phishing attack against your organization
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team.

Date/Time: Wednesday, July 24 @ 2:00 pm (ET)

Save My Spot!

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

Quotes of the Week
"(Imagine a heavy Austrian accent) "The mind is the limit. As long as the mind can envision the fact that you can do something, you can do it, as long as you really believe 100 percent."
- Arnold Schwarzenegger

"Learning never exhausts the mind." - Leonardo da Vinci

Thanks for reading CyberheistNews
Security News
Going to Black Hat 2019 in Vegas? Put These Cool Events in Your Planner NOW.

    • Get your Free Book Signed by Kevin Mitnick: Drop by KnowBe4’s Booth #1354, for the Kevin Mitnick Book Signing! Meet the ‘World’s Most Famous Hacker’, get a signed copy of his book: Wednesday, August 7, 5-7pm at KnowBe4’s Booth.
    • Enter to Win a YETI Tundra Cooler & Tumbler Set: Join us to see a demo of the innovative KnowBe4 Security Awareness Training or PhishER Platforms to train and phish your users to enter. You’ll also be able to collect your GONE PHISHIN’ hat swag! Drop by KnowBe4’s Booth #1354

    • Learn How to Leverage Social Dynamics to Drive Behavior and Shape Culture: Join Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer, during the session “The Art and Science of Driving Secure Behavior”, on Thursday, August 8th, 3:40pm in Business Hall Theater B. We will unveil some exciting new behavior models that will help you stop the bad guys in their tracks.
Government Impostor Scams Reach New Highs

The Federal Trade Commission has warned that complaints about scammers impersonating government agencies reached a record high this spring, with more than 46,000 complaints registered in May alone. The majority of these scams purported to come from the Social Security Administration and informed victims that their Social Security number had been suspended.

Other popular choices for impersonation included the Health Department, the IRS, and various law enforcement agencies. Most of the scams tried to obtain payment via gift cards, which the FTC says “is a dead giveaway that the consumer is dealing with a scammer.” 6% of the people who reported the scams said they fell victim, with the median amount of money lost being $960.

The FTC states that the fraudsters use social engineering techniques that are very effective, but that can be easily recognized once someone knows what to look for. “The vast majority of people who report this type of scam say it started with a phone call, and these callers have their mind games down pat,” an FTC blog post said.

“Government impersonators can create a sense of urgent fear, telling you to send money right away or provide your social security number to avoid arrest or some other trouble. Or they can play the good guy, promising to help you get some free benefit like a grant or prize, or even a back brace.

Scammers like to make the situation so immediate that you can’t stop to check it out.” It’s worth keeping in mind that these numbers only reflect the scams that were reported, so the actual number of attempted scams is probably much higher. Providing new-school security awareness training is one of the best ways for organizations to ensure that their employees can resist all types of social engineering. The FTC has the story:
Effects of Ransomware Don’t End With the Ransom

A Florida city is still struggling to recover from a ransomware attack two weeks after they paid the ransom, according to the New York Times. The attack began after a city employee downloaded a malicious document that arrived in an email.

This document downloaded the Emotet Trojan, which in turn downloaded the Trickbot Trojan. These Trojans were then used to plant the RYUK ransomware within the city’s systems. On June 10th, the ransomware encrypted a whopping 16 terabytes of data, including more than a century’s worth of digitized municipal records.

A city clerk who has spent years manually scanning these documents for preservation, told the Times that it’s still not clear if everything will be recovered. “It puts us years and years and years behind,” Sikes said.

The victim decided to pay the $460,000 ransom on June 25th after failing to find a workaround. Most of the cost was covered by the city’s insurance provider, with the city paying a $10,000 deductible. Even though the attackers provided the decryption key, the recovery process is taking a very long time.

Mark A. Orlando, the chief technology officer for Raytheon Intelligence Information and Services, told the Times that attackers are improving their targeting to increase the chances that a victim will pay ransom.

“These groups are always trying to find that sweet spot: What is enough someone will consider paying but not so much that they’ll say, ‘Forget that. It’s easier to rebuild,’” Orlando said. “This is a situation where that amount is going up, and we have reached a new high-water mark as to what is getting paid out.”

Organizations need to maintain secure backups, but restoring from backups can be a lengthy and expensive process. Make sure you frequently test your restore procedure!

Ideally, the attackers won’t be able to gain a foothold in the first place. New-school security awareness training can teach your employees how to avoid falling for these attacks. Blog post with links:
Homeland Security Warning About Phishing as a Threat to 2020 Elections

The US Department of Homeland Security is warning state election officials that phishing attacks are one of the greatest threats to watch out for as the 2020 elections approach.

Fifth Domain reports that Geoff Hale, director of the DHS’ Election Security Initiative, told a gathering of secretaries of state last week that phishing is what was used in past US elections to successfully breach networks belonging to political parties and state governments.

“We know that phishing is how a significant number of state and local government networks become exploited,” Hale said. “Understanding your organization's susceptibility to phishing is one of the biggest things you can do.”

The complexity and interconnectedness of the attack surface makes it extremely difficult to prevent these attacks from getting through, and it increases the damage that attackers can cause once they succeed. California's Secretary of State Alex Padilla said that “you can read the Mueller report on what the most effective strategies were that the Russians engaged in, and most cyber experts will tell you that it’s still phishing attempts that are rampant.”

Attackers of all skill levels use phishing because it works so well, and there’s no limit to the number of attempts they can launch. New-school security awareness training is one of the best defenses against phishing, because it addresses the actual target of the attack. Fifth Domain has the story:
What KnowBe4 Customers Say

"I’m the Information Security Officer at our bank. I just wanted to take a moment to tell you about the impact your new training videos, specifically “The Inside Man” series, has had on our organization. I’ve been working in the financial industry for 11+ years, and I’ve been administering training for about 6 years to several different audiences on a wide range of topics.

If there is one thing I’ve learned, it’s that people don’t like training. Earlier this year, I incorporated The Inside Man series into our Q2 security awareness training and it was an instant hit. I have never experienced the level of employee engagement like I have in the past few months.

Not only was the content setting in with our employees (lots of follow questions on policy and best practices), I’ve actually had employees (about a third of our staff) asking for additional training- THAT DOESN’T HAPPEN!

I even had employees that were trying to find the series on YouTube because they were so invested in the storyline. I launched three more episodes this morning and we actually had people stop what they were doing to take their training. You guys have really taken training to the next level! Keep up the good work! If you guys even need a reference, don’t hesitate to contact me.

Also, our CSM, Jordan Devereux, is a pleasure to work with. Her knowledge, communication skills, and commitment to providing good service is outstanding."
- K.D., Information Security Officer.

"Hey Stu! All's good so far - getting good feedback and hopefully catch a few more clickers to subject to our remedial training - which is already under way! Overall we've had excellent results with more people reporting things that they previously would not. Looking forward to seeing some of the newer material! Thanks for reaching out, and have a good day!" - M.G. Application/Network Security Engineer

What anonymous customers say on Reddit about KnowBe4:
The 10 Interesting News Items This Week
    1. [VIDEO] Dishing on Phishing: Look Both Ways Before You Cross the Street:

    2. [Krebs on Security] Who's Behind the GandCrab Ransomware?:

    3. TrickBot Malware May Recently Have Hacked 250 Million Email Accounts:

    4. A Reminder That 'Fake News' Is an Information Literacy Problem - Not a Technology Problem:

    5. U.S. Government Makes Surprise Move to Secure Power Grid From Cyberattacks:

    6. WSJ: "U.S. Firms *Can* Defend Themselves in Cyberspace" Send this to your C-levels:

    7. 225 U.S. mayors pass resolution opposing paying ransom from ransomware:

    8. Microsoft Adds Automatic Phishing Detection to Microsoft Forms:

    9. Report: Russian intel started the Seth Rich rumor to cover for DNC hack:

    10. Hacker Ransom Demands From Cities Are Growing:

    11. BONUS: Crashed UAE Military Spy Satellite Raises Possibility Of Enemy Cyberattack:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2019 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews