CyberheistNews Vol 9 #39 [Scam of the Week] Heads-Up: Amazon Phishing Attack in Progress

CyberheistNews Vol 9 #39
[Scam of the Week] Heads-Up: Amazon Phishing Attack in Progress

HackRead has come across a phishing scam that’s trying to trick Amazon customers into handing over their account credentials, personal information, and financial details. The phishing emails purport to be notifications from Amazon informing the recipient that they need to update their information within twenty-four hours or their account will be permanently disabled.

When a victim clicks the “Update Now” button in the email, they’ll be taken to a convincing imitation of an Amazon login page. After the victim enters their credentials, the phishing page will present a form for them to input their name, address, city, state, ZIP code, phone number, and date of birth. Next, they’ll be asked to provide their credit card and bank account information.

Finally, the phishing site informs the victim that their account has been recovered and says they’ll be automatically logged out. The victim is then redirected to the real Amazon website.

I suggest you send employees, friends and family an email about this Scam of the Week, feel free to copy/paste/edit:

"Bad guys are targeting Amazon customers, urgently claiming you need to update your information within twenty-four hours or your account will be permanently disabled. They count on you getting worried and quickly act without thinking it through.

The email has several red flags like typos and bad grammar, but even if the emails are perfect—which they often are these days—it is a bad idea to click on the link in the email. Always, you should go directly to Amazon using your web browser and see if your account has any notifications. Think Before You Click."

More data, background and links at the KnowBe4 blog:
In the Hot Seat: Three Experts Tackle 10 Critical Security Awareness Issues

Three experts. 10 hot topics. Sixty minutes. What happens when you lock highly opinionated security awareness experts in a room with a microphone and a list of top security issues facing your organization? This is your chance to find out!

In this webinar, Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer, and, our guests, Forrester’s Jinan Budge and Claire O’Malley will provide practical advice and pithy comments as they take on a wide-ranging list of security awareness topics, behavior, and culture management issues in rapid-fire format.

Key topics will include:
  • The real cost of ignoring the human element
  • What can security awareness mean for your organization’s overall reputation?
  • Talking to your execs and the board about cybersecurity
  • How do you measure the benefit of awareness, behavior and culture change?
  • Security awareness & training content: Quality versus quantity
  • And many others!
Get the expert take! Find out how to empower your end users, measure success and help keep the bad guys out.

Date/Time: THIS WEEK, Thursday September 26th @ 2:00 pm (ET)

Save My Spot!
PDF Phishing Attacks Using Microsoft OneDrive Surge Nearly 200%

Scammers use a mixture of familiar brand, unsuspecting users, legitimate document types and locations, and credential harvesting in this attack aimed at getting into your Office 365.

If a cybercriminal can get into your Office 365, there’s potentially a lot they can do. They can email malware-laden messages to users both within and outside the company, steal data stored in Office 365, access applications in the cloud that provide them intel or access to banking details to commit fraud. The list is only limited by the creativity of the cybercriminal.

So, gaining access to Office 365 has become a priority for many cybercriminal organizations. We just wrote about how Microsoft continues to lead the pack as the most-impersonated brand by cybercriminals. Data found in Managed Security Service Provider (MSSP) Nuspire’s Q2 2019 Quarterly Threat Landscape Report demonstrates exactly why it’s so useful for cybercriminals to leverage such brands.

According to the report, the use of PDF phishing attacks rose 193% in just one quarter. What makes this so dangerous for organizations is the tie-in with Office 365. These attacks are focused on generic mailboxes, such as a ‘support@’ email address used by more than one user, prompting them to review the linked-to PDF document up on OneDrive. The victim is then asked to provide their Office 365 credentials via a realistic-looking OneDrive login page.

More data, background and links at the KnowBe4 blog:
[September Live Demo] Identify and Respond to Email Threats Faster With PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic... can present a new problem!

With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you handle the real phishing attacks and email threats —and just as importantly— effectively manage the other 90% of user-reported messages accurately and efficiently?

Now you can with PhishER, a product which allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us TOMORROW Wednesday, September 25th at 2:00 pm (ET), for a live 30-minute demo of the PhishER platform and see PhishML, a new machine-learning module now available in the PhishER platform.

With PhishER you can:
  • *NEW* Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s new machine-learning module
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • See clusters of messages to identify a potential phishing attack against your organization
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team.

Date/Time: TOMORROW Wednesday, September 25th at 2:00 pm (ET)

Save My Spot!
Video Becomes the Next Big Bait for Social Engineering. Full-Body Deepfake Anyone?

Scammers are always looking for new ways to get potential victims to engage. It appears that the latest trend is to leverage our familiarity with watching video to spawn an attack that might very well now use a deepfake video.

Every day, people all over the world are engaging with video content on social media as a stimulating medium to learn from or be entertained. So, it makes sense that the bad guys would want to take advantage of the lowered defenses of individuals through the use of fake links to videos.

Video links can be sent to a potential victim via email or social media channels, usually using an “Is this you in the video???” angle of attack to create an emotional response – and get them to click, especially is if is a deepfake.

Users should be taught to be weary of such requests, even—actually especially—when seemingly coming from someone they know. Hacked social media accounts are valuable social engineering assets to cybercriminals, as they can be used to send the same “Is this you?” message to everyone connected to the compromised account.

Your Users within your own organizations should be made aware of these and other tactics aimed at invoking an emotional response (that being the clicking of the malicious link) through frequent Security Awareness Training.

in April of this year, the Japanese artificial intelligence company Data Grid developed an AI that can automatically generate whole body models of nonexistent persons, identifying practical applications in the fashion and apparel industries. Check it out and you can come up with a number of ways this can be misused:
Does Your Domain Have an Evil Twin? Find out for a Chance to Win Two Pair of Beats Headphones

Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it’s a top priority that you monitor for potentially harmful domains that can spoof your domain.

Our Domain Doppelgänger tool makes it easy for you to identify your potential “evil domain twins” and combines the search, discovery, reporting, and risk indicators, so you can take action now. Better yet, with these results, you can now generate a real-world online assessment test to see what your users are able to recognize as “safe” domains for your organization.

Plus, if you’re in the US or Canada, you'll be entered to win two pairs of Beats Studio3 Wireless Headphones*, "one for you and one for your evil twin".

With Domain Doppelgänger, you can:
  • Search for existing and potential look-alike domains
  • Get a summary report that identifies the highest to lowest risk attack potentials
  • Generate a real-world “domain safety” quiz based on the results for your end users
This is a complimentary tool and will take only a few minutes.

Domain Doppelgänger helps you find the threat before it is used against you.

Find Your Look-Alike Domains!

*Terms and conditions apply.

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: We are thrilled to be named Number One 2019 Best Workplace for Women by Great Place to Work and FORTUNE! Here is one of the best videos our team produced about KnowBe4, and is great ammo if you want to introduce us to your C-level execs when you ask for budget:
Quotes of the Week
"The mind is the limit. As long as the mind can envision the fact that you can do something, you can do it, as long as you really believe 100 percent." - David Hockney, Artist

"Anyone who stops learning is old, whether at twenty or eighty. Anyone who keeps learning stays young. The greatest thing in life is to keep your mind young." - Henry Ford, Industrialist

Thanks for reading CyberheistNews
Security News
Deepfakes Require a New Kind of Thinking

Deepfakes present a tremendous upheaval in the way we receive and process information, according to Matt Price from ZeroFOX. On the CyberWire’s Hacking Human’s podcast, Price stressed that deepfake technology has only been available to the public for about two years, but it’s made rapid advancements in that short period of time.

“[In] the past six months, there's been insane developments in terms of just how to create high-fidelity deepfakes,” Price said. “How to do it with only one image and, now, how you can actually manipulate what people are saying by just typing in text, just like you would in a chat, and then the person in the video will then mimic back that text that you have written. If you happen to see the deepfake that they did of Zuckerberg, that's actually what they're doing with the text transcripts.”

Price emphasized how disruptive this new technology is to the way we traditionally think about video.

“It used to cost millions of dollars to the movie studios to do what we can now just do today in a few hours on a machine with a couple of powerful GPUs,” he said. “So, just kind of putting together the whole toolchain, like the advances that we've had in neural networks, the advances that we've had in hardware, particularly on the GPU side, have just enabled anybody now to really create these kind of deepfakes.” Making matters worse is the fact that there isn’t an apparent solution to detecting deepfakes on a large scale. ZeroFOX is working on detection algorithms, but Price foresees an escalating struggle between the AIs creating deepfakes and the AIs trying to spot them. He notes that the competition includes extremely well-funded and motivated threat actors.

“We already saw, like, what Russia was able to do in some of the previous elections without deepfake technology just because they're able to distort the truth,” he said. “So, now with this deepfake technology, countries like Russia, possibly China, and even organized crime can now create these deepfakes and essentially sow confusion and change what people perceive as the truth, which is a major problem for any kind of democratic society where you have to have a basis for truth in order to have your discussions and your arguments and make determinations on how to move forward.”

People need to use more than what they see in front of them in order to make a judgement. New-school security awareness training can give your employees a healthy sense of skepticism by teaching them how to use context, secondary sources, and common sense.

The CyberWire has the story:
Oklahoma Pension Fund Robbed of $4.2 million via Compromised Email

Attackers stole millions of dollars from Oklahoma’s pension fund for retired law enforcement officers, the Oklahoman reports. The Oklahoma Law Enforcement Retirement System (OLERS) said the funds were stolen on August 26th, after an employee’s email account was hacked. The attackers were able to divert $4.2 million being handled by an investment manager.

The FBI has recovered $477,000 of the stolen funds, and OLERS believes they’ll be able to recover more. Otherwise, the agency’s insurance provider will have to make up the losses.

The employee whose account was hacked wasn’t fired, and OLERS is providing employee training to prevent this type of attack in the future. OLERS’ president, Roy Rogers, told the Oklahoman that business email compromise can affect anyone. “It happens every day,” Rogers said. “It can happen to an individual. It can happen to a state. It can happen to a company....This kind of crime has just got rampant.”

Technical defenses alone aren’t enough to thwart social engineering attacks. Security controls like two-factor authentication are essential, but even these can be defeated by a determined attacker who targets the human. New-school security awareness training can address human vulnerabilities and turn your employees into security assets. The Oklahoman has the story:
Global Phishing Campaign Targets Universities

Researchers at Secureworks’ Counter Threat Unit (CTU) have been tracking a major phishing campaign that’s using library-themed emails to target more than sixty universities around the world. Secureworks attributes the campaign to “Cobalt Dickens,” a threat group associated with the Iranian government. Last year, the US Justice Department indicted nine members of this group for hacking more than three hundred universities across twenty-two countries. The researchers note that neither the indictment nor the publicity appears to have fazed the group, and Cobalt Dickens has since expanded its operations.

“As of this publication, CTU researchers observed COBALT DICKENS targeting at least 380 universities in over 30 countries,” they write. “Many universities have been targeted multiple times. The threat actors have not changed their operations despite law enforcement activity, multiple public disclosures, and takedown activity.” Cobalt Dickens’ current operation is using phishing emails informing recipients that they need to log in to their university account to access a library resource. The emails contain links to phishing pages that convincingly imitate the particular university’s login page. Once a victim has entered their credentials, the site will redirect them to the school’s real login page, so the victim may not even realize they’ve been phished.

Most people assume they aren’t important enough to be targeted by state-sponsored hackers, but universities, companies, and of all types and sizes can be targeted by advanced attacks. Universities offer access to valuable intellectual property, financial information, and personal data that can be used in further attacks.

Secureworks recommends that all universities implement multi-factor authentication to combat these threats, stating that the risk of using passwords alone outweighs the inconvenience of an extra step for security. New-school security awareness training can help people realize the importance of using multi-factor authentication, as well as teaching them how to recognize phishing attacks. Secureworks has the story:
What a KnowBe4 Customer Says

"Hi Stu, it's a real privilege to be able to provide you feedback on the KnowBe4 suite of products. We utilize them all now.

KCM: When this first came on the market, it was all compliance/risk management focused. Though I saw value in it and promoted it at my organization for consideration, we simply were not at a point where compliance and risk management tools were investment considerations.

However, when vendor management got added to the tool, I, as the InfoSec vendor assessor, was able to get us to replace our Qualys tool for Security Vendor Assessments with KCM. As a result, we are actively using it. We have found several glitches since implementation, but, as is usually the case with KB4 support, the majority of said glitches have already been successfully mitigated. KB4's responsiveness has always been stellar, and this is one of the biggest points I make when promoting KB4.

Now that we have invested in KCM, I am much closer to getting acceptance for using it to facilitate risk management. Our account rep, Brady Price, has been extremely proactive in reaching out to me to ensure I am happy with this tool. He has also played a key role in certain support issues. I foresee KCM will continue to grow in use here.

PhishER: I am in PhishER more frequently than any other KB4 product, but my overall time in it doesn't match my time in KMSAT. I was able to get our site to invest in PhishER early in the year because of our success with KMSAT. It was "glitchy" initially, but our organization's InfoSec management concerns were soothed with the understanding that it was a new product and that KB4 had already proved itself as being very responsive to customer input when it came to product improvement.

Sure enough, except for one issue, this proved to be the case. I will bring up the one issue though: Yara; because of the heavy reliance on Yara rules to maximize the effectiveness and efficiency of the tool, I was somewhat frustrated early on with the lack of support available for Yara-specific customer support requests I made.

However, with the most recent feature enhancement, the direct reliance on customers building their own Yara rules has been lessened significantly. The ability to turn on automated assignment of "Clean", "SPAM", and "Threat" tags by KB4's proprietary algorithm has greatly supplemented my own custom Yara rules to identify the same. We are now very pleased with how PhishER is supplementing our KMSAT use.

KMSAT: We have been using KMSAT for the last three years and our use has grown as the product has grown over that period. I have made numerous suggestions over the period of use that I have seen implemented time and time again. Most of the account representatives I've worked with have been very good. The one we currently have, Steven Douglas, is super-responsive to me when I make direct requests to him. He, like Brady, is a cut above.

Last, I just want to reiterate that I absolutely love KB4. Your company has 100% of my confidence! Thank you for the very best in supporting employee information security awareness and training."
The 10 Interesting News Items This Week
    1. NEW: 10 Signs you are being socially engineered | CSO article:

    2. ZDNet: The ransomware crisis is only going to get a lot worse:

    3. Exclusive: Australia concluded China was behind hack on parliament, political parties:

    4. Most Cyber Attacks Focus on Just Three TCP Ports:

    5. The Air Force Will Let Hackers Try to Hijack a whole Orbiting Satellite:

    6. China's peace sign selfie-takers warned of crazy cybersecurity threat:

    7. Rising Incidence of Social Engineering Attacks Propels Robust Growth in European Security Awareness Training Sector:

    8. Deconstructing an iPhone Spearphishing Attack:

    9. A persistent group of hackers has been hitting Saudi IT providers, Symantec says:

    10. WannaCry – the worm that just won’t die:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2019 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews