CyberheistNews Vol 9 #44
[INFOGRAPHIC] The 2019 Third Quarter Top-Clicked Phishing Email Subjects From KnowBe4 
KnowBe4 reports on the top-clicked phishing emails by subject lines each quarter in three different categories: subjects related to social media, general subjects, and 'In the Wild' - we get those results from the millions of users that click on our Phish Alert Button to report real phishing emails and allow our team to analyze the results.
LinkedIn and Facebook Are Convincing Ploys
Nearly half of all social media-related phishing emails imitated LinkedIn messages. This is a trend we are seeing each quarter, likely because there is a perception that these emails appear to be legitimately coming from a professional network. It's a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses.
The fall hiring season is very hot right now. With more than 20 million jobs posted, LinkedIn is the perfect way for scammers to trick users into becoming victims. We've also seen Facebook subject lines gaining traction, which isn't a huge surprise as brand impersonation of the social network is surging.
Most Effective Phishing Tactic Is to Make People Think They've Been Hacked
The results found that simulated phishing test emails with the subject "Password Check Required Immediately" were the most clicked on, with 43% of users falling for this security-based ruse.
See the InfoGraphic with All Top Messages in Each Category for Last Quarter
Excellent ammo to send to your users as part of your ongoing awareness campaigns:
https://blog.knowbe4.com/q3-2019-top-clicked-phishing-email-subjects-from-knowbe4-infographic
KnowBe4 reports on the top-clicked phishing emails by subject lines each quarter in three different categories: subjects related to social media, general subjects, and 'In the Wild' - we get those results from the millions of users that click on our Phish Alert Button to report real phishing emails and allow our team to analyze the results.
LinkedIn and Facebook Are Convincing Ploys
Nearly half of all social media-related phishing emails imitated LinkedIn messages. This is a trend we are seeing each quarter, likely because there is a perception that these emails appear to be legitimately coming from a professional network. It's a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses.
The fall hiring season is very hot right now. With more than 20 million jobs posted, LinkedIn is the perfect way for scammers to trick users into becoming victims. We've also seen Facebook subject lines gaining traction, which isn't a huge surprise as brand impersonation of the social network is surging.
Most Effective Phishing Tactic Is to Make People Think They've Been Hacked
The results found that simulated phishing test emails with the subject "Password Check Required Immediately" were the most clicked on, with 43% of users falling for this security-based ruse.
See the InfoGraphic with All Top Messages in Each Category for Last Quarter
Excellent ammo to send to your users as part of your ongoing awareness campaigns:
https://blog.knowbe4.com/q3-2019-top-clicked-phishing-email-subjects-from-knowbe4-infographic
[NEW WEBINAR TOMORROW] A Former CIA Cyber Threat Analyst Shows You How to Make Your Organization a Hard Target
Having spent over a decade as part of the CIA’s Center for Cyber Intelligence and the Counterterrorism Mission Center, Rosa Smothers knows the ins and outs of leading cyber operations against terrorists and nation-state adversaries. She has seen first-hand how the bad guys operate, she knows the threat they pose, and she can tell you how to use that knowledge to make organizations like yours a “hard target”.
In this exclusive webinar, find out why Rosa, now KnowBe4’s SVP of Cyber Operations, encourages organizations like yours to maintain a healthy sense of paranoia as she and Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer, walk you through the murky underworld of threats and exploits that your organization can't afford to ignore.
Get the inside (spy-)scoop on:
Save My Spot!
https://event.on24.com/wcc/r/2107071/72FBF31CE83227F6428A3A3DC350B455?partnerref=CHN2
Having spent over a decade as part of the CIA’s Center for Cyber Intelligence and the Counterterrorism Mission Center, Rosa Smothers knows the ins and outs of leading cyber operations against terrorists and nation-state adversaries. She has seen first-hand how the bad guys operate, she knows the threat they pose, and she can tell you how to use that knowledge to make organizations like yours a “hard target”.
In this exclusive webinar, find out why Rosa, now KnowBe4’s SVP of Cyber Operations, encourages organizations like yours to maintain a healthy sense of paranoia as she and Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer, walk you through the murky underworld of threats and exploits that your organization can't afford to ignore.
Get the inside (spy-)scoop on:
- Surprising data collection techniques – both physical and cyber
- The two easiest ways to break into any existing network
- Hidden threats of social media connections
- And how to prepare your end users to defend against them all
Save My Spot!
https://event.on24.com/wcc/r/2107071/72FBF31CE83227F6428A3A3DC350B455?partnerref=CHN2
CNN Says "Hack Our Reporter," and White Hat Rachel Tobac *Does*
It’s “disturbingly easy” to steal someone’s personal data using information gleaned from their social media accounts, according to Donie O’Sullivan at CNN. O’Sullivan met with Rachel Tobac, a well-known white hat hacker who specializes in social engineering, and asked her to try to hack him.
O’Sullivan emphasized that even though he’s a tech reporter, he was still shocked by how much information Tobac was able to gather and what she was able to do with it.
“Without having my password, and without hacking into my email account, she was able to get my home address, my phone number and steal my hard-earned hotel points,” O’Sullivan writes. “In perhaps the cruelest act of all, she was even able to change my seat on my five-hour flight out of Vegas, moving me from a spacious exit aisle to a middle seat at the back by the restrooms.”
Note: Rachel Tobac also created Pretexting Training Videos with Kevin Mitnick that are part of the KnowBe4 social engineering training modules. Continued:
https://blog.knowbe4.com/cnn-says-hack-our-reporter-and-a-white-hat-does
It’s “disturbingly easy” to steal someone’s personal data using information gleaned from their social media accounts, according to Donie O’Sullivan at CNN. O’Sullivan met with Rachel Tobac, a well-known white hat hacker who specializes in social engineering, and asked her to try to hack him.
O’Sullivan emphasized that even though he’s a tech reporter, he was still shocked by how much information Tobac was able to gather and what she was able to do with it.
“Without having my password, and without hacking into my email account, she was able to get my home address, my phone number and steal my hard-earned hotel points,” O’Sullivan writes. “In perhaps the cruelest act of all, she was even able to change my seat on my five-hour flight out of Vegas, moving me from a spacious exit aisle to a middle seat at the back by the restrooms.”
Note: Rachel Tobac also created Pretexting Training Videos with Kevin Mitnick that are part of the KnowBe4 social engineering training modules. Continued:
https://blog.knowbe4.com/cnn-says-hack-our-reporter-and-a-white-hat-does
[WEBINAR] See How You Can Get Audits Done in Half the Time at Half the Cost
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem.
We listened! KCM now has Compliance, Risk, Policy and Vendor Risk Management modules, transforming KCM into a full SaaS GRC platform!
Join us, Tuesday, November 5 @ 2:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's new KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements across your organization and third-party vendors and ease your burden when it's time for risk assessments and audits:
Save My Spot!
https://event.on24.com/wcc/r/2116401/CB95F69BBFB09900AFED2CEEE6DE4BE3?partnerref=CHN1
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem.
We listened! KCM now has Compliance, Risk, Policy and Vendor Risk Management modules, transforming KCM into a full SaaS GRC platform!
Join us, Tuesday, November 5 @ 2:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's new KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements across your organization and third-party vendors and ease your burden when it's time for risk assessments and audits:
- Vet, manage and monitor your third-party vendors' security risk requirements.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with 80+ pre-built requirements templates for the most widely used regulations.
- Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save My Spot!
https://event.on24.com/wcc/r/2116401/CB95F69BBFB09900AFED2CEEE6DE4BE3?partnerref=CHN1
Alexa and Google Home Abused to Eavesdrop and Phish Passwords
Ars Technica is on a roll lately with some very good articles! Here is another one that made me go "Yikes!"
"By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials.
"Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes.
"It was always clear that those voice assistants have privacy implications—with Google and Amazon receiving your speech, and this possibly being triggered on accident sometimes," Fabian Bräunlein, senior security consultant at SRLabs, told me. "We now show that, not only the manufacturers, but... also hackers can abuse those voice assistants to intrude on someone's privacy." Continued:
https://blog.knowbe4.com/alexa-and-google-home-abused-to-eavesdrop-and-phish-passwords
Ars Technica is on a roll lately with some very good articles! Here is another one that made me go "Yikes!"
"By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials.
"Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes.
"It was always clear that those voice assistants have privacy implications—with Google and Amazon receiving your speech, and this possibly being triggered on accident sometimes," Fabian Bräunlein, senior security consultant at SRLabs, told me. "We now show that, not only the manufacturers, but... also hackers can abuse those voice assistants to intrude on someone's privacy." Continued:
https://blog.knowbe4.com/alexa-and-google-home-abused-to-eavesdrop-and-phish-passwords
[LIVE DEMO] See Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us on Wednesday, November 6 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to Security Awareness Training and Simulated Phishing.
Get a FIRST LOOK at our new assessment feature and see how easy it is to train and phish your users.
Date/Time: Wednesday, November 6 @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/2116412/84E59FCD4004261061ACA889D2A8B35B?partnerref=CHN1
Let's stay safe out there.
https://www.forbes.com/sites/waynerash/2019/10/24/how-to-lose-a-million-dollars-in-a-minute-or-not/
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us on Wednesday, November 6 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to Security Awareness Training and Simulated Phishing.
Get a FIRST LOOK at our new assessment feature and see how easy it is to train and phish your users.
- NEW Assessments! Find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
- Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
- Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
- Virtual Risk Officer shows you the Risk Score by user, group, and your whole organization.
- Advanced Reporting on 60+ key awareness training indicators.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Date/Time: Wednesday, November 6 @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/2116412/84E59FCD4004261061ACA889D2A8B35B?partnerref=CHN1
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
https://www.forbes.com/sites/waynerash/2019/10/24/how-to-lose-a-million-dollars-in-a-minute-or-not/
Quotes of the Week
"Don't ever become a pessimist... a pessimist is correct oftener than an optimist, but an optimist has more fun, and neither can stop the march of events." - Robert A. Heinlein - Sci-Fi Writer (1907 - 1988)
"The pessimist sees difficulty in every opportunity. The optimist sees the opportunity in every difficulty." - Winston Churchill - British Statesman (1874 - 1965)
Thanks for reading CyberheistNews
"The pessimist sees difficulty in every opportunity. The optimist sees the opportunity in every difficulty." - Winston Churchill - British Statesman (1874 - 1965)
Thanks for reading CyberheistNews
Security News
What Reese’s Peanut Butter Cups Can Teach Us About Phishing
One of the greatest inventions in modern history is the Reese’s Peanut Butter Cup. I feel sorry for any human who existed before the “age of the cup” because they never got to know the delicious glory that accompanies the unification of chocolate and peanut butter.
Previous to that time, people walked around in total ignorance thinking that they had to make an “either/or” decision related to these two approaches to snack-based nourishment. And then a revelation happened that may have been something like this 1972 commercial for the product:
https://www.youtube.com/watch?v=GuENAWds5B0
Now, here’s the funny thing. Somehow even in a world that has been graced by the peanut butter cup, many people still believe that decisions have to be binary. Such people believe that, because they are naturally drawn to one of the ways of addressing a problem, then other ways of addressing the problem must be invalid.
IT vendors and security pundits also fall into the trap. An example of this came to my attention just a couple days ago when I came across a Forbes ‘article’ entitled: Technology not Training Protects Users from Phishing.
First-things-first, the author of the article – a Google employee within their Office of the CTO -- is obviously a very intelligent individual… I’m not debating that at all. But I will call-out the fact that the ‘article’ is actually part of a paid marketing effort by Google to promote Google’s approach to mitigating phishing via technology. Continued:
https://blog.knowbe4.com/what-reeses-peanut-butter-cups-can-teach-us-about-phishing
One of the greatest inventions in modern history is the Reese’s Peanut Butter Cup. I feel sorry for any human who existed before the “age of the cup” because they never got to know the delicious glory that accompanies the unification of chocolate and peanut butter.
Previous to that time, people walked around in total ignorance thinking that they had to make an “either/or” decision related to these two approaches to snack-based nourishment. And then a revelation happened that may have been something like this 1972 commercial for the product:
https://www.youtube.com/watch?v=GuENAWds5B0
Now, here’s the funny thing. Somehow even in a world that has been graced by the peanut butter cup, many people still believe that decisions have to be binary. Such people believe that, because they are naturally drawn to one of the ways of addressing a problem, then other ways of addressing the problem must be invalid.
IT vendors and security pundits also fall into the trap. An example of this came to my attention just a couple days ago when I came across a Forbes ‘article’ entitled: Technology not Training Protects Users from Phishing.
First-things-first, the author of the article – a Google employee within their Office of the CTO -- is obviously a very intelligent individual… I’m not debating that at all. But I will call-out the fact that the ‘article’ is actually part of a paid marketing effort by Google to promote Google’s approach to mitigating phishing via technology. Continued:
https://blog.knowbe4.com/what-reeses-peanut-butter-cups-can-teach-us-about-phishing
The Stupid Hacker Who Broke Into U.S Superior Court Should Get a Darwin Award
He hacked U.S Superior Court systems to spread phishing emails. What Could Go Wrong?
A Texas man was sentenced today to 145 months in federal prison for hacking the Los Angeles Superior Court (LASC) computer system and using its servers to deliver around 2 million malspam emails. 33-year-old Oriyomi Sadiq Aloba “was found guilty of one count of conspiracy to commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud, one count of unauthorized impairment of a protected computer, five counts of unauthorized access to a protected computer to obtain information, and four counts of aggravated identity theft. Story:
https://www.itsecurityguru.org/2019/10/23/u-s-superior-court-systems-have-hacked-to-spread-phishing-emails/
He hacked U.S Superior Court systems to spread phishing emails. What Could Go Wrong?
A Texas man was sentenced today to 145 months in federal prison for hacking the Los Angeles Superior Court (LASC) computer system and using its servers to deliver around 2 million malspam emails. 33-year-old Oriyomi Sadiq Aloba “was found guilty of one count of conspiracy to commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud, one count of unauthorized impairment of a protected computer, five counts of unauthorized access to a protected computer to obtain information, and four counts of aggravated identity theft. Story:
https://www.itsecurityguru.org/2019/10/23/u-s-superior-court-systems-have-hacked-to-spread-phishing-emails/
Can an Employee's Bad Conscience Be a Vulnerability?
It can be useful to remember that social engineering succeeds more readily when its marks are stressed or hurried. That appears to be the case with an ongoing scam campaign that lays its trap for Russian-speaking victims.
Researchers at ESET found a Trojanized version of the TOR browser that displays a warning that their browser is out of date, that their anonymity is at risk, and that they need to upgrade to keep themselves safe. The victims are invited to click through to a site where they can bring their TOR browser up to the latest standard.
The urgency derives from where the victims are found: shopping on the Darknet. Not everything on the Darknet is nefarious or malicious, but a good bit of it is, and the markets found there often deal in contraband, both physical, like drugs or weapons, and virtual, like illicit pornography.
The warning page the scammers display shows a sympathetic concern for the user. It urges them to keep their anonymity reliable and up-to-date because, of course they would not want to draw the attention of the police. Someone who knew they were up to something the authorities frown on might well be rattled into hastily clicking the update button. Continued:
https://blog.knowbe4.com/can-an-employees-bad-conscience-be-a-vulnerability
It can be useful to remember that social engineering succeeds more readily when its marks are stressed or hurried. That appears to be the case with an ongoing scam campaign that lays its trap for Russian-speaking victims.
Researchers at ESET found a Trojanized version of the TOR browser that displays a warning that their browser is out of date, that their anonymity is at risk, and that they need to upgrade to keep themselves safe. The victims are invited to click through to a site where they can bring their TOR browser up to the latest standard.
The urgency derives from where the victims are found: shopping on the Darknet. Not everything on the Darknet is nefarious or malicious, but a good bit of it is, and the markets found there often deal in contraband, both physical, like drugs or weapons, and virtual, like illicit pornography.
The warning page the scammers display shows a sympathetic concern for the user. It urges them to keep their anonymity reliable and up-to-date because, of course they would not want to draw the attention of the police. Someone who knew they were up to something the authorities frown on might well be rattled into hastily clicking the update button. Continued:
https://blog.knowbe4.com/can-an-employees-bad-conscience-be-a-vulnerability
What KnowBe4 Customers Say
"Good morning Stu, I just wanted to brag on Ivan to you. We have been a KnowBe4 customer for the past couple of years and Ivan has been with me from the beginning. Ivan’s tech support, response time, and customer service is one of the best I have seen in my 20 years of working in IT.
If I ever have a problem he has a quick and timely solution. He also reaches out to see if there is anything I need or to let me know about new products and features. Just wanted to give some praise to one of your excellent employees."
- K.M., Information Security Officer
"I just wanted to take a moment to compliment Nadia’s assistance and persistence with making sure the KnowBe4 platform is a success with our org. She has been great at following up to make sure we are using the platform successfully, especially at explaining the benefits of switching to KnowBe4’s built-in training platform, as we current use our own LMS for KnowBe4 training. I appreciate her professionalism and dedication!"
Z.P., IT System Administrator
"Good morning Stu, I just wanted to brag on Ivan to you. We have been a KnowBe4 customer for the past couple of years and Ivan has been with me from the beginning. Ivan’s tech support, response time, and customer service is one of the best I have seen in my 20 years of working in IT.
If I ever have a problem he has a quick and timely solution. He also reaches out to see if there is anything I need or to let me know about new products and features. Just wanted to give some praise to one of your excellent employees."
- K.M., Information Security Officer
"I just wanted to take a moment to compliment Nadia’s assistance and persistence with making sure the KnowBe4 platform is a success with our org. She has been great at following up to make sure we are using the platform successfully, especially at explaining the benefits of switching to KnowBe4’s built-in training platform, as we current use our own LMS for KnowBe4 training. I appreciate her professionalism and dedication!"
Z.P., IT System Administrator
The 10 Interesting News Items This Week
- White House cybersecurity chief quits, says leadership is inviting an attack:
https://thenextweb.com/politics/2019/10/25/white-house-cybersecurity-chief-quits-says-leadership-is-inviting-an-attack/ - Avast target of cyber-security attack, company and Czech counterintelligence say:
https://www.reuters.com/article/us-avast-cyber/avast-target-of-cyber-security-attack-company-and-czech-counterintelligence-say-idUSKBN1X01KS - [Video] CNN TECH Reporter Hacked through Social Media OSINT:
https://discuss.hackbusters.com/t/video-cnn-tech-reporter-hacked-through-social-media-osint/4628 - Fortinet expert on why CISOs must focus on employee development as a key security strategy:
https://www.intelligentciso.com/2019/10/21/fortinet-expert-on-why-cisos-must-focus-on-employee-development-as-a-key-security-strategy/ - Does Your Security Awareness Program Put People First?:
https://securityintelligence.com/posts/does-your-security-awareness-program-put-people-first/ - Office 365 Now Warns About Suspicious Emails with Unverified Senders:
https://www.bleepingcomputer.com/news/microsoft/office-365-now-warns-about-suspicious-emails-with-unverified-senders/ - Haxis of evil: Russia, China, Iran and North Korea are 'continuous threat' to UK, say spies:
https://www.theregister.co.uk/2019/10/23/russia_china_iran_north_korea_threat_to_uk_ncsc/ - 'Your whole business is basically gone': Gillian Franklin hit by $2 million cyber attack:
https://www.smh.com.au/business/small-business/your-whole-business-is-basically-gone-gillian-franklin-hit-by-2-million-cyber-attack-20191021-p532ri.html - Attacking the operational technology through the operator:
https://thecyberwire.com/events/attacking-the-operational-technology-through-the-operator.html - Data Breaches Devastate Small Businesses in 2019 with 10 Percent Closing Their Doors
https://blog.knowbe4.com/data-breaches-devastate-small-businesses-in-2019-with-10-percent-closing-their-doors
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Your 5-minute Virtual Vacation :-D Fantastic video of Japan in 8K 60fps. Full Screen -- Gorgeous!:
https://www.youtube.com/watch?v=zCLOJ9j1k2Y
- Star Wars: The Rise of Skywalker - Official Final Trailer:
https://www.youtube.com/watch?v=oCgvGErYQUE
- Putting The History Of Earth Into Perspective, you will never look at this planet the same again:
https://youtu.be/0yBzxC9eoog
- CNN tech reporter Donie O'Sullivan thought he was being safe on social media. Watch social engineer & SocialProof Security CEO Rachel Tobac prove him very, very wrong:
https://www.cnn.com/videos/business/2019/10/17/hacked-tech-reporter-social-engineer-orig.cnn-business/video/playlists/business-cybersecurity/
- Watch Lilium's electric plane prototype take off and soar. I want one!:
https://mashable.com/video/lilium-electric-airplane-evtol-flight/
- Here's Why America Has a National Highway System: 1919 Transcontinental Motor Convoy:
https://www.youtube.com/watch?v=jWsM6Hi0lQA
- So what's with all these dogs getting tricked? Cats Try The Invisible Challenge:
https://www.youtube.com/watch?v=-qA_j1IwQUc&feature=youtu.be
- There’s a Hidden Continent Lurking Beneath Europe. How did we lose an entire continent?:
https://www.youtube.com/watch?v=fZ0gvrVwO_s&feature=youtu.be
- Mariana Trench: Record-breaking journey to the bottom of the ocean at BBC News:
https://www.youtube.com/watch?v=LKXvdyNz6L8
- For the kids #1 This cat and deer are best friends, the cat gets a wash:
https://www.youtube.com/watch?v=K7kRDPmwzVI&feature=youtu.be
- For the kids #2: GoPro: Gorilla Tickling at the GRACE Center:
https://www.youtube.com/watch?v=uFDPLyAWpVg - From The Archives. This must be the Worlds' smallest personal helicopter. Made and flown by an Austrian aviation enthusiast who is not afraid to be decapitated:
https://www.flixxy.com/personal-helicopter.htm?utm_source=4
