CyberheistNews Vol 9 #51 Police Warn of New 'Line-Trapping Technology' Being Used to Scam People Over the Phone




CyberheistNews Vol 9 #51
Police Warn of New 'Line-Trapping Technology' Being Used to Scam People Over the Phone

A new piece of sophisticated technology is being used by fraudsters to scam unsuspecting people over the phone. Police said a woman in the York Region received a call earlier this month and was told by the scammers she had been a victim of identity theft.

Police said the woman was directed to call police and confirm the information. The victim called authorities and believed she had spoken to an officer. Through the investigation it was revealed that the suspects used new line-trapping technology to remain connected to her phone line when she tried to call police.

The technology used by the scammers reconnected her phone line to them instead of the authorities. Police said the woman lost a quantity of cash and the suspects obtained her personal information.

What Can Be Done About It

Police are reminding citizens to be cautious with any calls or e-mails seeking personal information. "If a situation feels suspicious, trust your instincts," police said in a news release on Thursday.

"If you wish to confirm a call you receive do so on a delayed timeline. Evidence suggests that the line-trapping technology being utilized has a time limit of several minutes." Police said to call on another line if you are suspicious of being hacked.

We will continue to dig into this "line-trapping technology" further and find out more about bad guys use social engineering to scam people with this.
[Live Demo] Identify and Respond to Email Threats Faster with PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you handle the real phishing attacks and email threats —and just as importantly— effectively manage the other 90% of user-reported messages accurately and efficiently?

Now you can with PhishER, a product which allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us, TOMORROW, Wednesday, December 18 @ 2:00 pm (ET) for a live 30-minute demonstration of the PhishER platform. With PhishER you can:
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s new machine-learning module
  • See clusters of messages to identify a potential phishing attack against your organization
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: TOMORROW, Wednesday, December 18 @ 2:00 pm (ET)

Save My Spot!
https://event.on24.com/wcc/r/2140417/88BECD9319D002690E39B6770A9364AE?partnerref=CHN2
5 Things You May Not Know About Security Awareness Training

By Perry Carpenter, KnowBe4 Chief Evangelist and Strategy Officer. "Let me open by making an observation: the discipline of security awareness is chock-full of assumptions and misconceptions. As a side-effect, security leaders often feel that their programs are ineffective and that training humans is a lost cause.

But those conclusions couldn’t be further from the truth. What I’ve seen — time and time again — is that training humans isn’t a lost cause; in fact, your people are your last line of defense whenever all other technology-based security layers are circumvented.

So, where’s the disconnect? Well, I’m glad you asked. I think there are five things that many security and IT leaders miss when it comes to security awareness. Let’s take a few moments to explore these. (Oh… I actually released an entire book about how to build effective awareness programs geared to drive secure employee behaviors. If you are interested, check it out on Amazon:
https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/

Here are the 5 things, each is explained further on the KnowBe4 blog:
  1. The knowledge-intention-behavior gap
  2. Your Content is Your Face and Reputation to your Organization
  3. It is a proven fact that frequent training has a demonstrable benefit to the resilience of your organization.
  4. At all times you are either building strength or allowing atrophy
  5. You are probably measuring and reporting the wrong things
Learn more about these 5 points here:
https://blog.knowbe4.com/5-things-you-may-not-know-about-security-awareness-training
Are Your Users' Passwords…P@ssw0rd? Find out for a Chance to Win a Stormtrooper Helmet

Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security.

KnowBe4's Weak Password Test checks your Active Directory for 10 different types of weak password-related threats and reports any fails so that you can take action. Plus, if you're in the US or Canada, you’ll be entered for a chance to win a Star Wars replica Stormtrooper Helmet!

This will take you 5 minutes and may give you some insights you never expected!
https://info.knowbe4.com/wpt-sweepstakes-012020
OUCH. 63% of Workers Reuse Passwords for Multiple Work Devices and Applications

According to Enterprise Strategy Group, 63% of workers have reported using the same password for multiple work devices and/or applications. This just one statistic from ESG's upcoming 2019 Digital Work Trends Survey results.

Dave Gruber, ESG Senior Analyst explains why this is such a major problem: "Passwords continue to be the primary mechanism used for identity authentication. Credential theft is at an all-time high with email-based phishing attacks topping the charts for the most heavily used method of fooling unsuspecting users." See the 1:10 video here:
https://blog.knowbe4.com/63-of-workers-reuse-passwords-for-multiple-work-devices-and-applications
How to Prevent 81% of Phishing Attacks From Sailing Right Into Your Inbox With DMARC featuring Roger Grimes

Only ~20% of companies use DMARC, SPF, and DKIM, global anti-domain-spoofing standards, which could significantly cut down on phishing attacks. But even when they are enabled and your domain is more secure, 81% of phishing attacks still continue to sail right through to your end-user.

In this on-demand webinar, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will teach you how to enable DMARC, SPF, DKIM the right way! Then, learn the six reasons why phishing still might get through to your inbox and what you can do to maximize your defenses.

Watch the webinar now!
https://info.knowbe4.com/dmarc-spf-dkim-webinar

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

Quotes of the Week
"The gift of fantasy has meant more to me than my talent for absorbing positive knowledge."
- Albert Einstein - Physicist

"To be matter-of-fact about the world is to blunder into fantasy - and dull fantasy at that, as the real world is strange and wonderful." - Robert A. Heinlein - Science Fiction writer



Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-9-51-police-warn-of-new-line-trapping-technology-being-used-to-scam-people-over-the-phone
Security News
A Venture Capital Firm Was Scammed out of $1 Million in a Noteworthy BEC Scam

A venture capital firm was scammed out of $1 million in a noteworthy BEC scam, CyberScoop reports. The million dollars was supposed to be seed funding for an Israeli startup the venture capital firm was investing in. The VC firm didn’t realize what had happened until the startup called them on the phone to say it hadn’t received the money.

Cybersecurity company Check Point, which the Israeli startup hired to investigate the matter, found that this wasn’t a typical business email compromise attack. The scammers did compromise an email account at one of the companies, but they didn’t use this account to carry out the scam. Rather, once they saw an email discussing the upcoming investment, they registered two domains that closely imitated the domains used by the two companies.

Then, they sent two emails—one to each company—from these spoofed domains. The Israeli startup received an email from the domain spoofing the VC firm, while the VC firm received an email from the domain imitating the Israeli startup.

These emails contained the same content as the real thread discussing the investment. Both companies failed to notice that the domains were off by one letter, and they continued communicating without realizing that all their emails were being sent to the attacker-controlled domains.

The attackers would receive each email, edit it if necessary, and then forward it on to its intended destination. This technique gave the attackers complete control over both sides of the conversation. They even cancelled an in-person meeting between the Israeli CEO and an employee at the VC firm by coming up with excuses for why both sides had to cancel.

This was an exceptionally crafty scam, and most people probably wouldn’t believe an attacker would be able to pull it off. New-school security awareness can teach your employees to never underestimate scammers, and to always verify the legitimacy of a conversation before taking action.
Microsoft Sees Phishing on the Rise

According to Microsoft security research, the percentage of inbound emails associated with phishing on average increased in the past year. For some, this may feel like obvious news, but given the scale of Microsoft and their visibility into global traffic, the security intelligence report makes for some interesting fact-based reading.

According to a blog penned by Microsoft Cybersecurity Field CTO Diana Kelley, many criminals are taking the time to research victims before attacking, leading to more targeted spear phishing attacks including business email compromise (BEC), wire / W2, and impersonating high profile accounts.

Microsoft recommends a layered approach, using technology to secure identities such as multi-factor authentication (MFA) as well as deploying spoof detection controls. But underpinning this are the users:

“Spear phishing emails do a great job of effectively impersonating a credible source; however, there are often small details that can give them away. Help users identify phish using training tools that simulate a real phish. Here are a few tells that are found in some phish that you can incorporate into your training:
  • An incorrect email address or one that resembles what you expect but is slightly off.
  • A sense of urgency coupled with a request to break company policy. For example, fast tracking payments without the usual checks and procedures.
  • Emotive language to evoke sympathy or fear. For example, the impersonated CEO might say you’re letting them down if you do not make the urgent payment.
  • Inconsistent wording or terminology. Does the business lingo align with company conventions? Does the source typically use those words?”
Further recommendations state that it is important that users flag phishing emails to the proper team.

These are all points with which we couldn’t agree more. Security Awareness Training is important to educate users on how to identify suspicious email content and to avoid clicking on attachments. Additionally, phishing testing of your users helps provide a feedback loop for the training, helping you identify where your “user security,” as it were, is weakest. Graphs and links:
https://blog.knowbe4.com/microsoft-sees-phishing-on-the-rise
New Ransomware Attack Reboots Systems Into Safe Mode to Bypass Antivirus!

The latest strain of Snatch ransomware performs a devious task to ensure tools designed to protect against ransomware are nowhere to be found during encryption.

This one is pure evil genius! The latest variant of Snatch has been identified by the researchers at Sophos. Infecting Windows 7 through 10 (in both 32-bit and 64-bit versions), this version of Snatch installs a Windows service SuperBackupMan that is configured to run in Safe Mode. Once a forced restart is complete, and the system is in Safe Mode, those AV solutions not configured to run leave the system exposed and able to be encrypted.

But the impressiveness of this ransomware doesn’t stop there. Researchers also found the following attack measures in varying degrees:
  • Use of RDP as the initial attack vector
  • Exfiltration of system information
  • Monitoring of network traffic
  • Installation of surveillance software
  • Installation of remote access Trojans (RATs)
The payload for this ransomware uses the open-source packer UPX to help obfuscate detection of the malicious code within. This is powerful and dangerous stuff here that has attack ramifications both in the immediate timeframe and in the future (depending on how patient the attacker is). Your organization needs to address this in two ways. Continued:
https://blog.knowbe4.com/new-ransomware-attack-reboots-systems-into-safe-mode-to-bypass-antivirus
What KnowBe4 Customers Say

"Yes. We are happy campers. We are former Barracuda Phishline customers. Backstory - We were cold called by KnowBe4 about a year ago, but were under contracted with Phishline. When it came time to renew, Phishline's pricing jumped significantly and they didn't offer much in the way of renewal discount.

So we started looking into alternatives, and KnowBe4 popped up. I reached out to the person who contacted me originally and got the ball rolling. KnowBe4 was cheaper, and the product demo showed that it could do what Phishline was doing but significantly more. We're now 3 months into being a customer and have completed 2 formal campaigns. It's more intuitive, has more control, better reporting, and is waaaaaaay faster.

We're kicking it up a notch by using the policy campaign next month. We're also evaluating the Second Chance feature and will probably roll that out company-wide in the next few weeks. That said, here's my enhancement request. The training modules lack customizability. I'm able to get my point across using PDF's and a policy campaign, but it would be nice if we could create our own interactive assessment with Q&A of our own choosing. Thanks for listening."
- N.D., IT Department: Network Administrator

NOTE: We listen. Watch for the new features that will be rolled out in 2020!
The 10 Interesting News Items This Week
    1. [Heads-up] Re-Check Your Email Attack Surface Now. (We added thousands of new breaches):
      https://info.knowbe4.com/email-exposure-check-pro-ic

    2. Survey: Ransomware Will Continue to Threaten Public Sector Organizations in 2020 - Nextgov
      https://www.nextgov.com/cybersecurity/2019/12/survey-ransomware-will-continue-threaten-public-sector-organizations-2020/161801/

    3. New Orleans hit by ransomware, city employees told to turn off computers:
      https://www.zdnet.com/article/new-orleans-hit-by-ransomware-city-employees-told-to-turn-off-computers/

    4. Lazarus Hackers Use TrickBot to Infect High-End Victims:
      https://www.bleepingcomputer.com/news/security/lazarus-hackers-use-trickbot-to-infect-high-end-victims/

    5. Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps:
      https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/

    6. In response to Google Chrome claiming it will try to alert you to phishing scams in real time:
      https://www.informationsecuritybuzz.com/expert-comments/juniper-networks-knowbe4-re-chrome-79-security-features-fixes/

    7. How Hackers Are Breaking Into Ring Cameras:
      https://www.vice.com/en_us/article/3a88k5/how-hackers-are-breaking-into-ring-cameras

    8. Fake Payroll Emails Used by Phishing Campaign to Deliver TrickBot:
      https://securityintelligence.com/news/fake-payroll-emails-used-by-phishing-campaign-to-deliver-trickbot/

    9. This new ransomware is targeting companies across Europe and the US:
      https://www.zdnet.com/article/this-new-ransomware-is-targeting-health-and-tech-companies-across-europe-and-north-america/

    10. Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand:
      https://www.bleepingcomputer.com/news/security/maze-ransomware-behind-pensacola-cyberattack-1m-ransom-demand/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2019 KnowBe4, Inc. All rights reserved.



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews