CyberheistNews Vol 9 #8 Company Sues Employee After She Falls for USD 250K CEO Fraud Scam

CyberheistNews Vol 9 #08
Company Sues Employee After She Falls for USD 250K CEO Fraud Scam

A woman is being sued for sending approx. 250K of her employer's cash to an online fraudster. Patricia Reilly, who was working for the UK Peebles Media Group fell for a CEO fraud scam where the criminals sent her emails pretending her boss Mrs. Bremner who was on vacation.

The lawsuit alleges that Mrs. Reilly ignored a warning from bankers about cyber criminals tricking employees into making payments to companies. Mrs. Reilly was giving evidence on the third day of proceedings at the highest civil court in Edinburgh after winding its way through lower courts.

Mrs. Reilly handed over a total of 193,250 pounds of the company's money to fraudsters and the issue came to light a few days later when a colleague logged onto the firm's online bank account and noticed a fraud warning.

Lawyers acting for the company accuse Mrs. Reilly of being negligent

Bankers refunded the firm 85,268.28 pounds and Peebles is suing the former employee for the remaining sum of 107,984 pounds. Mrs. Reilly was eventually dismissed from the firm for her actions. Lawyers acting for the company accuse Mrs. Reilly of being negligent.

They have described her actions as "careless and in breach of the duties - including the duty to exercise reasonable care in the course of the performance of her duties as an employee which she owed to her employer."

Peebles also claims that if Mrs. Reilly had performed her duties properly, Mrs. Bremner would not have suffered "the loss, injury and damage". The firm has claimed that she should have realized the emails were suspicious.

She did not receive any training on how to spot online fraud

However, Mrs. Reilly's legal team have said that she did not receive any training on how to spot online fraud and have called for the case to be dismissed. The hearing continues.

Wow. Another very excellent reason to step employees through new-school security awareness training.
[LAST CHANCE] Get an Insider View Into the Methods and Exploits of Kevin Mitnick, the World's Most Famous Hacker

You don’t want to miss this exclusive webinar tomorrow!

Many of the world's most reputable organizations rely on Kevin Mitnick, the world's most famous hacker and KnowBe4's Chief Hacking Officer, to uncover their most dangerous security flaws. Kevin’s experience as a security consultant and his vast knowledge of social engineering are part of what help you train your users to stay a step ahead of the bad guys. Wouldn’t it be great if you had insight into the latest threats and could find out “What Would Kevin Do?" Now you can!

Join us tomorrow for this live webinar where Kevin and Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer, will give you an inside look into Kevin’s mind. You will learn more about the world of penetration testing and social engineering with first-hand experiences and some disconcerting discoveries.

In this webinar you will:
  • See exclusive demos of the latest bad guy attack strategies
  • Find out how these vulnerabilities may affect your organization
  • Learn what you can do to stop the bad guys (What Would Kevin Do)
It's sure to be an experience you won't forget!

Date/Time: Tomorrow, February 20th @ 2:00 pm ET

Save your spot!

P.S. Attend the webinar live and you'll get a “What Would Kevin Do” desktop wallpaper!
Another One of Those Emails You Never Want to Send to Customers or Partners

Notice the interesting twist in reported bad guy behavior. They are going old school using snail mail to exploit data stolen from an online breach. I have to wonder whether the bad guys know how to format a standard business letter properly. I'm not sure even I remember how to do that.

One thing I am fairly certain about: The Postal Service does not provide real time protection against fraudulent business letters. Here is the letter:

February 14, 2019

Dear Xxxxxxxx Customer,

We recently learned that we suffered a security breach in our email system. That resulted in the theft of customer information.

The thieves are sending letters via email and the postal system under Xxxxxxxx letterhead with new remittance information directing payments to their accounts.

If you have received any recent instruction email or otherwise, regarding Xxxxxxxx remittance addresses, W9, or other identification, please notify me the Director of Finance, at my email and my cell phone xxx-xxx-xxxx.

Xxxxxxxx has not changed any remittance details in the event we do, we will send a letter, and confirm with a phone call, notifying you of the change.

We are working with a computer security firm to tighten our security protocols so this does not happen again.

Thank you for your time and consideration.


Michael Xxxxxx
Director of Finance
February Live Demo: Identify and Respond to Email Threats Faster With PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic, can present a new problem!

With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you handle the real phishing attacks and email threats —and just as importantly— effectively manage the other 90% of user-reported messages accurately and efficiently?

Now you can with PhishER, a new product that's a huge time-saver for your Incident Response team.

See how you can best manage your user-reported messages.

Join us, Thursday, February 21, 2019, at 1:00 pm (ET), for a live 30-minute demonstration of the new PhishER platform. With PhishER you can:
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • See clusters of messages to identify a potential phishing attack against your organization
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s email add-in Phish Alert Button, or forwarding to a mailbox works too!
Find out how adding PhishER to your incident response efforts can help you identify and respond to email threats faster!

Date/Time: Thursday, February 21, at 1:00pm (ET)
Cyberheist of Bank Causes Shutdown of All Operations

Reuters reported that the Bank of Valetta, which accounts for almost half of Malta’s banking transactions, had to shut down all of its operations on Wednesday after hackers broke into its systems and shifted funds overseas.

"Prime Minister Joseph Muscat told parliament the cyber attack involved the creation of false international payments totaling 13 million euros (USD 14.7 million) to banks in Britain, the United States, the Czech Republic and Hong Kong.

The funds have been traced and the Bank of Valletta is seeking to have the fraudulent transactions reversed. Muscat said the attack was detected soon after the start of business on Wednesday when discrepancies were noticed during the reconciliation of international transactions.

Shortly after, the bank was informed by state security services that it had received information from abroad that the company had been the target of a cyber attack.

To minimize risk and review its systems, the Bank of Valletta suspended operations, shuttering its branches on the Mediterranean island, closing ATMs and disabling its website.

Muscat said the fact such an important financial institute had gone off line had impacted the economy and caused problems abroad for credit card holders who needed to make payments, such as to hotels.

The bank is also carrying out an internal review to establish where exactly the attack originated from and how it was instigated. Maltese banks have in the past reported cyber attacks but this was the first time that a lender had to shut down all of its operations as a result."

Attribution is hard in these cases, because often this happens under a "False Flag", for instance Russians making it seem like it's the North Koreans, but this pattern looks like it could be North Korean hackers, living off the land desperate for hard cash.

Generally, this type of hack starts with a successful spear phishing attack that opens up the victim's network to the bad guys who then move laterally and compromise critical systems. Full Story at Reuters. Links here:
IT Pros Are Loving This Tool: Mailserver Security Assessment [It's Free]

With email still the #1 attack vector, do you know if hackers can get through your mail filters? Spoofed domains, malicious attachments and executables to name a few...

A recent Cyren Email Security Gap Analysis discovered an astounding average miss rate of 10.5% in which enterprise email security systems missed spam, phishing and malware attachments.

KnowBe4’s Mailserver Security Assessment (MSA) tests your mailserver configuration by sending 40 different types of email message tests that check the effectiveness of your mail filtering rules.

Here's how it works:
  • 100% non-malicious packages sent
  • Select from 40 automated email message types to test against
  • Saves you time! No more manual testing of individual email messages with MSA's automated send, test, and result status
  • Validate that your current filtering rules work as expected
  • Results in an hour or less!
Find out now if your mailserver is configured correctly, many are not!

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

Quotes of the Week
"Go confidently in the direction of your dreams. Live the life you have imagined."
- Henry David Thoreau, Author (1817 - 1862)

"I couldn't find the sports car of my dreams, so I built it myself." - Ferdinand Porsche (1875 - 1951)

Thanks for reading CyberheistNews
Security News
Going to RSA in San Francisco This Year? Get your Free Book Signed by Kevin Mitnick at KnowBe4’s Booth# 4624 North

Check out all the activities KnowBe4 will be doing at RSA:

Get Your Free Book Signed by Kevin Mitnick: Drop by KnowBe4’s Booth #4624 North Hall, for the Kevin Mitnick Book Signing! Meet the ‘World’s Most Famous Hacker' and get a signed copy of his latest book.
When: Tuesday, March 5, at 4-6 PM

Enter to Win a $500 Gift Card: Join us to see a demo of the innovative KnowBe4 Security Awareness Training Platform to train and phish your users to be entered for a chance to win a $500 Amazon Gift Card. You’ll also get your light-up "Axe To Grind With Ransomware” swag!

Reserve a Seat: Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, during the session “12 Ways to Hack 2FA”, on Friday, March 8th, at 9:50 am. You'll learn about the good and bad of 2FA, and become a better computer security defender in the process:
Iran Indictments Show Even U.S. Intelligence Officials Are Vulnerable to Basic Phishing Schemes

The US Justice Department’s indictment against four Iranian hackers and former US Air Force counterintelligence specialist Monica Witt shows that even trained intelligence officers are vulnerable to social engineering schemes, according to Joseph Marks at the Washington Post.

Witt gave Iranian officials information about a highly classified US intelligence program, including personal information on her former colleagues who were working on the program.

Iranian hackers then used this information to create fake online profiles to target these intelligence officials. Using these profiles, the hackers connected with at least four US intel agents on Facebook and targeted them with social engineering tactics before sending them malware-laden emails.

Jeff Bardin, a former Air Force cryptologic linguist who’s now chief intelligence officer at Treadstone 71, told Marks that Iranian hackers are particularly good at manipulating humans.

“Spearphishing and social engineering are their core competencies,” says Bardin. “They just continue to improve at it. If people would learn to stop clicking on [suspicious] links, it would make it a lot more difficult for them.”

In this case, some of the phishing attempts should have been obvious. For example, one message directs a target to deactivate their antivirus software before opening a file. While the indictment doesn’t reveal if the agents fell for this attempt, Bardin says this tactic is surprisingly effective, which is why even nation-state hackers still use it.

“Phishing is something they use over and over again and we just can’t get people to quit clicking on links,” Bardin said. Employees in all roles and at every level of an organization are vulnerable to phishing and other social engineering attacks. The Washington Post has the story:
Espionage Services Use Stolen Credentials

Researchers at Recorded Future and Rapid7 tracked a sophisticated cyberespionage campaign that targeted three major international companies using stolen credentials for legitimate remote-access software. The researchers believe the campaign was run by APT10, which they say is “the most significant Chinese state-sponsored cyber threat to global corporations known to date.”

The hackers gained access to all three companies using credentials that are suspected to have been stolen from third-party supply chain companies. One of the three targeted companies, a Norwegian IT and cloud managed services provider, is believed to have been targeted for the purposes of compromising its customers.

The report highlights the risks faced by managed service providers and third-party supply chain companies. Subcontractors and service providers may assume they’re not important enough to be targeted by cyberattacks. In reality, these companies are prime targets for cyberespionage. Attackers take advantage of poorly-secured networks and poorly-trained employees at supply chain companies, then use this access to hack more valuable targets.

New-school security awareness training can give your employees the ability to deflect these attacks. Recorded Future has the story:
Phishing for Bank Secrecy Act Officers

A spearphishing campaign has been targeting Bank Secrecy Act (BSA) officers at a number of credit unions, according to Brian Krebs. The emails purport to come from other BSA officers, and contain PDFs that link to a malware-laden website.

Each email has addressed its recipient by name, and said that the sender had identified a suspicious transaction, with details provided in the attached PDF.

The fact that the emails were only sent to BSA officers is noteworthy, since the identities of these officers aren’t supposed to be publicly known. Krebs says that many credit union sources suspect the data may have been obtained from the National Credit Union Administration (NCUA), which keeps a registry of credit union BSA officers.

The NCUA released a statement saying that it had conducted a security review and didn’t find any evidence of a data breach. Additionally, after Krebs’ original article was published, multiple sources confirmed that the emails were also “sent to BSA contacts at financial institutions other than credit unions, suggesting perhaps another, more inclusive, entity that deals with financial institutions may have leaked the BSA contact data.”

It’s still not clear how the attackers got their hands on the information. The US Secret Service in January sent an alert to financial institutions warning of a spike in successful, large-scale phishing campaigns. These campaigns are expected to increase as the US tax season approaches.

Employees need to know that attackers often use information from undiscovered data breaches to trick their victims. New-school security awareness training can teach your employees to be on the lookout for spear-phishing tactics. KrebsOnSecurity has the story:
Bogus Security Alerts Aren’t From Norton

Con artists are targeting thousands of people with tech support scams that pose as security alerts from Norton Security, researchers at Symantec have found. The phony alerts pop up in the browser and urge the victim to run a quick scan of their computer. If the user clicks “OK,” they’ll see a very realistic-looking fake Norton scan running, which tells them their computer is infected.

They’ll then be prompted to download an “update” for their antivirus software, which is actually a potentially unwanted application (PUA).

The scammers use HTML and JavaScript to create a very convincing illusion that a Norton scan is taking place. The source code contains several invisible HTML div elements which are progressively made visible by JavaScript code.

The scammers use JavaScript’s setTimeout() function to time the appearance of the HTML elements, which contain images of a real Norton scan. The victims believe they’re seeing Norton windows popping up on their computer. In reality, it’s all happening within the browser.

While tracking this scam, the Symantec researchers discovered an unsecured attacker dashboard, which revealed that the scammers had compromised tens of thousands of victims. The dashboard shows that the attackers are paid by the volume of successful PUA installations, and this particular scam netted them at least $25,000.

The researchers emphasize that there are several red flags here that could have alerted educated users to the scam. First, files on your hard drive can’t be scanned by a website in a browser. Second, Norton scans and updates are handled through the product’s GUI, while the initial alert in this case was obviously browser-based. Additionally, the scam contained several hardcoded elements that wouldn’t have applied to every user, such as “30 days of subscription remaining.”

New-school security awareness training can teach your employees to look for suspicious activity and details that are out of place or unexpected. More:
Get the Unique "2019 Security Threats and Trends" Survey Results *First*

Once a year, KnowBe4 runs its Security Threats and Trends Survey. We’re polling IT and Security executives, administrators and professionals like yourself on what technology and business issues you consider your organization's biggest security threats and challenges over the next 12 months.

It will take you 5 minutes tops. As a reward, you get the results first, and will allow you to compare yourself with your peers. It's multiple choice with one essay question. ALL responses are confidential.

Anyone who completes the survey and includes their Email address in the Essay question along with a comment gets a complimentary copy of the Executive Summary and the accompanying PowerPoint presentation of the survey results. The person who provides us with the best Essay comment will win a USD 100 Amazon gift card.

Here's the link to the new 2019 survey:
What KnowBe4 Customers Say

"Very happy with the initial outcome, employees are commenting on how useful the training has been, something that at first was not met with a lot of enthusiasm.

Also, Will has been amazing helping me out. Being a small organization our IT is outsourced and I have a couple of hats to juggle, but with his help, it was no problem at all. Look forward to seeing the improvement over the next couple of months." - M.F, Asset Manager

P.S. If you want to see KnowBe4 compared to other products in an objective, legit platform that makes sure the reviews are fully vetted, check the Gartner Peer Insights site, where KnowBe4 is a 2019 Customer's Choice:
The 10 Interesting News Items This Week
    1. Researchers use the Intel SGX feature to put malware beyond the reach of antivirus software:

    2. Growing Cyber Threats Lead Businesses Like Google to Ready for Cyber Warfare:

    3. Venezuela’s Government Appears To be Trying to Hack Activists With Phishing Pages:

    4. The AI Text Generator That's Too Dangerous To Make Public:

    5. High Stress Levels Impacting CISOs Physically, Mentally:

    6. New Phishing Attack That Even Most Vigilant Users Could Fall For:

    7. Was Jeff Bezos the weak link in cyber-security? Interesting/Fun Article at the BBC:

    8. Google's head of internet security says businesses should ignore cyber scare tactics and learn from history:

    9. Cyber criminals increasingly used 'formjacking' to carry out attacks in 2018:

    10. Devastating Cyberattack on Email Provider Destroys 18 Years of Data:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
    • Helping Save Lives by Reducing Repetitive Heat Stress. Are you or your employees working in very high heat? The PolarBreeze is a new device that cools you down f a s t:

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2019 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Nuclear Ransomware Webinar

Get the latest about social engineering

Subscribe to CyberheistNews