Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

AI-powered ransomware is coming, and it's going to be terrifying

Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map.

Investment fund loses $6 million in CEO Fraud and shuts down

CNBC reported some pretty stunning breaking news. I cannot come up with a better case for new-school security awareness training for employees in accounting and HR.

A lawsuit filed on Friday September 16, 2016 by Tillage Commodities Fund alleges that $6 billion SS&C Technologies Holdings, a financial services software firm, showed an egregious lack of diligence and care, when they fell for an email scam that ultimately led to hackers in China looting $5.9 million. 

Seagate Sued By Own Employees For CEO Fraud Attack

Hard drive manufacturer Seagate was sued by its own employees as the result of a successful CEO fraud attack where all the personal information of 10,000 existing and former employees were stolen in an online phishing scam. Seagate lawyers defend the company claiming that the organization is not responsible for data leaks and that the attack was unexpected. Really?

Having some Phun With Phishers - CEO Fraud Blow-By-Blow

For the last 9 years I have been a board member of the public/private  Clearwater Downtown Partnership.  And as many public organizations, all the board member information is freely available through the website. 

So, some half-smart phishing scammer sent me a CEO fraud email, demanding I send money urgently to a bank account. It was clear as daylight checking the headers that it was a fraud. I decided to see how long we could keep that going, here is the whole email exchange blow-by-blow:

Cyberheist Nets 44 Million In Single CEO Fraud Attack

Earlier in August, one of the world's largest cable manufacturers Leoni AG publicly confessed that it had fallen victim to a classic CEO Fraud attack that has cost the company a whopping 44 million dollars. Following two weeks of intensive investigations, new details surfaced and the thieves turned out to have used sophisticated social engineering tactics combined with email spoofing. 

The attackers crafted emails to appear like legitimate payment requests from the head office in Germany and sent them to a subsidiary of Leoni in Bistrita, Romania. 

Wow, the bad guys are moving fast with CEO Fraud!

KnowBe4 is expanding fast, we now have 120 employees and we just hired a new controller late May to help out our very busy CFO. Part of the KnowBe4 onboarding is getting through our internal training line-up and then updating your LinkedIn profile, so that happened in the last few weeks.

So guess what, Camille walks up to me and asks: "Did you need me for anything? Did you send me an email?" I'm looking at her somewhat puzzled and say: "No?" She answers: "In that case I just got spoofed".

Top website domains are vulnerable to email spoofing

Don’t be surprised if you see spam coming from the top websites in the world. Lax security standards are allowing anyone to "spoof" emails from some of the most-visited domains, according to new research.

CEO And CFO Fired After Aerospace Company Grounded By CEO Fraud

Here is a great way for C-level execs to lose their job: allow your company to become the victim of CEO Fraud. 

That happened to the CEO and CFO of FACC, part of both Airbus' and Boeings' supply chain. They disclosed on their blog in January that they had been attacked by internet criminals who stole approximately 50 million Euros, posing as CEO Walter Stephan.

A spoofed email, claiming to come from Stephan, requested an employee in accounting to transfer large amounts of money to a foreign account for a fake acquisition, which is a standard ruse the bad guys use.

What does a "Human Firewall" look like, anyway?

By Eric Howes, KnowBe4's Principal Lab Researcher

So you've subscribed to Security Awareness Training that includes training modules as well as simulated phishing campaigns for your organization. You may have gotten to the point where you're rolling out the training modules to your employees and setting up your very first phishing campaign to establish a baseline Phish Prone Percentage. But you're now wondering: what can your organization expect? Does this stuff really work? Are you going to see any kind of actual payoff from this training?

The answer is: yes, absolutely. There is a very real payoff, and your organization will benefit from the training modules and simulated phish campaigns almost immediately. One of our customers saw a just such a payoff from their training and phishing campaigns this past week when one of their employees got hit with a CEO Fraud phishing email.

Ransomware and CEO Fraud Dominate 2016

An interesting Q1-16 threat report from the folks at Proofpoint. Every day, they analyze more than 1 billion email messages, hundreds of millions of social media posts, and more than 150 million malware samples. Banking Trojans and ransomware dominated the malware landscape while CEO Fraud gained speed. Their numbers make a clear case to allocate budget for new-school security awareness training.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews