Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Campbell County Health Falls Victim To W-2 CEO Fraud

And another one.  You have to watch it, the tax scam season is back in full swing. 

Full W-2 information including SSN# for more than 1,400 employees who worked over the past year at Campbell County Health were mistakenly released sometime Wednesday to someone using CEO Fraud. 

“It appears that an unauthorized individual, impersonating a CCH executive, contacted an employee requesting W-2 information for all of our employees who had taxable earnings in calendar year 2016,” said Andy Fitzgerald, CEO of Campbell County Health.

Sedgwick County Loses $566,000 Due To CEO Fraud

WICHITA, Kansas - A Georgia man has been arrested on federal charges he carried out an e-mail spoofing scheme that cost Sedgwick County $566,000. 

George S. James, 48, Brookhaven, Ga., is charged with one count of wire fraud. An FBI agent’s affidavit shows investigators following an electronic trail that led them to James after Sedgwick reported the theft of funds that were intended to pay Cornejo & Sons, LLC, for work done on a road project.

Why You Should Be Afraid of CEO Fraud [INFOGRAPHIC]

AI-powered ransomware is coming, and it's going to be terrifying

Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map.

Investment fund loses $6 million in CEO Fraud and shuts down

CNBC reported some pretty stunning breaking news. I cannot come up with a better case for new-school security awareness training for employees in accounting and HR.

A lawsuit filed on Friday September 16, 2016 by Tillage Commodities Fund alleges that $6 billion SS&C Technologies Holdings, a financial services software firm, showed an egregious lack of diligence and care, when they fell for a CEO fraud scam that ultimately led to hackers in China looting $5.9 million. 

Seagate Sued By Own Employees For CEO Fraud Attack

Hard drive manufacturer Seagate was sued by its own employees as the result of a successful CEO fraud attack where all the personal information of 10,000 existing and former employees were stolen in an online phishing scam. Seagate lawyers defend the company claiming that the organization is not responsible for data leaks and that the attack was unexpected. Really?

Having some Phun With Phishers - CEO Fraud Blow-By-Blow

For the last 9 years I have been a board member of the public/private  Clearwater Downtown Partnership.  And as many public organizations, all the board member information is freely available through the website. 

So, some half-smart phishing scammer sent me a CEO fraud email, demanding I send money urgently to a bank account. It was clear as daylight checking the headers that it was a fraud. I decided to see how long we could keep that going, here is the whole email exchange blow-by-blow:

Cyberheist Nets 44 Million In Single CEO Fraud Attack

Earlier in August, one of the world's largest cable manufacturers Leoni AG publicly confessed that it had fallen victim to a classic CEO Fraud attack that has cost the company a whopping 44 million dollars. Following two weeks of intensive investigations, new details surfaced and the thieves turned out to have used sophisticated social engineering tactics combined with email spoofing. 

The attackers crafted emails to appear like legitimate payment requests from the head office in Germany and sent them to a subsidiary of Leoni in Bistrita, Romania. 

Scam Of The Week: FBI Warns Against Data Breach Extortion

The number of data breaches keeps going up. Last week it was more than 1,000 Wendy's where credit card records got ripped offFraudsters quickly use the news release of a high-profile data breach to kick an extortion campaign into gear.

The recent uptick in email extortion comes from the data breaches at organizations like Ashley Madison, the IRS, Anthem, and many others where millions of records with (sometimes highly) personal information was stolen.

Wow, the bad guys are moving fast with CEO Fraud!

KnowBe4 is expanding fast, we now have 120 employees and we just hired a new controller late May to help out our very busy CFO. Part of the KnowBe4 onboarding is getting through our internal training line-up and then updating your LinkedIn profile, so that happened in the last few weeks.

So guess what, Camille walks up to me and asks: "Did you need me for anything? Did you send me an email?" I'm looking at her somewhat puzzled and say: "No?" She answers: "In that case I just got spoofed".

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews