Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Criminal India Call Center Uses Social Engineering To Scam 15,000 Americans

I got alerted by a Slashdot story about we have been covering here several times. 

An FBI agent based in India says the country has now become a major hub for call-center fraud, blaming "a demographic bulge of computer-savvy, young, English-speaking job seekers; a vast call-center culture; super-efficient technology; and what can only be described as ingenuity."

Expect Malicious Machine Learning In 2017, making social engineering more effective

Intel Security's McAfee Threat Predictions for 2017 (PDF) observes that advances in technology are essentially neutral and that developments like machine learning should be welcomed, but they will also become available to cybercriminals. Machine learning in particular is something that can be misused.

Intel Security's Eric Peterson cites CEO Fraud (The FBI calls it Business Email Compromise) – where individuals in companies are targeted through social engineering, and manipulated to fraudulently transfer money to criminal-controlled bank accounts.

Russian Breach US Grid? Nah, Someone Fell For Social Engineering And Enabled Macros

Breathlessly, the Washington Post reports that the Russian Grizzly Steppe malware was found within the system of a Vermont power utility. 

Nah, they just dodged a bullet. This time someone fell for a social engineering ruse, opened an email, next opened the attachment and then enabled macros on a laptop that was not connected to the grid. It's a bad security awareness fail, but no real damage done. Yet. Because that's similar how Natanz was penetrated by Stuxnet.

Disk-Killer Malware Adds Ransomware Feature And Charges $200,000+ 

Talk about adding insult to injury with this new KillDisk version. Here is how social engineering can cost you dearly. 

The Sandworm cybercrime gang has upped its game. They were initially named after the Sandworm malware which targeted and sabotaged Industrial Control Systems  and Supervisory Control And Data Acquisition (SCADA) industrial devices in America during 2014,

The Sandworm gang later evolved into the TeleBots gang, which developed the TeleBots backdoor trojan, and the KillDisk disk-wiping malware.

Scam Of The Week: George Michael Dies At 53. Watch out for phishing attacks

Today, news broke that George Michael was found dead on Sunday at his home in Goring in Oxfordshire, England. He was 53.  A police statement said: “Thames Valley Police were called to a property in Goring-on-Thames shortly before 2 p.m. Christmas Day. Sadly, a 53-year-old man was confirmed deceased at the scene. At this stage the death is being treated as unexplained but not suspicious.”

Mr. Michael’s manager, Michael Lippman, told The Hollywood Reporter that Mr. Michael had died of heart failure “in bed, lying peacefully.”

This is a celebrity death similar to Prince that the bad guys are going to exploit in a variety of ways. You have to warn your users right away that a series of scams are underway using the George Michael death as social engineering trick. Earlier celebrity death scams show there will be a high click rate on scams that claim to show Michael's last words on video.

Scam Of The Week - Fake News: a Content-based Social Engineering Attack

Facebook, Google, and Twitter have recently been facing scrutiny for promoting fake news stories.  Depending on your sources and who you believe, fake news played and is still playing a role in the 2016 presidential election.

10 Ways To Avoid Holiday Scams

With the biggest cybercriminal hacking holidays of the year upon us, it's time for a reminder of red flags to pay attention to when shopping either online or in brick-and-mortar stores. 

This social engineering attack starts with a fake customer-service call

Michael Kan at CSO reported on a TrustWave blog post with some troublesome news:  "Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments.

The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as $1 billion from various banks."

The New Posterboy of CyberInsecurity: John Podesta Fell For Social Engineering Attack

Motherboard has a great article explaining just how Podesta, Chairman of the 2016 Hillary Clinton presidential campaign got  hacked.  (Podesta previously served as Chief of Staff to President Bill Clinton and Counselor to President Barack Obama). The man fell for social engineering: a Google credentials phish -- one of the most common phishes that we see in the Phish Alert Button emails that customers send us. That article includes some great screenshots of emails used to hack several other public figures.

AI-powered ransomware is coming, and it's going to be terrifying

Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews