Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Bad News: Your Antivirus Detection Rates Have Dramatically Declined In 12 Months

We all had the nagging suspicion that antivirus is not cutting it anymore, but the following numbers confirm your intuition. I have not seen more powerful ammo for IT security budget to transform your employees into an effective "last line of defense": a human firewall.

AI-powered ransomware is coming, and it's going to be terrifying

Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map.

Scam Of The Week: Illegal Game of Thrones Download

Illegally downloading television shows and movies from a variety of torrent websites is done all the time. The HBO series, "Game of Thrones" is the #1 downloaded, not surprisingly.

This Scam Of The Week warns against phishing emails that look like a notice from IP-Echelon, which is the company that enforces copyright claims to ISPs for companies such as HBO.

The twist in this case is that the attack is forwarded to them directly from their own current Internet Service Provider.

Wow, the bad guys are moving fast with CEO Fraud!

KnowBe4 is expanding fast, we now have 120 employees and we just hired a new controller late May to help out our very busy CFO. Part of the KnowBe4 onboarding is getting through our internal training line-up and then updating your LinkedIn profile, so that happened in the last few weeks.

So guess what, Camille walks up to me and asks: "Did you need me for anything? Did you send me an email?" I'm looking at her somewhat puzzled and say: "No?" She answers: "In that case I just got spoofed".

[INFOGRAPHIC] Don't Be The Victim Of A Cyberheist

We have created a new infographic for your users, as part of your ongoing security awareness program. It's a few good reminders how to stay safe online, and to keep their awareness levels at the appropriate level... HIGH! 

American Chamber Of Commerce Scam Is Spear-phishing Prep

You may be aware of Steven Weisman, Esq. He writes a great daily blog called Scamicide, and is a is a nationally recognized identity theft expert, experienced university lecturer, proven lawyer specializing in elder law, and a seasoned author of nine books pertaining to identity theft, scams and financial planning.  

Half Of Your Users Are Now Spear Phishing Targets

In a presentation at the Intelligence & National Security Summit, Bill Evanina, Director of the National Counterintelligence and Security Center (NCSC) announced "There have been just over 500 breaches so far this year, some of which made the news, and 47 percent of adult Americans have been the victim of a breach in the last three years."

US Counter-Intel Czar Warns Hack Victims Against Spear Phishing

WASHINGTON–In a presentation at the Intelligence & National Security Summit, the director of the National Counterintelligence and Security Center (NCSC) announced a "new counterintelligence campaign" focused on reducing the potential security damage done by the Office of Personnel Management data breaches.

Called Know the Risk, Raise Your Shield, the campaign's opening salvo is a pair of spear-phishing awareness videos, urging people not to click on those links.

"There have been just over 500 breaches so far this year, some of which made the news," said NCSC Director Bill Evanina. "And 47 percent of adult Americans have been the victim of a breach in the last three years. That data is an opportunity for criminals, but it's also allowed foreign intelligence to collect information about government employees, contractors, and their families."

The Office of Personnel Management breach alone, he said, had exposed at last measure the data of over 22 million people, including some who had merely applied for government employment or contract work in the last 10 years. "That puts them in a vulnerability bracket they've never been in before," Evanina said.

As part of a response to the breach, in addition to the credit protection and other measures being offered to victims by the OPM, the NCSC is trying to prevent even further breaches that use information gleaned from OPM background investigation records and other data.

Pentagon Top Brass Spear-phished

The Pentagon divulged that its computer networks were penetrated by suspected Russian hackers using spear-phishing.

The hackers got into their unclassified email network used by the Joint Chiefs of Staff office with around 4,000 military and civilian employees. The Pentagon shut down the computer network once the attack was detected to stop additional data leaking out.

The Incident Response team suggested a state-sponsored hacking group, likely Russian, is responsible for the attack because of the level of sophistication. This recent email hack is very similar to the successful hack of the unclassified email system at the White House and State Department last year.

The attack against the network began around July 25 against the Joint Staff, which includes the chairman of the Joint Chiefs of Staff, Gen. Martin Dempsey, and other senior officers. It prompted the Pentagon to shut down the server for the Joint Staff’s roughly 4,200 unclassified email accounts.

The hackers came in through a spear-phishing attack, in which the attacker crafts an email designed to trick the receiver to open an attachment with a malware payload. Even if it is an unclassified network, especially at the most senior levels of the Pentagon, emails can be extremely sensitive and offer details into planning, schedules or personnel.

"If you are able to get all that information from three or four individuals’ emails or communication, you have an entire picture of what’s been worked on the classified side,” said Andre McGregor, a former cyber special agent at the Federal Bureau of Investigation who is now director of security at Tanium, a cybersecurity firm.

Woman conned out of £50,000 in shrewd spearphishing scam

In a variation of the "CEO Fraud", spearphishing is getting more up close and personal. Read this story and apply the lesson learned in your own life before you lose your life savings.

Vivian Gabb, 59, of London, was in the middle of buying a house. Her email account had been hacked and was monitored considerable time before the scam.

The criminals learned of the closing details by intercepting an email from her lawyer. They then spoofed an email from her attorney, and sent her instructions to wire the money to their own account instead of the lawyer's bank and immediately emptied the account the moment the money arrived. 

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews