KnowBe4 says “watch out” for cybercriminals looking to make some extra cash during scam season – it’s a social engineering bonanza with threats on multiple fronts.
Tampa Bay, FL (Dec 3, 2014) — KnowBe4 issued an alert today warning of a recent spate of high profile social engineering attempts targeted at prominent businesses. One such attack includes high profile financial advisors, officers and deal makers, thought to be an attempt to gain a Wall Street edge. The FBI also alerted private sector companies that targeting of their networks is a significant threat as reported by Reuters late Monday. Not to be left out, small businesses and consumers are being targeted with fake IRS agents looking for a little extra dough for the holidays, along with an uptick in phishing emails posing as Costco, Home Depot and a variety of shipping sources.
Stu Sjouwerman, KnowBe4 CEO said, “Hackers will use as many avenues to break in as they can dream up, but social engineering is one of the favored. We are hitting the season when online shipping is at a peak and employees become much more complacent. It is important to keep users alert and aware of how much a target they are, especially during scam season.” Furthermore, Sjouwerman warns, “I cannot think of a more urgent reason to step all employees through effective security awareness training to keep them on their toes, with security top of mind.”
Similar to a magazine’s editorial calendar, hackers have a “scam calendar” that focuses on events and opportunities to take maximum advantage of unsuspecting users or lax employees. These malware campaigns don’t discriminate between home or office and use social engineering to trick users. Millions of such phishing emails are sent each day and just one user in a hurry clicking on something might take down a system or a company.
Sjouwerman offers this advice:
“1) Be on the lookout for “Shipping Problem” emails from from FedEx, UPS or the U.S. Mail, where the email claims they tried to deliver a package from a specific company (for instance, Apple), but could not deliver due to an incomplete address. ‘Please click on the link to correct the address and you will get your package.’ If you do, your computer is likely to get infected with malware. Warn everyone in the family, especially teenagers.
2) Watch out for alerts via text to your smartphone that ‘confirms delivery’ from FedEx, UPS or the U.S. Mail and then asks you for some personal information. Don’t enter anything. Think before you click!
3) Reiterating a warning KnowBe4 sent out a few weeks ago, there is a fake refund scam going on that could come from a big retailer. It claims there was a ‘wrong transaction’ and wants you to ‘click for refund’ but instead, your device may be infected with ransomware.”
If not a customer, KnowBe4 will allow IT managers to create a free account and send a simulated phishing test to 100 users to see what the Phish-prone percentage of your organization is.
For more information visit: www.KnowBe4.com
Additional links:
Reuters story: http://www.reuters.com/
Social engineering: http://www.knowbe4.com/what-
Security Awareness Training: http://www.knowbe4.com/
Ransomware: http://blog.knowbe4.com/bid/
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly regulated fields such as health care, finance and insurance and is experiencing explosive growth, with a surge of 427 percent in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.
About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker and has authored three books, including The New York Times bestseller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.