This is a security awareness focused newsletter that I share internally. Feel free to grab and use for your own internal security awareness program. Created with help from ChatGPT.

Personal Information Compromised in Grubhub Data Breach 

A recent data breach at Grubhub has compromised personal information of millions of users. The breach exposed sensitive details such as names, email addresses, and passwords, leading to potential risks of identity theft and fraud. Customers are urged to change their passwords and monitor their accounts for any unusual activity. This incident highlights the importance of securing user data and staying vigilant after a breach. 

Key Insights: 

• Grubhub's recent data breach exposed sensitive personal information, including names and email addresses. 

• Customers should change passwords and monitor accounts for suspicious activity to protect against identity theft. 

• This breach underscores the need for stronger data protection measures and proactive security practices in handling consumer information. 

Further Reading: SecurityWeek 

Beware of Lazarus LinkedIn Recruiting Scam 

A new LinkedIn recruiting scam linked to the Lazarus Group is targeting professionals with fake job offers. The scam lures victims into sharing personal information or downloading malicious files, ultimately leading to data theft or malware infections. As the threat actor behind this campaign is known for cyber espionage and financial theft, users must remain cautious when interacting with unsolicited job offers on LinkedIn. 

Key Insights: 

• The Lazarus Group is behind a LinkedIn recruiting scam aimed at stealing personal information and spreading malware. 

• The scam involves fake job offers that seem legitimate, tricking victims into revealing sensitive details. 

• Users should verify job offers before engaging and avoid downloading files or clicking links from unknown sources. 

Further Reading: GBHackers 

Love Gone Phishy: Check Point Research Exposes Valentine’s Day Cyber Threats 

Check Point Research has uncovered a rise in phishing campaigns during the Valentine's season, targeting users with fake promotions, gifts, and love-related messages. These attacks are exploiting the festive period to lure victims into clicking malicious links or sharing sensitive information. This underscores the importance of maintaining cybersecurity practices during high-traffic times like holidays. 

Key Insights: 

• Phishing campaigns around Valentine's Day are using romantic themes to deceive users into revealing personal information. 

• These threats often involve fake websites or links promising deals and gifts, leading to credential theft or malware infection. 

• Consumers should be cautious when clicking on unsolicited links, especially during holiday seasons, and verify offers from trusted sources. 

Further Reading: Check Point Blog 

Fake Etsy Invoice Scam Tricks Sellers into Sharing Credit Card Information 

A new scam targeting Etsy sellers involves fake invoices that appear to come from Etsy's support team. These fraudulent invoices contain links that lead to a phishing page, designed to steal credit card information. Sellers are urged to carefully examine the sender’s email address and to avoid clicking links in suspicious emails. Etsy never requires credit card information for verification purposes, and any such request should be treated as a red flag. 

Key Insights: 

• The scam begins with a fake invoice sent via email, often with a PDF attachment that appears legitimate. 

• Fraudulent websites closely mimic Etsy’s design but ask for sensitive data, including credit card information. 

• Sellers should avoid clicking on email links and should visit Etsy’s official site directly to verify any account requests. 

Further Reading: Malwarebytes 

Using Genuine Business Domains and Legitimate Services to Harvest Credentials 

Cybercriminals are increasingly using legitimate business domains and services to conduct credential harvesting attacks. By spoofing well-known companies and mimicking their email communications, attackers deceive users into providing their login information. These tactics often involve using business-looking email addresses and phishing links that lead to fake login pages. This trend underscores the need for businesses and consumers to be cautious when interacting with unsolicited messages. 

Key Insights: 

• Phishing attacks are increasingly using trusted business domains and services to trick users into disclosing credentials. 

• Attackers mimic legitimate emails to create fake login pages that steal sensitive information. 

• Users should be cautious of unsolicited messages and verify the authenticity of any login requests by visiting official websites directly. 

Further Reading: KnowBe4 Blog 

Phishing for Love: A Sharp Surge in Valentine’s Day-Themed Scams 

As Valentine's Day approaches, scammers are leveraging love-themed phishing attacks to deceive users into clicking malicious links or revealing personal information. These scams often appear as romantic gift offers, fake delivery notices, or enticing deals, tricking individuals into providing sensitive data or making fraudulent payments. This surge in phishing tactics highlights the need for extra caution during the holiday season. 

Key Insights: 

• Valentine’s Day scams are using themed messages to entice victims into sharing personal information or clicking on malicious links. 

• These scams often come in the form of fake gift offers, e-cards, and package delivery notifications. 

• Users should avoid clicking on unsolicited links and verify offers before engaging with any communications. 

Further Reading: KnowBe4 Blog 

Tips for Detecting Real-time Deepfakes: A Guide to Staying One Step Ahead 

As deepfake technology becomes more sophisticated, it’s increasingly important to know how to identify fake videos and images in real-time. These manipulated media files are often used for scams, misinformation, or even social engineering attacks. The blog offers practical tips for detecting deepfakes, such as examining inconsistencies in video and audio quality, checking metadata, and verifying the source of the content. With deepfakes becoming more prevalent, staying informed about these techniques can help protect against digital manipulation. 

Key Insights: 

• Real-time detection of deepfakes is critical as they are being used in a variety of attacks. 

• Signs to look for include mismatched lighting, unnatural facial movements, and inconsistencies in audio. 

• Verifying sources and cross-checking information are essential steps in detecting fake content. 

Further Reading: KnowBe4 Blog 

Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts 

A new spear-phishing campaign linked to Russian threat actors is targeting Microsoft 365 users. The attackers use highly customized phishing emails that appear legitimate, aiming to steal login credentials and gain unauthorized access to sensitive information. With Microsoft 365 being a prime target, organizations should enhance their security by training users to recognize phishing attempts and implementing advanced security measures, including multi-factor authentication. 

Key Insights: 

• Russian threat actors are targeting Microsoft 365 accounts using personalized spear-phishing emails. 

• These attacks aim to steal credentials, putting sensitive data at risk. 

• Organizations should deploy multi-factor authentication and conduct regular security awareness training to protect against these threats. 

Further Reading: KnowBe4 Blog 

New Facebook Copyright Infringement Phishing Campaign 

A new phishing campaign has been detected targeting Facebook users with fake copyright infringement notices. The attackers use deceptive emails that appear to come from Facebook, claiming that users have violated copyright laws. The emails contain links to fake Facebook pages that prompt users to enter personal information, including passwords. This campaign highlights the ongoing threat of phishing attacks that impersonate trusted platforms like Facebook. 

Key Insights: 

• The phishing emails mimic Facebook's notifications about copyright violations to trick users into sharing sensitive data. 

• Victims are directed to fake pages designed to capture their credentials. 

• Users should be cautious about unsolicited emails and verify the authenticity of any official communications by visiting Facebook directly. 

Further Reading: Check Point Blog 

Phishing Kit Abuses Open Graph to Target Social Media Users 

A new phishing kit takes advantage of the Open Graph protocol, which is commonly used to display rich media on social media platforms, to deceive users. The kit allows attackers to embed phishing links into seemingly harmless social media posts, making it more difficult for users to identify fraudulent content. By manipulating Open Graph data, the scam appears legitimate, drawing users into phishing sites that steal personal information. 

Key Insights: 

• The phishing kit abuses Open Graph to embed malicious links in social media posts, creating fake but convincing content. 

• This tactic makes it harder for users to detect phishing attempts on social media. 

• Users should be cautious about clicking links in social media posts, especially if they appear unfamiliar or too good to be true. 

Further Reading: KnowBe4 Blog 

Phishing Campaign Disguises as ChatGPT Subscription 

A new phishing campaign is using ChatGPT subscriptions as a cover to steal user credentials. The attackers send emails offering a fake ChatGPT subscription, prompting users to enter their personal and payment information. This method exploits the popularity of ChatGPT and preys on users' trust. Security measures, such as verifying subscription details and avoiding unsolicited emails, can help prevent falling victim to this scam. 

Key Insights: 

• Attackers are using fake ChatGPT subscription offers to steal personal and financial information. 

• The phishing emails mimic legitimate communications, making them harder to detect. 

• Users should verify subscription offers directly on trusted platforms and avoid clicking on links in unsolicited emails. 

Further Reading: Broadcom 

DeepSeek Lure Used to Spread Malware 

A new DeepSeek campaign uses CAPTCHA-like pages to distribute malware. Attackers use fake CAPTCHA challenges to lure users into executing malicious code, evading detection by appearing harmless. The campaign primarily targets users who are tricked into downloading and running the malware. This attack illustrates how cybercriminals are exploiting popular web features to deliver malicious payloads. 

Key Insights: 

• The malware is delivered through fake CAPTCHA-like pages, making it seem legitimate. 

• Attackers use this method to bypass security filters and trick users into downloading harmful software. 

• Regular security updates and cautious behavior when interacting with unfamiliar websites can help mitigate such threats. 

Further Reading: Zscaler Blog 

Chinese Hackers Target Hospitals by Spoofing Medical Software 

A new phishing campaign has been discovered where Chinese hackers are targeting hospitals by spoofing medical software, including fake updates for health-related applications. The hackers use these fake updates to deliver malware, gaining access to sensitive healthcare data. Hospitals and healthcare organizations are urged to be cautious of unsolicited software updates and to ensure they are obtaining updates from official sources. 

Key Insights: 

• Attackers are spoofing medical software updates to distribute malware in healthcare organizations. 

• The campaign targets sensitive healthcare data, with phishing emails disguised as software updates. 

• Healthcare organizations should verify software updates and ensure they come from trusted sources. 

Further Reading: KnowBe4 Blog 

Scanning for Trouble: Behind the Scenes of Our QR Code Phishing Demo 

The KnowBe4 team explores the mechanics of QR code phishing in their latest demo, showcasing how attackers are using QR codes to direct victims to phishing sites. The demo reveals the ease with which malicious actors can create seemingly harmless QR codes that lead to fraudulent sites, designed to steal personal information. By understanding the techniques used in these phishing campaigns, organizations can better educate employees and defend against such attacks. 

Key Insights: 

• QR code phishing is becoming more common, with attackers using them to bypass traditional email filtering techniques. 

• Malicious QR codes often lead victims to fake login pages where sensitive data is harvested. 

• Organizations should educate employees on the risks of scanning unsolicited QR codes and implement strong security measures. 

Further Reading: KnowBe4 Blog 

How Phished Data Turns into Apple & Google Wallets 

Phishing campaigns are evolving, with cybercriminals now using phished data to load stolen payment card information directly into Apple and Google Wallets. These scams often involve SMS messages impersonating services like the USPS or toll operators, tricking users into entering payment details. Once victims provide their information and verification codes, their data is linked to mobile wallets controlled by attackers. This advancement in carding techniques highlights the growing risks of mobile payment systems and the need for heightened security measures. 

Key Insights: 

• Cybercriminals use phishing to steal payment information, converting it into mobile wallets for fraud. 

• These phishing schemes often involve spoofed messages and real-time interaction with human operators. 

• Attackers can use "ghost tap" technology to make fraudulent purchases from a distance using NFC technology. 

Further Reading: Krebs on Security 

This is a newsletter I share internally as part of our internal security awareness program. Feel free to take and use in your organization. Created with help from ChatGPT

Fake Job Applications Deliver Dangerous Malware 

Summary: A spear-phishing campaign has been targeting HR professionals with malicious job applications. Attackers use fake resumes containing More_eggs malware, a backdoor designed to steal credentials. This malware, part of a Malware-as-a-Service (MaaS) platform operated by the Golden Chickens group, can be used by multiple threat actors. The attack chain involves malicious Windows shortcut (LNK) files that initiate the infection upon execution, allowing attackers to perform reconnaissance and drop additional payloads. 

Key Insight: Be cautious when handling job applications, especially those involving downloadable files from unknown sources. 

For further details, read the full article on The Hacker News. 

Data Privacy Risks in Connected Cars 

Modern connected vehicles collect vast amounts of data, including driving habits, location, and even biometric information like voice commands. A recent analysis by CHOICE reveals that many popular car brands share this data with third-party companies, raising privacy concerns. Brands like Kia, Hyundai, and Tesla collect and share voice and video data, while others gather driving behaviors. This highlights the importance of understanding your car’s data collection practices and opting out where possible. 

Further reading: CHOICE - Connected Cars Tracking Your Data. 

North Korean Hackers Targeting Job Seekers 

A new campaign by North Korean hackers is targeting job seekers, particularly in the tech industry, according to a recent report. Hackers impersonate recruiters on platforms like LinkedIn, luring individuals into downloading malware disguised as video conferencing tools. The malware is designed to steal cryptocurrency and sensitive corporate data, posing risks to both individuals and organizations. Job seekers should remain cautious when interacting with unsolicited offers and recruiters. 

Further reading: KnowBe4 - North Korean Hackers. 

Election Season and Cybersecurity Concerns 

As the 2024 election season progresses, a recent Malwarebytes survey reveals that 74% of respondents consider it a risky time for personal information. Fears of scams, privacy breaches, and cyber interference are high, with 52% of people expressing concern about falling prey to scams through political ads. Many are taking precautions, such as using two-factor authentication and password managers, to secure their data. 

Key Insights: 

• 74% view election season as risky for personal data. 

• 52% fear scams via political ads. 

• Increased adoption of security practices like two-factor authentication. 

Further reading: Malwarebytes - Election Season Raises Fears. 

North Korean IT Worker Incident Highlights Hiring Risks 

A recent cyberattack on a company underscores the dangers of unknowingly hiring North Korean operatives. The organization accidentally hired a North Korean IT worker who accessed sensitive data and demanded a ransom. This highlights the need for stringent vetting in remote hiring practices, especially as North Korea increasingly infiltrates global companies. 

Recommended Protections: 

• Implement strict identity verification for remote workers. 

• Conduct thorough background checks with global databases. 

• Regularly monitor employee network activity for unusual behavior. 

Further reading: GBHackers - North Korean IT Worker Incident. 

Mobile-First Cyber Attacks on the Rise 

Cyber attackers are increasingly adopting a "mobile-first" strategy, as highlighted by a new report from Zimperium. With 83% of phishing sites now targeting mobile devices and a 13% rise in mobile malware, employees’ personal devices pose a growing risk to organizations. As more employees use their smartphones for work-related tasks, organizations need to bolster mobile security and educate employees on safe practices through security awareness training. 

Further reading: KnowBe4 - Mobile-First Attack Strategy. 

Microsoft Spoofing Threats on the Rise 

A recent report from Harmony Email & Collaboration highlights over 5,000 fake Microsoft emails targeting organizations within a single month. These emails, often impersonating legitimate administrators, use sophisticated obfuscation techniques, making it difficult for users to detect. The risks include account takeovers, ransomware, and data theft.  

Further reading: Check Point Blog. 

New VPN Credential Attack Uses Sophisticated Social Engineering 

A recent attack uncovered by security researchers targets organizations using VPNs through a combination of social engineering, fake login sites, and phone calls. Attackers impersonate a helpdesk, direct users to a spoofed VPN login page, and steal credentials. They also prompt users for multi-factor authentication (MFA) codes to gain access to corporate networks. This attack highlights the importance of user vigilance and strong security training. 

Attack Chain: 

• Impersonation of helpdesk. 

• Directs victim to fake VPN login page. 

• Steals credentials and MFA codes. 

Further reading: KnowBe4 - New VPN Credential Attack. 

Operation Kaerb Takedown 

Operation Kaerb successfully dismantled iServer, a Phishing-as-a-Service platform responsible for facilitating mobile credential theft targeting nearly half a million victims. iServer enabled low-skilled criminals to unlock stolen phones by phishing for user credentials. This takedown is a reminder of the evolving tactics cybercriminals use and underscores the importance of staying vigilant against mobile-focused phishing attacks. 

Further Reading: Operation Kaerb on KnowBe4 

Sextortion Scams on the Rise 

Our team has recently been targeted by sextortion scams, where attackers use publicly available information to create threatening messages designed to elicit fear and urgency. These scams often appear more credible by including personal details. If you receive such a message, avoid engagement or payment—report it to our security team immediately by using the suspicious email button in Outlook. 

Further Reading: KnowBe4 Article on Sextortion Scams. 

Update: Q3 2024 Brand Phishing Trends 

Check Point Research’s Q3 2024 report reveals that Microsoft continues as the most impersonated brand in phishing attacks, accounting for 61% of brand phishing attempts. Apple (12%) and Google (7%) follow, with new additions Alibaba and Adobe rounding out the top 10. These attacks commonly target the technology, social media, and banking sectors, as cybercriminals exploit brand familiarity to deceive users and capture credentials or payment information. Notably, new phishing sites targeting WhatsApp and Alibaba highlight the evolving strategies of threat actors seeking to exploit user trust. 

Key Insights: 

• Microsoft Dominance: Microsoft phishing attempts made up 61% of brand impersonation attacks, with Apple and Google also highly targeted. 

• Sector Focus: Technology and social networks were the most impersonated sectors, followed by banking. 

• Evolving Phishing Tactics: Phishing websites like whatsapp-io.com and alibabashopvip.com show attackers adapting to impersonate new brands. 

Further Reading: Check Point’s Q3 2024 Brand Phishing Report. 

North Korean Cybercriminal Infiltrates UK Company 

A UK-based organization recently suffered a breach after inadvertently hiring a North Korean cybercriminal posing as a remote IT worker. Once hired, the attacker used insider access to extract sensitive information and eventually demanded a ransom for its non-disclosure. This case highlights the importance of strict hiring processes for remote roles and enhanced security practices. 

Key Insights: 

• Vetting Remote Employees: Conduct rigorous background checks to confirm credentials. 

• Data Security: Monitor access and behavior for early threat detection. 

• Remote Work Risks: Be mindful of cyber threats exploiting virtual roles. 

Further Reading: KnowBe4 Article; KnowBe4 10 Hiring Updates 

North Korean Threat Actors Pose as Recruiters to Target Job Seekers 

Palo Alto Networks' Unit 42 recently uncovered a campaign in which North Korean threat actors pose as recruiters to lure tech job seekers into downloading malware disguised as legitimate communication tools. Known as the "Contagious Interview" campaign, this operation involves malware variants like BeaverTail and InvisibleFerret, which are capable of stealing credentials, exfiltrating sensitive files, and targeting cryptocurrency wallets. Victims are approached on professional platforms like LinkedIn, and then directed to install fake interview applications that serve as a conduit for malware. 

Key Insights: 

• Sophisticated Impersonation Tactics: Attackers convincingly impersonate recruiters and use realistic job offers to build trust with targets. 

• Multifunctional Malware: The malware used can harvest browser passwords, access cryptocurrency wallets, and install backdoors, enhancing its threat potential. 

• Organizational Risk: Beyond individual targets, successful infections on company devices can lead to broader data breaches within organizations. 

As remote work and digital hiring continue to rise, it’s critical to validate the legitimacy of recruiters and avoid downloading unverified software for job interviews. 

Further Reading: Unit 42 Report on North Korean Recruitment Tactics 

Pig Butchering Scams Target Job Seekers 

Proofpoint has identified a new twist in cryptocurrency fraud, known as "Pig Butchering," targeting job seekers. Scammers posing as recruiters lure victims into fake job roles, eventually guiding them to invest in fraudulent cryptocurrency platforms. Victims see initial "profits" to build trust, but ultimately lose their entire investment. These scams often begin on social media, moving to platforms like WhatsApp or Telegram for further manipulation. 

Further Reading: Proofpoint Article. 

Foreign Disinformation on U.S. Hurricanes 

Recent intelligence shows that operatives from Russia, China, and Cuba have spread false information about U.S. hurricanes to deepen political divides. AI-generated images and misleading posts claimed federal relief was denied or funds were diverted to foreign conflicts, aiming to erode trust in U.S. disaster response. Be cautious of divisive narratives or unverified disaster images on social media, as they may be part of coordinated disinformation efforts. 

Further Reading: NBC News Article. 

Social Engineering Exploits Valid Accounts 

Recent incidents highlight how threat actors are compromising legitimate accounts through social engineering tactics. By manipulating individuals into divulging sensitive information or performing specific actions, attackers gain unauthorized access to systems and data. This method often involves impersonating trusted entities or creating convincing scenarios to deceive targets. 

Key Insights: 

• Impersonation Tactics: Attackers frequently pose as IT support or company executives to extract credentials. 

• Phishing Campaigns: Sophisticated emails and messages are crafted to appear authentic, luring recipients into providing access details. 

• Insider Threats: Compromised accounts can be used to launch further attacks within an organization, making detection challenging. 

Further Reading: KnowBe4 Article on Social Engineering Exploits. 

Major Data Breach at Change Healthcare Affects 100 Million Americans 

In February 2024, Change Healthcare, a leading U.S. healthcare technology company, experienced a significant ransomware attack that compromised the personal, financial, and medical information of approximately 100 million individuals. The breach disrupted healthcare services nationwide, highlighting vulnerabilities in the sector's cybersecurity defenses. 

Key Insights: 

• Scope of Breach: The attack exposed sensitive data, including medical records, billing information, and personal identifiers such as Social Security numbers and driver's license details. 

• Financial Impact: UnitedHealth Group, Change Healthcare's parent company, reported direct breach response costs of $1.521 billion and total cyberattack impacts of $2.457 billion. 

• Ransom Payment: The company paid a $22 million ransom to the BlackCat ransomware group in an attempt to secure the stolen data. 

Further Reading: Change Healthcare Breach Hits 100M Americans – Krebs on Security 

Student Loan Phishing Scams Targeting Millions 

Cybercriminals are exploiting confusion around student loan forgiveness with a surge in phishing emails targeting millions of Americans. These emails use advanced techniques to look legitimate and bypass email filters, making them harder to detect. 

What You Can Do to Stay Safe: 

• Watch for Red Flags: Be cautious with emails related to student loans, especially those asking for immediate action or personal information. Verify any claims by contacting your loan service provider directly. 

• Check the Source: Always look closely at the sender’s email address. Official communication will come from verified addresses, not random or suspicious-looking senders. 

• Enable Multi-Factor Authentication (MFA): Use MFA on your financial accounts for extra security, making it harder for attackers to gain access if they obtain your credentials. 

• Be Prepared: Know how to report a suspicious email in your email system, and don’t hesitate to delete anything that seems off. 

Further Reading: Check Point Blog. 

This is a newsletter I share internally as part of our internal security awareness program. Feel free to take and use in your organization. Created with help from ChatGPT

Spamouflage: State-Linked Influence Operations Target U.S. Elections 

Summary: A Chinese state-linked influence operation, Spamouflage, is ramping up efforts to sway U.S. political discourse ahead of the 2024 election. By posing as U.S. voters and using AI-generated content, they spread divisive narratives on social media about sensitive issues like gun control and racial inequality. These tactics highlight the importance of vigilance against foreign influence campaigns and fake online personas. 

Key Insight: Verify online sources and stay aware of potential influence operations. 

Further Reading: Graphika Report 

Lazarus Hackers Target Job Seekers with Malware-Laden Job Offers 

Summary: The Lazarus Group is actively targeting job seekers, particularly those in blockchain-related fields, by disguising malware within fake job offers. The group utilizes platforms like LinkedIn, Upwork, and Telegram to distribute malicious software, including the "BeaverTail" malware, which steals credentials and cryptocurrency wallet data. Job seekers should be cautious of unsolicited job offers and avoid downloading unfamiliar files. 

Key Insight: Always verify job offers and avoid downloading files from unknown sources. 

Further Reading: GBHackers Article 

Foreign Influence Operations Target U.S. 2024 Election 

Summary: U.S. intelligence officials warn of increased influence operations from Russia, China, and Iran aimed at U.S. voters ahead of the 2024 election. These operations, while not yet disrupting voting infrastructure, spread disinformation through media, PR firms, and American influencers. A recent U.S. indictment highlights Russia's attempts to covertly funnel pro-Russian narratives into right-wing media, signaling the need for heightened vigilance as the election approaches. 

Key Insight: Stay alert to disinformation and foreign influence in political content. 

Further Reading: CyberScoop Article 

Lowe's Employees Targeted by Google Ads Phishing Campaign 

Summary: Lowe's employees were recently targeted by a phishing attack using fraudulent Google ads mimicking the MyLowesLife portal. Attackers designed fake login pages to steal employee credentials. This highlights the dangers of using search engines to access work-related sites. Employees should be reminded to avoid clicking on sponsored links and instead bookmark legitimate sites to protect against phishing attacks. 

Tip: Always access work portals through bookmarks or trusted URLs, not through search engines. 

Further Reading: Malwarebytes Blog 

Email Breaches at Welcome Health & United Way of Connecticut 

Summary: Welcome Health and United Way of Connecticut reported email account breaches compromising sensitive data. At Welcome Health, patient information and contractor Social Security numbers were exposed, while a phishing attack on United Way's employee email compromised data of up to 8,039 patients. Both organizations have responded with enhanced security measures and offered credit monitoring to affected individuals. 

Further Reading: HIPAA Journal 

False Claims of Hacked Voter Data Intended to Undermine U.S. Elections 

Summary: The FBI and CISA have issued a joint public service announcement warning about false claims of hacked voter information. Foreign actors may spread disinformation to erode public confidence in U.S. elections, especially by exaggerating claims of compromised voter data. The agencies urge citizens to critically evaluate such claims and remind that much voter information is public. 

Key Insight: Stay vigilant against disinformation campaigns designed to sow distrust in election processes. 

Further Reading: CISA Announcement 

Beware of Parking Payment Scams Involving Fake QR Codes 

Summary: Drivers in the UK are being targeted by scammers who place fake QR codes on parking machines. These codes lead to fraudulent websites designed to steal payment information. The RAC warns drivers to avoid using unfamiliar QR codes and instead rely on cash, card, or official apps for parking payments. This "quishing" scam has been reported across multiple UK regions, with an increasing number of incidents. 

Key Insight: Be cautious when scanning QR codes, especially in public places like parking machines. 

Further Reading: RAC News  

Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals 

Summary: A data breach at MNA Healthcare exposed sensitive information of over 14,000 healthcare workers and 10,000 hospitals, including encrypted Social Security Numbers, addresses, and job details. The breach, caused by a misconfigured database, increases risks of identity theft and fraud. Healthcare professionals and institutions are advised to enhance cybersecurity measures, monitor financial accounts, and consider identity theft protection. 

Further Reading: Cybersecurity News 

New Sextortion Scam Uses Photos of Victims' Homes 

Summary: A recent wave of sextortion scams has taken a more personalized approach, including photos of victims' homes in threatening emails. Scammers claim to have recorded compromising footage through malware and demand Bitcoin payments to avoid releasing the videos. The photos are often pulled from online mapping services to increase intimidation. To stay safe, avoid responding to such emails, keep webcams covered when not in use, and report incidents to law enforcement. 

Further Reading: Krebs on Security 

Google Password Manager Now Syncs Passkeys Across Devices 

Summary: Google Password Manager now automatically syncs passkeys across Windows, macOS, Linux, Android, and ChromeOS devices. Passkeys, which use biometrics like fingerprints and facial recognition, offer a more secure alternative to passwords. With this update, passkeys are encrypted and accessible on all devices, enhancing security and convenience for users. Google has also introduced a new PIN feature to ensure end-to-end encryption for synchronized data. 

Further Reading: BleepingComputer Article 

FTC Report Exposes Surveillance by Social Media and Streaming Giants 

Summary: The FTC has released a report revealing that major social media and video streaming platforms engage in extensive data collection and surveillance of users, including children and teens. The report highlights inadequate privacy protections and raises concerns about the use of data for targeted advertising. The FTC recommends stronger privacy laws, data minimization, and enhanced safeguards for younger users. 

Key Insight: Ensure your social media use is mindful of privacy risks, and review settings to limit data sharing. 

Further Reading: FTC Report 

Operation Overload: A Disinformation Threat Targeting U.S. Elections 

Summary: Operation Overload, a Russia-linked disinformation campaign, is ramping up efforts targeting U.S. voters ahead of the 2024 presidential election. The operation uses AI-generated fake content, such as fabricated TikTok videos and doctored news articles, to spread false narratives. Recent emails aimed at smearing Vice President Kamala Harris highlight the evolving tactics. It's critical for newsrooms and voters to remain vigilant and fact-check claims. 

Key Insight: Be cautious of AI-generated content that mimics legitimate sources to manipulate public opinion. 

Further Reading: CheckFirst Report 

Phishing Attack Uses Two-Step Approach to Evade Detection 

Summary: A new phishing attack leverages a two-step process, using legitimate platforms like Microsoft Office Forms as an intermediary to evade detection. After clicking the phishing email link, users are directed to a legitimate form before being redirected to a fake login page designed to steal credentials. This sophisticated approach helps attackers bypass security filters by exploiting trusted platforms. 

Key Insight: Be cautious of phishing links that utilize legitimate services as intermediaries before redirecting to malicious sites. 

Further Reading: KnowBe4 Blog 

Investment Scam Losses Surge Six-Fold Since 2021 

Summary: The Better Business Bureau reports a six-fold increase in losses from investment scams since 2021. Scammers frequently exploit dating platforms and hacked social media accounts to lure victims into fraudulent cryptocurrency schemes. Victims are often promised high returns on investments, only to lose significant amounts of money. Common red flags include promises of guaranteed returns, little-known cryptocurrencies, and requests to share wallet details. 

Key Insight: Be cautious of unsolicited investment offers and avoid sharing cryptocurrency wallet details with unverified individuals. 

Further Reading: KnowBe4 Blog 

HR-Related Phishing Tactics on the Rise 

Summary: Threat actors are using HR-related phishing emails, posing as internal messages like "Updated Employee Handbook," to trick employees into clicking malicious links. These attacks often lead victims to fake login pages that steal their credentials. The emails appear legitimate, making it crucial for employees to be extra cautious with HR communications and verify any unusual requests directly with their HR department. 

Key Insight: Always verify HR-related emails before clicking links or providing sensitive information. 

Further Reading: Cofense Blog 

Foreign Influence Operations Using AI to Target U.S. Elections 

Summary: According to a recent ODNI election security update, foreign actors—primarily Russia and Iran—are increasingly using AI-generated content to influence U.S. voters. These actors are deploying manipulated media across various formats, including text, images, audio, and video, to spread disinformation and fuel divisive political narratives. As Election Day approaches, U.S. citizens should be vigilant about AI-generated content and misinformation campaigns. 

Key Insight: Verify sources and be cautious of sensationalized or divisive media, especially content that seems AI-generated. 

Further Reading: ODNI Election Security Update 

Expert Tips to Identify Phishing Links 

Summary: Phishing attacks are becoming more sophisticated, but there are key ways to spot phishing links. Security experts advise checking for suspicious URLs with complex characters, paying attention to redirect chains, and inspecting page titles or missing favicons. Attackers also abuse CAPTCHA and Cloudflare checks to mask phishing attempts. Tools like ANY.RUN’s Safebrowsing can help safely analyze suspicious links before engaging with them. 

Key Insight: Always inspect URLs carefully and use tools to analyze suspicious links in a safe environment. 

Further Reading: The Hacker News 

The Dangerous Intersection Between Cybercrime and Harm Groups 

Summary: A recent investigation reveals that some cybercriminals involved in ransomware attacks are also tied to violent online communities. These groups, often targeting young people, manipulate victims into self-harm or harming others. They use platforms like Telegram and Discord to coordinate harassment and extortion, demonstrating the increasing overlap between cybercrime and real-world violence. 

Key Insights: 

• Cybercriminals are also involved in harm groups. 

• Young people are often victims of online manipulation. 

• Cybercrime is increasingly crossing into physical violence. 

Read more: Krebs on Security. 

Cyber Predators Exploit Healthcare Vulnerabilities with Ransomware and Data Theft 

Summary: Cybercriminals are increasingly targeting healthcare organizations, exploiting weaknesses to steal patient data and extort hospitals via ransomware attacks. These criminals collaborate through darknet marketplaces, offering ransomware-as-a-service, and trading access to compromised healthcare systems. With attacks up 32% globally in 2024, healthcare remains a prime target due to its valuable data and often outdated security infrastructure. 

Key Insights: 

• Healthcare sees an average of 2,018 attacks weekly, with APAC and Latin America hit hardest. 

• Ransomware-as-a-service empowers less experienced criminals. 

• Hospitals face high risks due to the critical nature of their operations. 

Read more: Checkpoint Research. 

Beware of Funeral Streaming Scams on Facebook 

Summary: Scammers are exploiting Facebook by creating fake funeral streaming groups, tricking grieving families into providing credit card information to view a supposed service. These fraudulent groups use the deceased's images to appear legitimate and direct users to malicious websites requesting payment. This scheme preys on vulnerable people, often at their most emotional moments. 

Key Insights: 

• Fake funeral streaming pages ask for credit card details. 

• Scammers use social media to create convincing, emotional traps. 

• Stay vigilant and verify event details before engaging. 

Read more: Krebs on Security. 

Phishing Campaign Exploits Google Apps Script for Sophisticated Attacks 

Summary: A new phishing campaign manipulates Google Apps Script macros to target users across multiple languages. The phishing emails falsely claim to provide “account details” and include links to malicious pages mimicking legitimate Google services. Victims are tricked into disclosing sensitive information, leading to data theft and operational disruption. 

Key Insights: 

• Attack uses Google’s infrastructure to appear legitimate. 

• Affected users may disclose sensitive data via a deceptive Google Apps Script URL. 

• Advanced email filtering, real-time URL scanning, and phishing awareness training are crucial defenses. 

For more details, visit Checkpoint Research. 

New Windows PowerShell Phishing Campaign Highlights Serious Risks 

Summary: A recently discovered phishing campaign uses GitHub-themed emails to trick recipients into launching PowerShell commands, enabling the download of password-stealing malware. The attack uses social engineering techniques, disguising itself as a CAPTCHA verification process. By exploiting PowerShell’s automation capabilities, attackers gain unauthorized access to credentials stored on victims' systems. 

Key Insights: 

• Attack targets GitHub users but could be adapted for broader use. 

• Exploits PowerShell to execute malicious commands. 

• Vigilance and disabling unnecessary PowerShell access are crucial defenses. 

For more, visit Krebs on Security. 

Phishing Attacks Exploit Content Creation and Collaboration Platforms 

Summary: A recent phishing campaign abuses popular content creation and collaboration tools to trick users into clicking malicious links. Cybercriminals use legitimate-looking posts and documents with embedded phishing URLs, leading to credential theft through fake login pages. These attacks have been seen in both business and educational environments. 

Key Insights: 

• Phishing emails from trusted platforms contain hidden threats. 

• Common platforms include design tools and document-sharing services. 

• Users should be cautious of unexpected links and suspicious login requests. 

For more information, visit KnowBe4. 

Scammers Exploit Virtual Shopping Lists to Target Walmart Customers 

Summary: Cybercriminals are using Walmart’s virtual shopping list feature to scam customers by embedding fake customer support numbers. Clicking these links, often promoted via malicious ads, leads users to scammers who impersonate law enforcement or bank employees. Victims are coerced into transferring funds, often under false threats of legal consequences. 

Key Insights: 

• Scammers misuse legitimate platforms like Walmart's shopping lists. 

• Ads can redirect to fake support numbers. 

• Stay vigilant of scare tactics and unsolicited requests for money. 

For more details, visit KnowBe4. 

Cyber Threats Looming for the 2024 U.S. Election 

Summary: As the 2024 U.S. election approaches, cyber threats from nation-state actors, hacktivists, and cybercriminals are expected to rise. These include disinformation campaigns, phishing attacks, and attacks on electoral infrastructure. Businesses should brace for phishing campaigns and SEO poisoning targeting politically charged topics. 

Key Insights: 

• Nation-state groups may conduct hack-and-leak operations and influence campaigns. 

• Expect a surge in phishing attacks and scams using election-related themes. 

• Businesses should implement advanced cybersecurity measures to mitigate risks. 

For more details, visit ReliaQuest. 

Timeshare Scam Linked to Mexican Drug Cartel Targets U.S. Owners 

Summary: The FBI has issued a warning about a telemarketing scam targeting timeshare owners, linked to the Jalisco New Generation drug cartel. Scammers posing as buyers lure victims into paying advance fees for fraudulent timeshare sales. The funds are used to finance other cartel activities. Victims are often reluctant to report the scam due to fear or embarrassment. 

Key Insights: 

• Scammers pose as buyers offering above-market prices. 

• Victims lose thousands in fraudulent fees. 

• Report scams to authorities to prevent further harm. 

For more details, visit Krebs on Security. 

These are news stories I’ve shared internally at my company. Feel free to take and use as part of your security awareness program.

Russia-linked Operations Target Paris 2024 Olympics 

In the lead-up to the 2024 Summer Olympics in Paris, Russian-linked actors launched a disinformation campaign to discredit France’s hosting capabilities and spread fear of terrorist attacks. These operations employed tactics like AI-generated videos, fake news reports, and social media hashtags to undermine confidence and create chaos. France's support for Ukraine has made it a target for these hybrid destabilization efforts. Stay vigilant against misinformation and verify sources before sharing content online. 

Key Insights: 

• Russian-linked actors are targeting the Paris 2024 Olympics. 

• Disinformation tactics include AI-generated content and fake news. 

• The campaign aims to undermine confidence and spread fear. 

• Verify information from trusted sources to avoid spreading misinformation. 

For more details, visit the DFRLab article. 

Ransomware Attacks on Blood Suppliers 

In a concerning trend, blood suppliers have faced three ransomware attacks in the past three months. The latest victim, OneBlood, experienced a significant disruption, impacting over 350 hospitals and causing a critical shortage of blood supplies. This follows similar attacks on Synnovis and Octapharma, highlighting the growing threat to healthcare infrastructure. The American Hospital Association urges health systems to review their contingency plans to mitigate such risks. 

Key Insights: 

• OneBlood hit by ransomware, causing severe blood supply disruptions. 

• Recent attacks also targeted Synnovis and Octapharma. 

• Increased targeting of healthcare infrastructure by ransomware groups. 

• Review and update contingency plans to ensure operational resilience. 

For more details, visit the Healthcare IT News article. 

Surge in Data Breach Victims in 2024 

In the first half of 2024, over 1 billion individuals were affected by data breaches, a staggering increase compared to 2023. The majority of breaches targeted financial services, healthcare, and manufacturing sectors. Alarmingly, there is a significant rise in attacks with unspecified vectors, highlighting a need for improved transparency and information sharing to bolster defense strategies. Phishing remains the primary attack method, underscoring the importance of robust security awareness training. 

Key Insights: 

• Over 1 billion victims in the first half of 2024. 

• Top targets: financial services, healthcare, manufacturing. 

• Increase in unspecified attack vectors. 

• Phishing remains the leading attack method. 

For more details, visit the KnowBe4 article. 

Foreign Influence Actors Adapting to U.S. Presidential Race 

U.S. intelligence agencies have identified that foreign influence actors are adapting their strategies in response to changes in the 2024 U.S. presidential race. These actors are leveraging social media, misinformation campaigns, and other digital tactics to sway public opinion and disrupt the electoral process. Key sources of influence include Russia, China, and Iran, each employing sophisticated techniques to achieve their objectives. 

Key Insights: 

• Foreign actors are evolving their methods to interfere in the U.S. elections. 

• Tactics include social media manipulation and misinformation. 

• Vigilance and media literacy are crucial to counter these threats. 

For more details, visit the Reuters article. 

$40 Million Recovered from International Email Scam 

Interpol's Global Rapid Intervention of Payments (I-GRIP) mechanism helped recover over $40 million from an international email scam targeting a Singapore-based commodity firm. The scam involved a fraudulent email from a fake supplier requesting payment to a new bank account. Swift action by Singapore and Timor Leste authorities led to the interception of funds and the arrest of seven suspects. 

Key Insights: 

• Swift action: Crucial in intercepting fraudulent funds. 

• Global cooperation: Essential for combating international scams. 

• Awareness: Verify email requests for fund transfers. 

For more details, visit the Interpol article. 

Cyberattack on France's Grand Palais During Olympics 

France's Grand Palais suffered a ransomware cyberattack during the 2024 Olympic Games. The attack led to operational disruptions, particularly affecting museum bookstores and boutiques. Swift action was taken to prevent the spread of the attack, and temporary autonomous solutions were implemented to keep stores operational. Authorities, including ANSSI and CNIL, were informed, and preliminary investigations found no data exfiltration. This incident highlights the importance of robust cybersecurity measures, especially during major events. 

Key Insights: 

• Ransomware Attack: Disrupted operations at Grand Palais. 

• Immediate Response: Systems shut down to prevent spread. 

• No Data Exfiltration: Preliminary findings are positive. 

For more details, visit the Bleeping Computer article. 

Rising Costs of Data Breaches in Healthcare 

A recent report by IBM and the Ponemon Institute revealed that the healthcare industry faces the highest average data breach costs at $10.93 million, significantly above the global average of $4.45 million. These breaches, often involving stolen credentials, can take up to 292 days to resolve. Healthcare organizations are urged to implement AI and automation in cybersecurity to reduce breach lifecycle and costs. Incident response planning and stringent data protection measures are essential to mitigate these risks. 

For more details, visit the Security Intelligence article. 

Enhanced Protection in Chrome 

Google has revamped the Chrome downloads experience to boost security and user awareness. The redesigned interface now offers detailed warnings, classifying files as either suspicious or dangerous, using AI-powered assessments. Enhanced Protection mode users benefit from automatic deep scans for suspicious files, providing extra layers of safety against new malware. Additionally, Chrome now tackles encrypted malicious files by prompting users to enter passwords for deep scans, enhancing protection even further. These updates aim to reduce user bypassing of warnings and improve overall safety when downloading files. 

For more details, visit the Google Security Blog. 

New Phishing Campaign Exploits Google Drawings and WhatsApp 

Menlo Security has uncovered a sophisticated phishing campaign that abuses Google Drawings and WhatsApp's URL shortener to deceive users. The attack redirects victims from what appears to be legitimate links to malicious sites mimicking trusted brands like Amazon. These tactics make it difficult for users and traditional security tools to detect the threat. Stay cautious of unexpected emails with links or attachments, even if they appear to be from familiar sources. 

Key Insights: 

• Exploited Platforms: Google Drawings and WhatsApp's URL shortener. 

• Phishing Tactics: Redirection to malicious sites mimicking trusted brands. 

• Recommendation: Be cautious of unexpected emails with links, even from known sources. 

For more details, visit the Menlo Security article. 

Real Social Engineering Attack on KnowBe4 Employee Foiled 

KnowBe4 recently thwarted a social engineering attack targeting one of its employees. The attacker, posing as a customer support representative, attempted to gain unauthorized access to internal systems by exploiting trust and urgency. The employee recognized the signs of a phishing attempt and reported the incident immediately. This event underscores the importance of ongoing security awareness training and vigilance against social engineering tactics. 

Key Insights: 

• Social Engineering: Attackers may pose as trusted sources to gain access. 

• Vigilance: Recognizing and reporting suspicious activity is crucial. 

• Training: Regular security awareness training is essential to prevent such attacks. 

For more details, visit the KnowBe4 article. 

Beware of Misinformation on TikTok: Protect Yourself from Political Lies 

In today's digital age, social media platforms like TikTok are not just sources of entertainment—they have become powerful tools for spreading information, both true and false. A recent study revealed that a staggering 33% of young Americans have been exposed to political lies on TikTok. This statistic highlights a growing concern: the rapid spread of misinformation, particularly among younger generations. 

Why This Matters: Misinformation, especially on social media, can influence opinions, sway elections, and even create social unrest. For cybercriminals, misinformation is a weapon. They can use false information to manipulate public perception, incite division, or even scam users by blending lies with phishing attacks. 

How to Protect Yourself: 

1. Verify Before You Trust: Always cross-check information from multiple credible sources before believing or sharing it. Look for news from established, reputable outlets. 

1. Be Skeptical of Viral Content: Just because something is popular doesn't mean it's true. Viral videos and posts may be designed to elicit strong emotional responses, making it easier to spread falsehoods. 

1. Watch for Red Flags: Pay attention to signs of misinformation, such as sensational headlines, lack of credible sources, and emotionally charged language. 

1. Educate Yourself and Others: Stay informed about the tactics used by those who spread misinformation. Share your knowledge with friends and family to help them avoid being misled. 

Conclusion: As we continue to navigate the complex world of social media, staying vigilant against misinformation is crucial. By adopting a skeptical mindset and verifying the content we encounter online, we can protect ourselves and our communities from the harmful effects of political lies and other forms of disinformation. 

Exposed Passwords Highlight Risk 

A recent breach at National Public Data (NPD) underscores the critical need for strong security practices. NPD inadvertently published administrator passwords to their backend database, exposing sensitive information. This incident, coupled with a previous massive data leak, highlights the importance of securing credentials and regularly updating passwords. Users of similar services should take immediate steps to protect their personal information, including freezing their credit files and monitoring their accounts for suspicious activity. 

Key Takeaway: Ensure your passwords are strong, unique, and updated regularly to avoid similar risks. 

Read more 

Unmasking Styx Stealer 

Checkpoint Research uncovered the Styx Stealer malware, designed to steal browser data, cryptocurrency, and instant messenger sessions. The developer's operational security mistakes, including leaking data during debugging, led to a treasure trove of intelligence. This discovery linked Styx Stealer to the Agent Tesla malware campaign, revealing details about the cybercriminals involved, including their identities and operations. 

Key Insights: 

• Malware Functionality: Steals browser data, cryptocurrency, and instant messenger sessions. 

• OpSec Failures: Leaks led to significant intelligence gathering. 

• Linkage: Connected to the Agent Tesla campaign and other cybercriminals. 

For more details, visit the Checkpoint article. 

AI Vishing Threats on the Rise 

Recent research by KnowBe4 has demonstrated that unsuspecting call recipients are highly vulnerable to AI-driven vishing (voice phishing) attacks. These attacks leverage AI to create highly convincing voice manipulations, often impersonating trusted individuals or authority figures. The study highlights the importance of being skeptical of unsolicited calls, even if the caller sounds familiar. Employees should verify the authenticity of any unexpected requests over the phone before taking action. 

Key Insights: 

• AI Vishing: Increasingly sophisticated and convincing. 

• Verification: Always verify unexpected phone requests. 

• Awareness: Stay vigilant against unsolicited calls. 

For more details, visit the KnowBe4 article. 

Employment Scams Targeting Job Seekers 

KnowBe4 reports a surge in employment scams targeting job seekers. Scammers pose as legitimate employers, often using fake job postings or direct outreach to collect personal information and money from victims. These scams exploit the urgency and desperation of job seekers, making them particularly effective. To protect yourself, always verify job offers through official channels, be cautious of unsolicited communications, and avoid sharing sensitive information without thorough verification. 

Key Insights: 

• Scam Tactics: Fake job postings and direct outreach. 

• Target: Personal information and money from job seekers. 

• Recommendation: Verify job offers through official channels. 

For more details, visit the KnowBe4 article. 

Protect Yourself from File-Sharing Phishing Attacks 

Over the past year, file-sharing phishing attacks have surged by 350%, targeting employees through fake notifications from services like Google Drive or Dropbox. These attacks aim to steal sensitive information or infect your device with malware. To protect yourself, always verify the legitimacy of file-sharing requests, avoid clicking on suspicious links, and report any unusual emails to IT immediately. Staying vigilant is key to keeping our organization secure. 

For more details, visit the KnowBe4 article. 

Beware of Travel-Themed Spam Scams 

Bitdefender’s AntiSpam Lab warns that half of all travel-themed spam messages circulating worldwide are scams. Attackers are specifically targeting users of popular travel sites like Booking.com and Airbnb. These scams often involve fake booking confirmations and travel deals designed to steal personal information or deliver malware. With the travel season in full swing, it's essential to verify the authenticity of any travel-related emails and avoid clicking on suspicious links. 

Key Insights: 

• 50% of travel-themed spam messages are scams. 

• Targeted Platforms: Booking.com and Airbnb users. 

• Recommendation: Verify emails and book through trusted sources. 

For more details, visit the Bitdefender article. 

Beware of Phishing Attacks Using URL Shorteners 

Phishing attacks are increasingly leveraging URL shorteners to obfuscate malicious links, making it harder for users to recognize potential threats. These shortened URLs often appear in emails or text messages, leading victims to fraudulent websites that steal personal information or deploy malware. To protect yourself, always hover over links to reveal their true destination, and avoid clicking on shortened URLs from unknown sources. 

For more details, visit the KnowBe4 article. 

Surge in Microsoft Brand Impersonation Attacks 

A recent report shows a 50% increase in phishing attacks impersonating Microsoft in just one quarter. These attacks target users by mimicking Microsoft’s branding to steal credentials or deploy malware. Given Microsoft’s widespread use in organizations, employees should be extra cautious when receiving emails claiming to be from Microsoft, especially those requesting login details or prompting downloads. Always verify the sender's address and report suspicious emails to IT. 

For more details, visit the KnowBe4 article. 

North Korean IT-Worker Scheme Exposed in Tennessee 

A Nashville resident, Matthew Isaac Knoot, was arrested for facilitating a scheme that funneled hundreds of thousands of dollars to North Korea’s illicit weapons program. Knoot allegedly helped North Korean IT workers secure remote jobs with U.S. and British companies by using stolen identities. The funds, earned through six-figure salaries, were laundered and funneled back to North Korea. This case underscores the growing threat of North Korean cyber operations targeting remote work environments. 

For more details, visit the full article. 

Cyber Threats Targeting US Elections 2024 

As the US elections approach on November 5, 2024, cybercriminals are intensifying their efforts to exploit the event. From phishing campaigns using candidate names to fake websites and domains designed to mislead voters, these threats are aimed at manipulating voter sentiment and stealing personal information. 

Key Insights: 

• Candidate Names: Used in domains to create believable phishing sites. 

• Election Manipulation: Emotional appeals to influence voter behavior. 

• Financial Fraud: Fake donation sites and meme coins targeting voters. 

For more information, visit BforeAI. 

Beware of QR Code Phishing: Microsoft Sway Abused 

A new phishing campaign is leveraging QR codes in emails to trick users into visiting malicious websites hosted on Microsoft Sway. This attack is particularly dangerous because it bypasses traditional email security filters and targets users on mobile devices, where security controls are often weaker. 

Key Insights: 

• Targets: Tech, manufacturing, and finance sectors. 

• Method: QR codes embedded in phishing emails. 

• Action: Be cautious when scanning QR codes, especially from unsolicited emails. 

Stay vigilant and educate your teams about this evolving threat. For more details, visit BleepingComputer. 

Malvertising Campaign Impersonates Google Products 

A recent malvertising campaign has been detected, impersonating various Google products to lure users into tech support scams. These malicious ads, exploiting Google’s Looker Studio, redirect victims to fake Microsoft or Apple warning pages, urging them to call a fraudulent support number. This campaign serves as a reminder to be cautious of online ads, even those that appear to represent trusted brands. 

Key Insights: 

• Target: Users of Google products. 

• Tactics: Fake tech support scams via malvertising. 

• Impact: Potential malware installation and data theft. 

For more details, visit KnowBe4. 

When Get-Out-The-Vote Efforts Resemble Phishing Scams 

As election season approaches, many citizens receive text messages urging them to get out and vote. While these messages often come from well-intentioned organizations, a recent campaign highlighted by KrebsOnSecurity shows how such efforts can closely resemble phishing scams. 

In this case, a fake political consulting firm sent out mass texts linking to websites that requested personal information under the guise of verifying voter registration. The messages were a scam trying to get people to give up sensitive personal information. 

Here’s how you can protect yourself: 

1. Verify the Source: Always check the sender’s identity and verify the website independently. Visit official government websites directly rather than clicking on links in unsolicited messages. 

1. Look for Red Flags: Be wary of messages that create a sense of urgency, request personal information, or direct you to unfamiliar websites.  

1. Report Suspicious Messages: If you suspect a message is a phishing attempt, report it to the relevant authorities or your organization's IT department. 

While voter registration is crucial, ensuring the integrity of the process and protecting personal information is equally important. Stay informed and vigilant to avoid falling victim to phishing scams during election season. 

For more details, visit KrebsOnSecurity. 

GenAI and the Surge of AI-Driven Fraudulent Websites 

Cybercriminals are increasingly leveraging large language models (LLMs) to scale the creation of fraudulent websites, including phishing sites and fake online stores. Netcraft reports a significant rise in AI-generated content for scams, with a 3.95x increase in such websites from March to August 2024. These AI tools enhance the credibility of scams by improving text quality, making malicious content more convincing and harder to detect. Organizations must enhance their defenses to mitigate the risks posed by this emerging threat. 

Key Insights: 

• LLMs are used to generate convincing text for scams. 

• AI-driven scams have seen a sharp increase in recent months. 

• Monitoring and takedown strategies are essential to combat this trend. 

Further Reading: Netcraft Blog 

Scammers Exploit Fake Funeral Livestreams for Financial Gain 

Cybercriminals are using fake funeral livestreams on social media to exploit grieving families. These scams, often promoted through compromised accounts, lead victims to payment pages that charge excessive fees. This trend underscores the need for vigilance online, even during sensitive moments like a loved one's passing. Users should be cautious when encountering unexpected payment requests for livestreams and report suspicious activity. 

Further Reading: KnowBe4 Blog 

 Originally posted on exploresec.com.

This is Security Awareness focused newsletter I put together for distribution internally at my company. Feel free to take and use for your own program.

Medusa Ransomware Analysis 

In June 2024, ReliaQuest detected the Medusa ransomware, which encrypted multiple hosts in a customer environment. Medusa, active since 2022, exploits unpatched vulnerabilities and hijacks legitimate accounts. The attack lifecycle includes initial access via a compromised VPN account, credential access through NTDS dumps, and lateral movement using RDP. Medusa employs living-off-the-land techniques, PowerShell for credential dumping, and service installations for persistence. Enhanced VPN configurations, endpoint visibility, and automated responses are critical to mitigating such ransomware threats. 

Key Takeaways: 

• Medusa exploits unpatched vulnerabilities and legitimate accounts. 

• Uses living-off-the-land techniques for stealth. 

• Mitigation includes enhanced VPN security, endpoint visibility, and automated responses. 

For detailed insights, read the full report here. 

Teen Sextortion on the Rise 

Overview: Sextortion targeting teenagers is on the rise, exploiting their trust and vulnerabilities on social media. Criminals pose as peers or love interests to coerce explicit images, which they then use for blackmail. 

Key Points: 

• Tactics: Attackers use fake profiles to build rapport and exchange fake explicit content. 

• Impact: Victims face severe emotional and psychological harm, sometimes leading to tragic consequences. 

• Preventive Measures: Educate teens on online safety, ensure open communication, and use strong privacy settings. 

Action Steps: 

• Educate yourself and your teens about sextortion. 

• Foster open discussions on online interactions. 

• Report incidents promptly. 

• Support victims without blame. 

For more details, visit KnowBe4 Blog. 

North Korean Fake IT Worker Infiltration Attempt 

In a recent incident, KnowBe4's SOC detected suspicious activities from a newly hired software engineer, later revealed to be a North Korean fake IT worker using AI to generate a fake identity. Despite rigorous hiring processes, including background checks and multiple video interviews, the individual bypassed security measures and attempted to load malware upon receiving their workstation. 

Key Takeaways: 

• Enhanced Vetting: Improve background checks and resume scanning for inconsistencies. 

• Background check appears inadequate. Names used were not consistent. 

• References potentially not properly vetted. Do not rely on email references only. 

• What to look for: Inconsistencies in information. 

• Discrepancies in address and date of birth across different sources 

• Conflicting personal information (marital status, "family emergencies" explaining unavailability) 

This case underscores the importance of robust hiring and security processes to prevent similar infiltration attempts. 

For a detailed account, visit the full article on KnowBe4's blog. 

Phish-Friendly Domain Registry ".top" Put on Notice 

The ".top" domain registry, managed by Jiangsu Bangning Science & Technology Co. Ltd., has been warned by ICANN for its failure to address phishing abuse. Findings revealed that over 4% of new ".top" domains from May 2023 to April 2024 were used for phishing. ICANN's notice demands immediate improvements, or the registry risks losing its license. This highlights the critical need for vigilant monitoring and prompt action against domain abuse to protect users from phishing threats. 

For more information, read the full article on Krebs on Security. 

CrowdStrike Phishing Attacks Appear in Record Time 

Recent IT outages have led to a surge in phishing sites exploiting the chaos. Within hours, domains like crowdstriketoken[.]com and crowdstrikefix[.]com emerged, targeting those affected by the outages. Cybercriminals quickly capitalized on the situation, registering 28 domains by early morning. The US Cybersecurity and Infrastructure Security Agency (CISA) urges caution, advising users to avoid suspicious links and verify communications through official channels. Stay vigilant and only rely on trusted sources for updates. 

Key Takeaways: 

• Phishing sites can appear rapidly during crises. 

• Always verify the authenticity of communication channels. 

• Use official websites and trusted sources for updates. 

• Be extra cautious of suspicious domains and links. 

For more details, visit KnowBe4's blog. 

Is Your Bank Really Calling? Protect Yourself from Financial Impersonation Fraud 

Summary: With the rise of sophisticated scams, distinguishing between legitimate bank communications and fraudulent attempts is increasingly challenging. Cybercriminals use stolen personal details to make their scams appear genuine, often creating a sense of urgency to exploit victims. 

Key Takeaways: 

• Red Flags: Requests for passwords or OTPs, suspicious links, pressure tactics, unsolicited calls. 

• Protection Tips: Verify calls by contacting your bank directly, trust your instincts, and avoid sharing sensitive information over the phone. 

Recommendations: Stay vigilant and regularly update your security awareness to safeguard against financial fraud. 

For more information, read the full article on KnowBe4 Blog. 

Building Security into the Redesigned Chrome Downloads Experience 

Google has revamped Chrome’s download interface, adding detailed warnings to protect users from malicious files. The new UI uses AI-powered verdicts from Google Safe Browsing to categorize files as "suspicious" or "dangerous," helping users make informed decisions.  

Key Takeaways: 

• Detailed download warnings improve user decision-making. 

• Enhanced Protection mode automatically scans suspicious files. 

• Stay vigilant and utilize Chrome’s built-in security features. 

For more details, visit Google's Security Blog. 

Olympics-Themed Scams: Stay Vigilant! 

With the Paris 2024 Olympics approaching, cybercriminals are ramping up their efforts to exploit the excitement. Recent reports show an 80-90% increase in cybercrime targeting French organizations, with scam tactics including typosquatting domains (e.g., oympics[.]com) and Olympic-themed lottery scams impersonating brands like Coca-Cola and Microsoft. These scams target users worldwide, emphasizing the need for heightened vigilance. Always scrutinize unexpected emails and offers, especially those that seem too good to be true. 

Key Takeaways: 

• Increased Cybercrime: Expect more cyber threats as the Olympics near. 

• Typosquatting: Watch out for fake domains mimicking official Olympic sites. 

• Lottery Scams: Be wary of unsolicited emails claiming lottery winnings. 

• Global Target: These scams can affect anyone, not just those in France. 

Stay safe and informed to protect yourself and your organization from these threats. 

For more details, visit KnowBe4's Blog. 

Beware of Generative AI Tool Scams 

Scammers are exploiting the growing interest in generative AI tools like ChatGPT. Researchers have observed a surge in suspicious domain registrations, especially around significant AI-related announcements. These domains often include keywords like "gpt" and "prompt engineering," and many are used for phishing and other malicious activities. 

Key Takeaways: 

• Suspicious Domains: Be cautious of new domains related to AI tools. 

• Phishing Risks: Verify the legitimacy of AI-related tutorials and tools. 

• Keyword Alerts: Watch out for terms like "gpt" in suspicious contexts. 

Stay alert and informed to protect yourself from these evolving threats. 

For more details, visit KnowBe4's Blog. 

QR Code Phishing: An Ongoing Threat 

QR code phishing, or "quishing," continues to rise as a significant cyber threat. Cybercriminals exploit QR codes to bypass email security filters and target users directly, often embedding malicious codes in PDFs or images. This method can deceive even vigilant users, leading to compromised personal and financial information. 

Key Takeaways: 

• Bypassing Filters: QR codes can slip through traditional email security. 

• Human Targeting: Scams aim at users’ mobile devices for data theft. 

• Red Flags: Be cautious of QR codes lacking context or asking for excessive permissions. 

Stay informed and cautious to protect against these sophisticated phishing attacks. 

For more details, visit KnowBe4's Blog. 

New Phishing Tactic: Chat Support Scams 

Cybercriminals are now using fake chat support to add credibility to phishing scams. By mimicking legitimate support chats on spoofed payment pages for platforms like Etsy and Upwork, scammers deceive users into providing sensitive information. These chat features, staffed by scammers posing as support agents, guide victims through the phishing process, making the scams more convincing and harder to detect. 

Key Takeaways: 

• Enhanced Deception: Scammers use fake chat support to build trust. 

• Phishing Risks: Verify the legitimacy of support chats on payment pages. 

• Increased Vigilance: Be cautious of unexpected support interactions. 

Stay informed and vigilant to protect against these sophisticated attacks. 

For more details, visit KnowBe4's Blog. 

OneDrive Pastejacking: A New Threat to Watch 

A recent discovery highlights a new threat called "pastejacking" targeting OneDrive users. This technique exploits the copy-paste functionality to inject malicious commands into users' clipboards, potentially leading to unauthorized data access or malware installation. Attackers embed harmful code into seemingly innocuous text or files, posing a significant risk to personal and organizational security. 

Key Takeaways: 

• Clipboard Manipulation: Be wary of copying text from unknown sources. 

• Vigilant Practices: Double-check clipboard content before pasting. 

• Update Security Measures: Ensure software is up-to-date to mitigate risks. 

Stay informed and cautious to protect against these evolving threats. 

For more details, visit Trellix's Blog. 

Fake Leaks of Crypto Wallet Seed Phrases: A Growing Threat 

Scammers are leveraging fake leaks of passwords and seed phrases to target cryptocurrency users. These sophisticated scams involve presenting victims with seemingly real data leaks, enticing them to use malicious crypto management apps. Once installed, these apps steal sensitive information, leading to significant financial losses. 

Key Insights: 

• Fake Data Leaks: Scammers create realistic-looking leaks to deceive users. 

• Malicious Apps: Avoid downloading crypto apps from unverified sources. 

• Increased Vigilance: Always verify the legitimacy of seed phrases and passwords. 

For more details, visit Kaspersky's Blog. 

Aveanna Healthcare Data Breach: Email Accounts Compromised 

Aveanna Healthcare has experienced a data breach affecting 11 email accounts. The breach, discovered on May 9, 2023, potentially exposed the personal and protected health information (PHI) of patients, including names, Social Security numbers, and medical details. Aveanna has since secured the compromised accounts and is offering affected individuals complimentary credit monitoring and identity protection services. 

Key Takeaways: 

• Data Exposed: Personal and PHI compromised. 

• Immediate Actions: Secure email accounts and monitor credit. 

• Preventive Measures: Implement robust email security protocols. 

For more details, visit HIPAA Journal. 

Getting this out a little late. This is a newsletter that I put together for our internal security awareness program. Feel free to grab and use within your own security awareness program. Created with help from ChatGPT.

Rising Threat of Business Email Compromise (BEC) Scams 

The FBI’s Internet Crime Complaint Center (IC3) has warned about the growing threat of Business Email Compromise (BEC) scams targeting businesses and individuals to steal money through fraudulent emails. 

Key Points: 

• What is BEC? Cybercriminals hack or spoof business emails to trick victims into transferring funds or revealing sensitive information. 

• Scam Tactics: 

• Phishing: Fake emails to access business accounts. 

• Spoofing: Deceptive email addresses mimicking legitimate ones. 

• Impersonation: Pretending to be executives or trusted partners. 

• Recent Trends: Increased targeting of real estate, legal, and financial services with sophisticated AI-generated emails and deepfake audio. 

• Impact: BEC scams have caused billions in financial losses annually. 

• Prevention Tips: 

• Verify any fund transfer requests through separate communication channels. 

• Educate employees on phishing and suspicious activities. 

• Use multi-factor authentication (MFA). 

• Monitor accounts for unusual activities. 

• Report suspected scams to the IC3 at www.ic3.gov. 

Stay vigilant and protect your organization from BEC scams. For more details, visit the full PSA on the IC3 website: FBI IC3 PSA. 

Arrests Made in Smishing Text Scam 

The City of London Police has announced the arrest of two individuals connected to a sophisticated smishing campaign using a homemade mobile antenna. This operation involved sending thousands of fraudulent text messages to the public, aiming to steal personal and financial information. 

Key Details: 

• Smishing Explained: Smishing (SMS phishing) involves sending text messages that appear to be from reputable sources, urging recipients to provide personal information, click on malicious links, or download harmful software. 

• How the Scam Worked: The arrested individuals used a homemade mobile antenna to send out mass smishing texts, tricking victims into sharing sensitive data. 

• Impact: Thousands of people received these fraudulent messages, potentially leading to significant personal and financial losses. 

Protect Yourself: 

• Be Skeptical of Unexpected Texts: Do not click on links or provide personal information in response to unsolicited text messages. 

• Verify Sources: If you receive a suspicious message claiming to be from a legitimate organization, contact the organization directly using official contact information. 

• Report Suspicious Messages: Forward suspicious texts to your mobile carrier’s spam reporting service or report them to relevant authorities. 

Stay Informed and Safe: For more details on this case and tips to protect yourself from smishing attacks, visit the City of London Police website: City of London Police Smishing Arrests. 

Stay vigilant and keep your personal information secure! 

Phishing Tactics Targeting Two-Factor Authentication (2FA) 

Recent reports from Kaspersky highlight an emerging phishing technique targeting Two-Factor Authentication (2FA) mechanisms, increasing the risk of account compromise even for those using this added layer of security. 

Key Findings: 

• Phishing Techniques: Cybercriminals are evolving their tactics to bypass 2FA, employing sophisticated methods such as phishing bots and transparent phishing pages to deceive users. 

• OTP Bots: Attackers use bots to automate the process of extracting One-Time Passwords (OTPs) from victims. These bots can mimic legitimate institutions and request OTPs under false pretenses, subsequently allowing attackers to access secured accounts. 

How It Works: 

1. Phishing Bots: These bots send automated calls or messages posing as legitimate services, tricking users into revealing their OTPs. 

1. Transparent Phishing: Attackers create fake login pages that appear identical to the real ones. When users enter their credentials and OTPs, the information is captured and used by the attackers to gain unauthorized access. 

Prevention Tips: 

• Verify Requests: Always verify the legitimacy of any request for personal information or OTPs by contacting the organization directly using known contact details. 

• Educate Employees: Regularly train employees to recognize phishing attempts and the latest tactics used by cybercriminals. 

• Use Advanced Security Measures: Implement multi-factor authentication (MFA) methods that are resistant to phishing, such as hardware security keys. 

Stay Vigilant: Phishing attacks continue to grow in sophistication, posing significant risks even to those who use advanced security measures like 2FA. By staying informed and implementing robust security practices, you can protect yourself and your organization from these evolving threats. 

For more detailed information, visit the full article on Kaspersky's blog: Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling. 

FTC’s Spring Scam Roundup 

The FTC’s latest report highlights prevalent scams and their impact on consumers this spring. 

Key Findings: 

Most Impersonated Companies: 

• Best Buy’s Geek Squad 

• Amazon 

• PayPal 

• Microsoft (highest reported losses) 

• Publishers Clearing House 

Common Contact Methods: 

• Email and phone calls dominate. 

• Social media scams, especially on Facebook and Instagram, result in the highest losses. 

Payment Methods: 

• Investment scams use cryptocurrency and bank transfers. 

• Gift cards are common in romance, tech support, and government impersonation scams. 

Protection Tips: 

• Verify Requests: Always verify unexpected requests for money or personal information by contacting the source directly. 

• Avoid Clicking Suspicious Links: Do not respond to unsolicited messages. 

• Use Secure Payment Methods: Avoid using gift cards, cryptocurrency, or payment apps for urgent payments. 

Stay Vigilant: Scams continue to evolve, posing significant risks. By staying informed and following these security tips, you can better protect yourself and your organization. 

For more details, visit the FTC’s Spring Scam Roundup. 

Stay safe and secure! 

Beware of New Phishing Campaign Targeting Job Seekers 

A recent phishing campaign has been discovered deploying the WARMCOOKIE backdoor, specifically targeting job seekers. Cybercriminals are using fake job offers to lure victims into opening malicious attachments or clicking on harmful links. Once activated, the WARMCOOKIE backdoor allows attackers to gain unauthorized access to the victim's system, compromising sensitive information. 

Key Points: 

• Be cautious of unsolicited job offers. 

• Avoid opening attachments or clicking links from unknown sources. 

• Verify the legitimacy of job offers through official company channels. 

Stay vigilant and protect your personal information! 

For more details, visit the Hacker News article. 

CISA Warns of Criminals Impersonating Its Employees 

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about criminals impersonating its employees in phone calls. These scammers attempt to deceive victims into transferring money by posing as CISA representatives. 

Key Points: 

• CISA employees will never request money transfers, cryptocurrencies, or gift cards. 

• Do not comply with demands for secrecy. 

• Report suspicious calls to CISA at 844-729-2472 or to law enforcement. 

Impersonation Scams on the Rise: Last year, impersonation scams resulted in losses of $1.1 billion, highlighting the growing threat and the need for increased vigilance. Scammers posed as FTC staff as part of the scams. 

“The FBI's 2023 Internet Crime Report revealed a 22% increase in reported losses to online crime compared to 2022, totaling a record $12.5 billion.” 

Tips to Protect Yourself: 

• Verify the caller's identity through official channels. 

• Never share personal or financial information over the phone. 

For more details, visit the Bleeping Computer article. 

Beware of Fraudulent Olympics Ticketing Websites 

Recently, Proofpoint uncovered fraudulent websites claiming to sell tickets for the Paris 2024 Summer Olympics. Notably, “paris24tickets[.]com” appeared as a top search result on Google. This site, designed to mimic legitimate ticketing platforms, aimed to steal money and personal information. 

Key Findings 

• Multiple Fraudulent Sites: Over 338 fake Olympics ticketing websites identified, with 51 shut down. 

• Phishing Tactics: Some sites used search ads, while others used email campaigns offering “discounts.” 

• Safety Tips: Only purchase tickets through the official Paris 2024 ticketing website. 

Stay Safe 

• Verify URLs before purchasing. 

• Be cautious of unsolicited emails offering deals on tickets. 

• Report suspicious websites to authorities. 

Stay vigilant and share this information to help others avoid scams. For more details, visit the full article. 

Social Engineering Scams via Mail 

Social engineering scams aren't limited to digital channels; they can come through the mail too. KnowBe4 highlights a recent case where scammers sent fake refund checks via mail, tricking recipients into depositing them and sending a portion of the funds back. These checks appear realistic, but banks eventually discover they're fake, leaving the victim responsible for the amount. 

Protection Tips: 

• Be skeptical of unexpected checks and financial requests. 

• Verify the legitimacy of any communication by contacting the company directly. 

• Educate yourself and others about recognizing various social engineering tactics. 

For more details, visit KnowBe4's blog. 

Beware of More_eggs Malware Targeting Hiring Managers 

Attention Hiring Managers: 

A new phishing campaign is using fake resume submissions to distribute the More_eggs malware. Cybercriminals target job listings on platforms like LinkedIn, directing recruiters to malicious websites that trigger a malware infection upon downloading a resume. This backdoor malware can steal sensitive data, deliver additional malicious payloads, and grant remote access to attackers. 

Key Recommendations: 

• Always verify the source of resumes and job applications. 

• Scan all downloads with reliable antivirus software. 

• Provide regular security awareness training to all staff, including HR personnel. 

Stay vigilant and protect your organization from these sophisticated attacks. 

For more details, visit the KnowBe4 blog. 

Beware of Fraudulent Olympics Ticketing Websites 

As the excitement for the Paris 2024 Summer Olympics builds, so do the efforts of scammers looking to exploit unsuspecting fans. Proofpoint recently discovered multiple fraudulent websites claiming to sell Olympics tickets, with one notably appearing as a top search result on Google. These sites mimic legitimate ticketing platforms, luring users into providing personal and payment information. 

Key Points: 

1. Fake Websites: Scammers create realistic-looking websites to steal money and personal data. 

1. Search Ads: Fraudulent sites often appear as sponsored search results. 

1. Official Source: Always purchase tickets through the official Olympics website. 

Stay Safe: 

• Verify the URL: Ensure you are on the official Olympics ticketing site. 

• Avoid Clicking Ads: Navigate directly to trusted sources. 

• Be Skeptical: Offers that seem too good to be true likely are. 

For more detailed information, read the full article on Proofpoint's blog here. 

New Threat: "Paste and Run" Phishing 

Overview A new phishing campaign exploits a unique user interaction by tricking users into pasting and executing malicious commands from their clipboard. This technique can install malware such as DarkGate on the victim’s system, bypassing conventional security measures. 

Key Takeaways: 

• Method: Users are instructed to paste clipboard contents into the Windows Run dialog box, executing a malicious PowerShell command. 

• Impact: This method can lead to significant security breaches, installing malware and compromising systems. 

• Prevention: Continuous security awareness training can help users recognize and avoid such phishing attempts. 

Stay vigilant and regularly update your security protocols. For more details, visit the KnowBe4 Blog. 

AI-Driven Travel Scams on the Rise 

Overview Booking.com warns that the rise of artificial intelligence (AI) is driving a significant increase in travel scams. According to Marnie Wilking, the firm's internet safety boss, there has been a 500 to 900% surge in scams over the past 18 months, particularly phishing attacks. 

Key Takeaways: 

• Increase in Phishing: Generative AI tools like ChatGPT are being used to create highly convincing phishing emails, tricking people into handing over their financial details through fake booking links. 

• Targeted Platforms: Scammers often target popular sites like Booking.com and Airbnb, listing fake accommodations to scam users out of money. 

• Detection Challenges: AI-generated content makes scams harder to detect due to realistic images and accurate text in multiple languages. 

For further details, refer to the BBC News Article. 

Protect Yourself from Summer Vacation Scams 

Overview As summer approaches, the excitement of planning vacations is in full swing. However, cybercriminals are also gearing up, exploiting this time to launch scams targeting travelers. Check Point Research (CPR) has observed a significant rise in phishing scams and malicious websites related to summer vacations. 

Key Takeaways: 

• Rise in Malicious Domains: In May 2024, CPR identified that 1 in every 33 new vacation-related domains were malicious or suspicious. 

• Phishing Emails: Scammers are using realistic phishing emails to trick users into revealing personal information. One campaign mimicked Booking.com invoices to lure victims. 

• Malicious Websites: Fraudulent websites like booking-secure928[.]com and hotel-housekeeper[.]com imitate legitimate travel sites to steal login credentials. 

Stay informed and vigilant to protect yourself from these evolving cyber threats. For more detailed information, visit Check Point’s blog on staying safe during summer vacations. 

This is a security awareness newsletter meant for internal distribution. Feel free to grab and share with your company internally.

Steer Clear of Job Scams: Tips for New Graduates 

Be cautious of job scams targeting new graduates. Here are some key takeaways to protect new graduates: 

• Be skeptical of unsolicited offers, especially those coming out of the blue. Legitimate companies typically have established recruitment channels. 

• Guard your personal information. Don't share sensitive details like bank accounts or Social Security numbers in initial communications. 

• High starting salaries with minimal experience requirements are often red flags. Scammers lure victims with unrealistic promises. 

• Do your research! Verify the legitimacy of companies by checking their websites and contacting them directly through listed channels. 

• Don't hesitate to leverage school resources. Career centers can offer guidance and help spot scams. 

• Trust your gut. If something feels off about a job offer, it probably is. Don't be pressured into rushing forward.

By following these tips, graduates can navigate a job search with confidence and avoid falling victim to scams. Remember, protecting your personal information and conducting thorough research are crucial steps towards landing a safe and rewarding job opportunity. 

Love on the Rocks? Watch Out for Verification Scams! 

Looking for love online? While dating apps can be a great way to meet someone special, be on the lookout for scammers trying to exploit your emotions. The FBI recently issued a warning about verification scams targeting dating app users. 

Here's the lowdown: 

• The Scam: Scammers lure you in with the promise of a secure dating experience through a "verification process." 

• The Hook: They'll often move the conversation to a private platform and then send a link to a fake website offering a "free" verification service. 

• The Bait and Switch: This website is designed to trick you into signing up for a fraudulent monthly subscription . 

Don't let love blind you! Here are some tips to stay safe: 

• Be wary of requests to move conversations off the dating platform. Legitimate dating apps have robust security features. 

• Don't click on suspicious links, especially those promising verification. Verify information directly through the dating app's support channels. 

• If something sounds too good to be true, it probably is. Don't fall for promises of guaranteed love matches or enhanced security behind a paywall. 

Remember, online dating requires a healthy dose of skepticism. Trust your instincts, and prioritize your safety! 

Shein Phishing Alert: Protect Your Fashion Finds and Login Info! 

Calling all fashionistas! Watch out for phishing emails spoofing popular online retailer Shein. These emails aim to steal your login credentials and compromise your online shopping accounts. 

Here's the Scheme: 

• The Lure: The email might claim you have an unclaimed order, exclusive discounts, or a problem with your account. 

• The Trap: Clicking a link in the email takes you to a fake Shein login page designed to steal your username and password. 

Don't Fall for Fake Fashion Frenzy! 

• Beware of unsolicited emails, even if they look official. Shein won't contact you about account issues through unexpected emails. 

• Inspect sender addresses carefully. Legitimate Shein emails will come from a Shein domain address, not a random one. 

• Hover over links before clicking. See if the link's destination matches the displayed text. Don't enter your login details on suspicious websites. 

• Always access your Shein account directly through the official website or app. Don't rely on links in emails. 

By staying vigilant, you can protect your hard-earned cash and sensitive information. Happy (and secure) shopping! 

North Korean Threat Actors Targeting Developers with Fake Job Interviews 

A new social engineering attack campaign is targeting software developers. This campaign is likely associated with North Korean threat actors. The attackers are sending fake job interviews that contain malicious software. 

How the Attack Works 

The attackers will send a seemingly legitimate job offer email to a software developer. The email will contain a link to a malicious website or a document that, when opened, will download malware onto the victim's computer. The malware is a Python-based RAT (Remote Access Trojan) that can steal information from the victim's computer, such as files, keystrokes, and browsing history. 

How to Protect Yourself 

• Be cautious of unsolicited job offers, even if they seem to come from a legitimate company. 

• Do not click on links or open attachments in emails from unknown senders. 

• Verify the legitimacy of a job offer by contacting the company directly. 

• Maintain a security-focused mindset during job interviews. If something seems too good to be true, it probably is. 

• Monitor your computer for suspicious activity, such as unknown programs running or unusual network traffic. 

Don't Let Ransomware Hit You Where It Hurts: Protecting Your Family From SIM Swapping 

Cybercriminals are getting more personal in their attacks. A recent report from Mandiant highlights a disturbing trend: ransomware attackers targeting executives by SIM swapping their children's phones. 

What is SIM Swapping? 

SIM swapping is when a scammer takes control of your phone number by transferring it to a new SIM card. This allows them to receive your calls, texts, and potentially even two-factor authentication codes. 

How Can You Protect Yourself? 

• Be Wary of Unusual Activity: Monitor your phone bill for any suspicious changes, like increased data usage or new charges. 

• Enable Two-factor Authentication (2FA): But not with SMS verification! Use a dedicated authentication app instead. 

• Don't Share Personal Information Online: This includes your birthday, address, and even your child's school name. 

• Talk to Your Family: Educate them about SIM swapping and the importance of online safety. 

• Contact Your Carrier: Ask about SIM swapping security measures and how to add additional protections to your account. 

For More Information: 

• How to Protect Yourself from SIM Swapping: https://consumer.ftc.gov/consumer-alerts/2019/10/sim-swap-scams-how-protect-yourself 

Alert: Cybercriminals Exploiting Docusign with Sophisticated Phishing Scams 

Summary: Cybercriminals are increasingly targeting Docusign users by distributing customizable phishing templates on cybercrime forums. These templates closely mimic legitimate Docusign emails, luring recipients into providing sensitive information or clicking malicious links. These attacks facilitate various malicious activities, including credential theft and business email compromise (BEC) scams. 

Key Indicators of Docusign Phishing Emails: 

• Sender's Email: Ensure it originates from the docusign.net domain. 

• Greetings: Genuine emails use your name, not generic salutations. 

• Security Codes: Authentic codes are long and complex. 

• Links: Hover over links to check if they lead to docusign.net. 

• Direct Access: Use Docusign's secure document access instead of clicking links. 

Prevention Tips: 

• Always verify the sender's email address. 

• Avoid clicking on suspicious links and attachments. 

• Contact the sender through trusted channels if in doubt. 

Growing Confidence Among CISOs Despite Rising Cyber Threats 

Overview: According to Proofpoint's 2024 Voice of the CISO report, 70% of CISOs feel at risk of a cyber attack, yet only 43% feel unprepared—a significant improvement from previous years. Despite this growing confidence, human error remains a critical vulnerability, with 74% of CISOs identifying it as a top concern. Encouragingly, the adoption of AI-powered solutions and enhanced employee education are seen as key strategies to mitigate these risks. However, challenges such as ransomware, malware, and employee turnover continue to test cybersecurity resilience. 

Key Points: 

• Rising Confidence: 43% of CISOs feel unprepared for attacks, down from 61% last year. 

• Human Error: 74% of CISOs see human error as the biggest vulnerability. 

• AI Solutions: 87% are deploying AI to combat human-centric threats. 

• Top Threats: Ransomware, malware, and email fraud are major concerns. 

Takeaway: Continuous improvement in AI adoption and employee training is vital for bolstering cybersecurity defenses. 

New Social Engineering Scheme by Black Basta Ransomware Group 

Overview: The Black Basta ransomware group has launched a new mass spam and social engineering campaign, targeting various industries. The attackers flood users' emails with spam and then pose as IT support, convincing victims to download remote access tools like Quick Assist or AnyDesk. This grants the attackers initial access to deploy ransomware and steal credentials. 

Key Points: 

• Spam Overload: Victims receive thousands of spam emails. 

• Impersonation: Attackers pose as IT support to gain trust. 

• Remote Access: Tools like Quick Assist and AnyDesk are used to gain access. 

• Prevention: Block newly registered domains and restrict remote management tools. 

Takeaway: Stay vigilant against unsolicited IT support offers and ensure employees are aware of this tactic. 

From Phish to Phish Phishing: How Email Scams Got Smart

Phishing scams have evolved dramatically over the years, becoming more sophisticated and harder to detect. Here are key points from Check Point's recent article on how email scams have become smarter:

1. Evolution of Phishing Tactics:

   • Old vs. New: Early phishing attempts were often easy to spot due to obvious mistakes like all-caps subject lines, poor grammar, and bad spoofing. Modern phishing emails, however, are much more convincing, using official-looking logos and professional language.

   • Advanced Spoofing: Attackers now use advanced techniques to spoof emails, making them appear as if they come from trusted sources such as banks, government agencies, or company executives. This creates a sense of urgency and legitimacy.

2. Techniques and Vectors:

   • Email and Attachments: Phishing emails often include links to fake websites or attachments that require personal information. These can lead to data theft or malware infections.

   • Vishing and SMiShing: Phishing is not limited to emails. Attackers use voice phishing (vishing) and SMS phishing (SMiShing) to trick victims into revealing sensitive information over the phone or through text messages.

3. Common Scams:

   • Ransomware Delivery: A significant number of phishing emails now deliver ransomware, locking victims' files and demanding a ransom for their release.

   • Fake Alerts: Emails claiming to be from PayPal, Wells Fargo, or even the FBI often contain urgent messages about account issues, prompting victims to click on malicious links or provide personal information.

4. Preventive Measures:

   • Stay Vigilant: Always verify the sender’s email address and look for signs of phishing, such as generic greetings and urgent requests for personal information.

   • Check Links and Attachments: Hover over links to see their true destination and avoid clicking on suspicious attachments.

   • Use Security Tools: Employ email filtering and antivirus software to help detect and block phishing attempts.

By staying informed and cautious, you can protect yourself and your organization from falling victim to these increasingly sophisticated email scams.

Beware the Piano Scam 

Cybercriminals are exploiting unsuspecting individuals with a new scheme known as the "Piano Scam." Victims receive emails offering a free piano due to a family death, but they are asked to pay shipping fees through fake shipping companies. These scammers also collect personal information. Protect yourself by verifying the sender, avoiding clicking on unknown links, and reporting suspicious emails. 

 Key Points:

• Advance Fee Fraud (AFF): The scam involves requesting a small upfront fee for a larger promised reward, in this case, a free piano.

• Payment Methods: Scammers request payment via Zelle, Cash App, PayPal, Apple Pay, or cryptocurrency.

• Personally Identifiable Information (PII): Scammers collect names, addresses, and phone numbers.

• Indicators of Compromise: Emails from unknown senders, requests for upfront payments, and varied sender addresses.