Cybercrime KnowBe4

CyberheistNews Vol 12 #07 [Heads Up] FBI Warns Against New Criminal QR Code Scams

[Heads Up] FBI Warns Against New Criminal QR Code Scams
Email not displaying? | View Knowbe4 Blog
CyberheistNews Vol 12 #07  |   Feb. 15th., 2022
[Heads Up] FBI Warns Against New Criminal QR Code Scams

QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more.

However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things.

QRime Codes

As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals.

The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply.

CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog:

[WEBINAR TOMORROW] Incredible Email Hacks You’d Never Expect and How You Can Stop Them

If you think the only way your network and devices can be compromised via email is phishing, think again!

A majority of data breaches are caused by attacks on the human layer, but email hacking is much more than phishing and launching malware. From code execution and clickjacking to password theft and rogue forms, cybercriminals have more than enough email-based tricks that mean trouble for your InfoSec team.

In this webinar Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist and security expert with over 30-years of experience, explores many ways hackers use social engineering and phishing to trick your users into revealing sensitive data or enabling malicious code to run.

Roger will show you how hackers compromise your network. You’ll also see incredible demos including a (pre-filmed) hacking demo by Kevin Mitnick, the World’s Most Famous Hacker and KnowBe4’s Chief Hacking Officer.

Roger will teach you:

  • How remote password hash capture, silent malware launches and rogue rules work
  • Why rogue documents, establishing fake relationships and tricking you into compromising your ethics are so effective
  • The ins and outs of clickjacking
  • Actionable steps on how to defend against them all

Email is still a top attack vector cybercriminals use. Don’t leave your network open to being vulnerable from these attacks, and earn CPE credit for attending.

Date/Time: TOMORROW, Wednesday, February 16 @ 2:00 PM (ET)

Save My Spot!

Use of Excel .XLL Add-Ins Soars Nearly 600% to Infect Systems in Phishing Attacks

Cybercriminals are taking to more advanced functionality than traditional VBA scripting to both execute complex malicious actions via Excel and to obfuscate their true intention – phishing attacks.

If I had a nickel for every time I heard about a malware attack that used macros embedded in an Office document, I’d have quite a few nickels by now. It’s an age- old tactic that, to this day, remains an effective means to execute malicious code.

But new data from HP Wolf Security’s Threat Insights Report Q4 2021, just released this month, shows a newer tactic very quickly growing in popularity in the form of an Excel Add-In. These add-ins allow individuals to create custom functions using the Excel JavaScript API that can be used – in most cases – across Excel on Windows, Mac, and within a web browser, making this potentially very dangerous.

According to Wolf Security, they’ve seen this technique used in malware we’ve covered here in our blog, including Dridex, IcedID, BazaLoader, Agent Tesla, Raccoon Stealer, Formbook and Bitrat. And in Q4 of last year (the timeframe covered by their latest report), the presence of XLL files increased 588% over Q3.

Emails sent to potential victims include a malicious XLL file as the attachment. Clicking it launches Excel and prompts the user to install and activate the add-in.

Blog post with links:

[New PhishER Feature] Turn the Tables on the Cybercriminals with PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately “flip” a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature that automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER — yes you read that right, no extra cost — so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Wednesday, February 23 @ 2:00 PM (ET) for a live 30-minute demo of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software.

With PhishER you can:

  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox
  • Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, February 23 @ 2:00 PM (ET)

Save My Spot!

As U.S. Tax Season Starts, So Do IRS Scams – Here’s What to Look Out For

It’s that time again, when we all dread finding out if we owe money or not. And cybercriminals are banking on it with a wide range of scams that all impersonate the IRS.

You’d think, by now, people would be savvy to emails and phone calls purporting to be from the IRS saying “you owe money!” or “call us immediately!”. The IRS has posted details about phishing attacks that impersonate them for years (here’s one from 2014 that reads like it’s a relatively new scam). And yet, individuals continue to fall for these scams – mostly due to their ignorance around how the IRS contacts you.

The IRS has taken steps to not just let you know what to expect should they reach out, but they even go as far as to spell out for you the types of tax scams you should be mindful of.

Most of the current scams revolve around simple premises that are designed to both get your attention and strike a little fear into you. According to Nerdwallet, some of these premises sound like the following:

  • “We’ll cancel your Social Security number”
  • “This is the Bureau of Tax Enforcement, and we’re putting a lien or levy on your assets”
  • “If you don’t call us back, you’ll be arrested”

These scams are usually intent on stealing personal data or payment details. So, there are a few things you can do to ensure you’re protected:

  • Pay attention to how they contact you – the IRS doesn’t call, text, email, leave voicemails, or reach out to you via social media. They send you a letter in the mail. That’s it.
  • They don’t ask for payment over the phone – Not credit cards, and most certainly not gift cards!
  • They can’t arrest you, etc. – There is a taxpayer’s bill of rights, an appeal process, etc. Jumping right to arresting you is downright foolishness.

Those organizations putting their users through continual security awareness training are already prepared for IRS-themed and other types of scams, as they are taught to maintain a state of vigilance whenever any unsolicited communication – whether via email, phone, etc. – and to scrutinize the message, it’s sender, and the call to action, all to determine whether it’s a scam or not.

Tell your friends:

Are Any of Your Users Exposed in a Data Breach?

Almost every day we learn about a new data breach. This creates a very important need to address disclosed breaches. Do you know which of your users has put your organization at risk?

KnowBe4’s Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organization’s hidden exposure risk associated with your users.

PET makes it easy for you to identify users with exposed emails publicly available on the web and checks your Active Directory to see if they are using weak or compromised passwords that are part of a known data breach. PET then reports on any user accounts affected so you can take action immediately!

Here’s how the Password Exposure Test works:

  • Checks to see if any of your organization’s email addresses have been part of a data breach
  • Tests against 10 types of weak password related threats associated with user accounts
  • Checks against breached or weak passwords currently in use in your Active Directory
  • Reports on the accounts affected and does not show/report on actual passwords

Get your results in a few minutes! You are probably not going to like what you see.

Find Your Weakness!

Let’s stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: KnowBe4’s PhishER Was Named a Leader in the Winter 2022 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR):

Quotes of the Week

“Never believe that a few caring people can’t change the world. For, indeed, that’s all who ever have.”
– Margaret Mead – Anthropologist (1901 – 1978)

“The best way out is always through.”
– Robert Frost – Poet (1874 – 1963)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

Microsoft: “Sophisticated Hackers Still Rely on Credential Theft”

State-sponsored hackers and sophisticated cybercriminals continue to exploit weak passwords and phishing attacks to compromise networks, according to a new report by Microsoft.

“Cyberattacks by nation-state actors are on the rise,” Microsoft says. “Despite their vast resources, these adversaries often rely on simple tactics to steal easily guessed passwords. By so doing, they can gain fast and easy access to customer accounts.

In the case of enterprise attacks, penetrating an organization’s network allows nation-state actors to gain a foothold they can use to move either vertically, across similar users and resources, or horizontally, gaining access to more valuable credentials and resources.

Microsoft’s researchers explain that these threat actors often have no reason to use more sophisticated methods, since credential theft is so effective. “Spear-phishing, social engineering attacks, and large-scale password sprays are basic nation-state actor tactics used to steal or guess passwords,” the researchers write.

“Microsoft gains insight into attackers’ tradecraft and successes by observing what tactics and techniques they invest in and find success with. If user credentials are poorly managed or left vulnerable without crucial safeguards like multi-factor authentication (MFA) and passwordless features, nation-states will keep using the same simple tactics.”

Microsoft adds that sophisticated ransomware actors use the same techniques, exploiting social engineering, exposed RDP ports, or technical vulnerabilities to gain access to organizations’ networks.

“No matter how much ransomware is out there, or what strains are involved, it really comes down to three primary entrance vectors: remote desktop protocol (RDP) brute force, vulnerable internet-facing systems, and phishing,” Microsoft writes. “All of these vectors can be mitigated with proper password protection, identity management, and software updates in addition to a comprehensive security and compliance toolset.

A type of ransomware can only become prolific when it gains access to credentials and the ability to spread. From there, even if it is a known strain, it can do a lot of damage.”

Multifactor authentication isn’t foolproof, but it makes an attacker’s job much more difficult. New-school security awareness training can give your organization an essential layer of defense by teaching your employees to follow security best practices.

Microsoft has the story:

Brand Impersonation and the Particularly Vulnerable Healthcare Sector

The healthcare sector is particularly vulnerable to phishing attacks, according to Mike Azzara at Mimecast. Employees in the healthcare industry need to be wary of brand impersonation attacks designed to steal credentials or hijack payments.

“As employees get smarter about spotting common cyberattacks, hackers keep getting more creative,” Azzara says. “One of the more sophisticated types of attacks is brand impersonation, in which attackers pretend to be a well-known brand in an effort to get a user’s passwords, obtain sensitive information or install malware.

Healthcare organizations face a far higher brand impersonation threat than other industries due to the combination of overworked staff, shifting IT priorities and an abundance of partners that can easily be impersonated.”

Azzara explains that IT employees at healthcare organizations are often more focused on keeping systems running, which can lead them to place less of an emphasis on cybersecurity.

“It’s common for IT teams at hospitals and health systems to focus on the knowledge base necessary for 24/7 operation of mission-critical systems such as telemetry, electronic health records and remote monitoring,” Azzara writes. “This can lead to gaps in security training among IT teams, which translates to gaps in training for the rest of the staff.”

Additionally, healthcare organizations must deal with a variety of third parties that can be easily impersonated by cybercriminals.

“Healthcare has a complex supply chain,” Azzara says. “Third-party vendors may supply everything from food and laundry to basic medical equipment to multimillion-dollar equipment for operating rooms. Individuals across the organization interact with these vendors every day. In their fast-paced work, they may not notice a slight change to a domain name, corporate logo or ‘Reply To’ address.”

Azzara adds that hospitals communicate with many other healthcare organizations, which further exposes them to phishing attacks. “Hospitals and health systems share information with a wide range of other healthcare entities, including insurers, pharmacies and public health agencies,” Azzara says. “The need and desire to share sensitive information in a timely manner, combined with a heavy reliance on email communication, only adds to the degree of potential mistakes for attackers to exploit.”

Mimecast has the story:

What KnowBe4 Customers Say

“Yes, I am a happy camper! Michael – our KnowBe4 rep – has been extremely helpful! I am new in this role and really appreciated his willingness to help me develop our training plan for 2022. 

The materials he suggested were particularly relevant this month because we faced a targeted phishing attack this week. I have also received very positive feedback from our Data Privacy office on the new compliance course content which came from KnowBe4! Overall, it has a been a pleasure working with KnowBe4.”
– T.K., IT Employee Experience

“Stu, we are very happy with our system. Also, Katie is outstanding and most importantly very patient. We are not moving at the speed of light but we have been successful with rolling out training. I know when we are ready to move to the next step, I can count on Katie for success. Thanks.”
– B.M., Director of IT & CISO, CISSP


The 10 Interesting News Items This Week
  1. Joint Advisory Warns of Ransomware Attacks Targeting Critical Infrastructure:

  2. Gaining Executive Support for Your Security Awareness Training Program:

  3. MSFT blocking some macros by default (finally!):

  4. Russia arrests third hacking group, seizes carding forums:

  5. Russian APT Hackers Used COVID-19 Lures to Target European Diplomats:

  6. NetWalker ransomware affiliate sentenced to seven years in prison:

  7. Kimsuki hackers use commodity RATs with custom Gold Dragon malware:

  8. The DOJ’s $3.6B Bitcoin Seizure Shows How Hard It Is to Launder Crypto:
  9. FBI warns of criminals escalating SIM swap attacks to steal millions:
  10. An ALPHV (BlackCat) representative discusses the group’s plans for a ransomware ‘meta-universe’:

Cyberheist ‘Fave’ Links

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2022 KnowBe4, Inc. All rights reserved.


originally published on

Related posts

CyberheistNews Vol 12 #26 [Heads Up] The FBI Warns That LinkedIn Fraudsters Are Now a Significant Threat


Try the New Compliance Audit Readiness Assessment Today for the SSAE18 Framework


Your KnowBe4 Fresh Content Updates from December 2021