Return-Path: <1921889-424-1022@be3.maropost.com> Delivered-To: edward@transocean.com Received: from vps.transocean.com by vps.transocean.com (Dovecot) with LMTP id AU/pErGDY1nxVgAAInt2oQ for ; Mon, 10 Jul 2017 06:40:01 -0700 Return-path: <1921889-424-1022@be3.maropost.com> Envelope-to: edward@transocean.com Delivery-date: Mon, 10 Jul 2017 06:40:01 -0700 Received: from mta7155.mp2200.com ([162.247.117.155]:8376) by vps.transocean.com with esmtp (Exim 4.89) (envelope-from <1921889-424-1022@be3.maropost.com>) id 1dUYuq-0005m1-Dl for edward@transocean.com; Mon, 10 Jul 2017 06:40:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=default; d=knowbe4.com; t=1499693995; l=1; h=from:subject:date:to; bh=nR4OLZRZ0GUjrRPiikCTwjFrqv567Fsl8w66LhE1mcQ=; b=uLbxTVtknTEEnZLT0/3ShaS4VyzsEYZH33+QN1sZErIuSt1NAPASFLDnQqdZd+Ttk41vo9 Dxy40TIjSGM9IdYRdnbCzS6/l2MQFu2UEqeGIJhHvcAZS/EjaTD9wvT/Xve9JM53i952jn zK3A6sX/cX/2Buj63wgYjm9a9kUn8K0= Received: from [<1921889-424-1022@be3.maropost.com>] ([<1921889-424-1022@be3.maropost.com>] helo=) by 649892-mailer2 (envelope-from 1921889-424-1022@be3.maropost.com) (Jetsend MTA 0.0.1 with ESMTP; Mon Jul 10 09:38:15 EDT 2017 Date: Mon, 10 Jul 2017 09:38:13 -0400 From: CyberheistNews Reply-To: feedback@knowbe4.com To: edward@transocean.com Message-ID: Subject: Scam of the Week: Phishing Moves to Smishing / and More News Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59638345d7254_971c3f81cb0159123823"; charset=UTF-8 Content-Transfer-Encoding: 7bit List-Unsubscribe: X-CampaignID: 424 X-Campaign-ID: 424 X-ContactID: 1921889 X-AccountID: 1022 X-Binding: 162.247.117.155 X-DkimDomain: knowbe4.com X-DkimSelector: default X-Feedback-ID: 424:Maropost X-Spam-Status: No, score=-0.1 X-Spam-Score: 0 X-Spam-Bar: / X-Ham-Report: Spam detection software, running on the system "vps.transocean.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: If you are having trouble viewing this email, click here. http://newsletter.knowbe4.com/a/1022/preview/424/1921889/2334fcde43afbee9a9fce8def177f7cebaca378f This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/424/1921889/2334fcde43afbee9a9fce8def177f7cebaca378f 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/424/1921889/2334fcde43afbee9a9fce8def177f7cebaca378f [...] Content analysis details: (-0.1 points, 3.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: bankinfosecurity.com] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted Colors in HTML 0.0 HTML_MESSAGE BODY: HTML included in message -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% [score: 0.0811] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information X-Spam-Flag: NO ----==_mimepart_59638345d7254_971c3f81cb0159123823 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit If you are having trouble viewing this email, click here. http://newsletter.knowbe4.com/a/1022/preview/424/1921889/2334fcde43afbee9a9fce8def177f7cebaca378f This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/424/1921889/2334fcde43afbee9a9fce8def177f7cebaca378f 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/424/1921889/2334fcde43afbee9a9fce8def177f7cebaca378f ----==_mimepart_59638345d7254_971c3f81cb0159123823 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Scam of the Week: Phishing Moves to Smishing / and More News=
3D""
If you are having trouble viewing this email, click here.
=
Email not displaying?
View = Knowbe4 Blog
CyberheistNews Vol 7 #27 =C2=A0 | =C2=A0 Ju= ly 10th., 2017


Internet bad guys are increasingly trying to circumvent your spam filters= and instead are targeting your users directly through their smartphone w= ith smishing attacks, which are hard to stop.

The practice has been around for a few years, but current new scams are m= ystery shopping invitations that start with a text, social engineering th= e victim to send an email to the scammers, and then get roped into a shop= ping fraud.

These types of smishing attacks are also more and more used for identity = theft, bank account take-overs, or pressure employees into giving out per= sonal or company confidential information. Fortune magazine has a new art= icle about this, and they lead with a video made by USA Today which is gr= eat to send to your users as a reminder. An Australian researcher also ju= st published data to suggest cybercriminals are getting better results us= ing the phone these days.

I suggest you send employees, friends and family an email about this S= cam of the Week, your welcome to copy/paste/edit:

"Bad guys are increasingly targeting you through your smartphone. They se= nd texts that trick you into doing something against your own best intere= sts. At the moment, there is a mystery shopping scam going on, starting o= ut with a text invitation, asking you to send an email for more info whic= h then gets you roped into the scam.

Always, when you get a text, remember to "Think Before You Tap", because = more and more, texts are being used for identity theft, bank account take= -overs and to pressure you into giving out personal or company confidenti= al information. Here is a short video made by USA Today that shows how th= is works: https://www.youtube.com/watch?v=3Dffck9C4vqEM

Obviously, an end-user who was trained to spot social engineering red fla= gs (PDF) would think twice before falling for these scams. The link goes = to a complimentary job aid that you can print out and pin to your wall. Y= our welcome to distribute this PDF to as many people as you can.
https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/SocialEngineeri= ngRedFlags.pdf?

Let's stay safe out there,

Warm regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc.
A report from the FBI and the US Departmen= t of Homeland Security warns of malware attacks targeting mainly nuclear = power stations and energy facilities. The attacks started in May of this = year.

These attacks are getting an amber rating, the second highest level, and = this far look like "credential spear phishing" attacks trying to get to m= ap infiltrated networks. The attackers targeted employees at the organiza= tions through phony resumes with embedded malware and watering hole attac= ks.

Bloomberg reported that: "The chief suspect is Russia, according to three= people familiar with the continuing effort to eject the hackers from the= computer networks. One of those networks belongs to an aging nuclear gen= erating facility known as Wolf Creek -- owned by Westar Energy Inc., Grea= t Plains Energy Inc. and Kansas Electric Power Cooperative Inc. -- on a l= ake shore near Burlington, Kansas. More and links at the KnowBe4 Blog: https://blog.knowbe4.com/russians-are-suspects-in-phishing-attacks-involv= ing-u.s.-nuclear-site
Joseph Steinberg at Inc. Mag wrote: "A UN = report released this week shows that despite global awareness of the prol= iferation of cybercrime and cyber-spying, many nations - including some o= f the world's most developed - suffer from severe deficiencies when it co= mes to cybersecurity.

Furthermore, the study shows, there is a huge range of preparedness when = it comes to the cybersecurity capabilities of the world's most powerful n= ations."

I'm not blaming Steinberg who is a great writer, but pleeez, UN, tell me = something new? Why on earth would the UN cover something that is so blind= ingly clear that a 5-year old could come to that conclusion?

Inc, continued: "The Global Cybersecurity Index was drafted after analyst= s examined the cyber-defense capabilities of 134 countries, focusing on f= ive important criteria - technical, organizational, legal, cooperation an= d growth potential - and ranking nations based on a combination of those = factors. Singapore - a nation skilled at leveraging technological innovat= ions created by others - edged out the United States for the top spot. De= spite any expectations to the contrary, countries like Malaysia, Oman, an= d Estonia also easily beat countries like Canada, Russia, Germany, India,= and Israel."

Looking over the actual results of the United Nations in the last 50 year= s, it generally is entirely ineffective and a waste of money and time. On= ly a few of their units do great work, the rest is mired in corruption an= d red tape.

If you have nothing to do on a rainy Sunday afternoon and are bored out o= f your skull, the full UN report is available online. :-)
http://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI-2017.aspx
Cleveland Medical Associates is offering a= bout 22,000 patients identity protection services after a ransomware atta= ck against the practice. The practice is offering a year of protective se= rvices through Equifax to both current and former patients whose informat= ion may have been affected.

The breach was discovered the morning of April 17. =E2=80=9CWe were unabl= e to determine with reasonable certainty whether or not there was an unau= thorized access of your information. However, we are providing you with n= otification of this incident.=E2=80=9D they told patients in a notificati= on letter.

Protected health information that could have been compromised includes pa= tient names, addresses, demographics, telephone numbers, email addresses,= clinical information, insurance billings and Social Security numbers.
Are Ransomware Infections Considered a Data Breach?

Regulators are starting to lean that way, especially in healthcare. HIPAA= violations include unauthorized access to protected health information a= nd the case is argued that a ransomware infection qualifies as such. This= issue is making its way through both the courts and regulative process a= nd I expect sooner rather than later that a consensus will be reached tha= t an infection does indeed constitute a data breach and should result in = a breach notification.

The Two Steps How to Prevent This

Based on the most recent compilation of HIPAA audits done by the Office f= or Civil Rights (ORC), an organization within the U.S. Department of Heal= th & Human Services, OCR found that lack of privacy and security awar= eness training led to the highest number of audit findings. Not having fo= rmal policies and procedures in place for protection of PHI as well as ge= neral lack of understanding of HIPAA requirements were the next most comm= on occurrences of findings.

One: Not having proper security awareness training can lead to an = untrained user clicking a link within an email and causing a ransomware i= nfection. Breaches lead to increased audit scrutiny and without an unders= tanding of the HIPAA requirements and incomplete policies there could be = fine increases. Step all users through short, interactive training module= s and then test them with frequent simulated phishing attacks.

Two: The KnowBe4 Compliance Manager (KCM) can help with understand= ing what requirements need to be satisfied and gives you a platform for b= eing able to demonstrate compliance with those requirements. KCM helps yo= u to get compliant and more importantly stay compliant year-round. Does t= his compliance curve look familiar?
https://www.knowbe4.com/hs-fs/hub/241394/file-569662386.jpg

Available as a Trial Account

You can test KCM for yourself using one of the KnowBe4 pre-built complian= ce requirements templates listed below. Request a demo and get a walk-thr= ough of KCM to get started.

Available Compliance Requirements Templates

The following are a list of the currently available pre-build compliance = requirements templates offered for KCM. If a regulation you need is not l= isted below you can simply build your own using our custom templates feat= ure:
  • PCI-DSS
  • HIPAA
  • ISO 27001
  • NIST SP800-53
  • NIST Cyber Security Framework<= /li>
  • FFIEC Cybersecurity Assessment Tool
  • CIS Critical Security Controls=
  • COSO Fundamentals
  • ACCSC Accreditation
  • NIST SP800-171 Protecting Controlled = Unclassified Information
  • SEC OCIE Cybersecurity Examination In= itiative
  • AICPA SSAE16 SOC 2 Trust Services Pri= nciples with Privacy
  • Cloud Security Alliance - Cloud Contr= ols Matrix 3
  • New York State - Department of Financ= ial Services - 23 NYCCR 500 Cybersecurity Requirements
  • FDA 21 CFR Part 11 Requirements for E= lectronic Records
See how you can get through an audit i= n half the time and half the cost: Request a Demo: https://www.knowbe= 4.com/demo_kcm
Today, your employees are frequently expos= ed to sophisticated phishing and ransomware attacks. Old-school security = awareness training doesn=E2=80=99t hack it anymore. More than ever, your = users are the weak link in your network security.

Join us on Wednesday, July 12, 2017, at 2:00 p.m. (EDT) for a 30-m= inute live product demonstration of KnowBe4=E2=80=99s Security Awareness = Training and Simulated Phishing Platform to see the latest features and h= ow easy it is to train and phish your users:
  • Social Engineering Indicators = patented technology, turns every simulated phishing email into a tool IT = can use to instantly train employees.
  • Access to the world's largest libr= ary of awareness training content through our innovative Module Store= .
  • Send Simulated Phishing tests = to your users during specified business hours with "Reply-to Tracking" th= at shows you which users fall for spoofed emails and what they answer to = the bad guys.
  • Active Directory Integration a= llows you to easily upload, sync and manage users, set-it-and-forget-it.<= /span>
  • Reporting to watch your Phish-= prone percentage drop, with great ROI.
Find out how 11,000+ organizations have m= obilized their end-users as their last line of defense. Register Now:
= https://attendee.gotowebinar.com/register/8809289744464830722

Warm Regards,
Stu Sjouwerman

Quotes of the Week
"We can easily forgive a child who is af= raid of the dark; the real tragedy of life is when men are afraid
of the light." - Plato - Philosopher

"Let the refining and improving of your own life keep you so busy that= you have little time
to criticize others." - H. Jackson Brown, Jr. - Author
=C2=A0

Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-7-27-scam-of-the-week-phishin= g-moves-to-smishing-/-and-more-news
Security News
Can Frequent Security Training Help Thwart "As-A-Service" Attacks= ?

Nicole Henderson at WindowsITPro wrote: "The on-demand economy has made l= ife a lot more convenient. But it=E2=80=99s also made it a lot more conve= nient for the wrong people, take cybercriminals for example, who are able= to buy phishing attacks as a service with nothing more than a Bitcoin wa= llet.

Cybercriminals are rapidly developing services that they sell on the dark= web, or what KnowBe4 CEO Stu Sjouwerman calls =E2=80=9Cservices by crimi= nals for criminals.=E2=80=9D

In recent years, cybercriminals have developed platforms where =E2=80=9Ce= very wannabe cyber crim[sic] can just go to that website, pay a fraction = of a Bitcoin, and send out a phishing campaign in a few hours instead of = having to do all of this stuff themselves,=E2=80=9D Sjouwerman said. So n= ot only are phishing attacks and ransomware becoming more sophisticated, = but they are also becoming much more accessible, making a dangerous combi= nation for ill-prepared organizations. Full article:
http://windowsitpro.com/security/can-frequent-security-training-help-thwa= rt-service-attacks
Cyberattack Forces Hospital to Scrap Computers

Princeton Community Hospital in rural West Virginia will scrap and replac= e its entire computer network after being struck by the cyberattack paral= yzing computers globally.

The cyberattack, known as Petya, froze the hospital=E2=80=99s electronic = medical record system early Tuesday, leaving doctors unable to review pat= ients=E2=80=99 medical history or transmit laboratory and pharmacy orders= , said Rose Morgan, the hospital=E2=80=99s vice president of patient care= services.

Officials were unable to restore services, and found there was no way to = pay a ransom for the return of their system. So, after consulting with th= e Federal Bureau of Investigation and cybersecurity experts, officials ma= de the decision to replace the system. Full article at Wall Street Journa= l (note: there is a paywall)
https://www.wsj.com/article_email/cyberattack-forces-west-virginia-hospit= al-to-scrap-its-computer-systems-1498769889-lMyQjAxMTE3OTM2MDkzNjAzWj/
Palo Alto Networks: Evolving Ransomware Is the Biggest Cyber Secu= rity Threat

INTERVIEW: Silicon talks cyber security threats with Aaron Miller, senior= technologist at Palo Alto Networks.

Cybersecurity is a typically one of the fastest moving areas of the techn= ology world, with zero-days cropping up on a highly regular basis and old= malware resurfacing in a refreshed form, poised to wreak havoc on seemin= gly protected networks.

Unfortunately, that situation is not likely to change anytime soon, accor= ding to Aaron Miller, senior technologist at Palo Alto Networks.

At Silicon=E2=80=99s stand at Infosecurity 2017, Miller echoed the genera= l trend of ransomware retaining its position at the top the malware threa= t pile.

=E2=80=9CI think it would be remiss to not mention WannaCry,=E2=80=9D sai= d Miller, referencing the ransomware attack that spread voraciously acros= s many systems worldwide.

=E2=80=9CRansomware is very prevalent; we=E2=80=99re seeing different ite= rations of ransomware hitting the marketplace.=E2=80=9D Full article at:<= br> http://www.silicon.co.uk/security/ransomware-palo-alto-networks-216505?in= f_by=3D593e3e01671db8a87c8b4a3a
SANS July Issue of OUCH!

They said: "We are excited to announce the July issue of OUCH! This month= , led by Guest Editor Steve Armstrong, we focus on Gaming Online Safely a= nd Securely. Online gaming is a fun and great way to meet and play with o= thers. However it comes with its own set of risks, especially for kids. L= earn how to securely and safely game online, to include advice for childr= en. Share OUCH! with your family, friends, and coworkers.
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201707_en.= pdf English Version (PDF)
Can You Be Spoofed? Find out for a Chance to Win.

Did you know that one of the first things hackers try is to see if they c= an spoof the email address of someone in your own domain? Now they can la= unch a "CEO fraud" spear phishing attack on your organization.

KnowBe4 can help you find out if this is the case with our complimentary = Domain Spoof Test and enter you to win an awesome Stormtrooper Helmet Pro= p Replica at the same time.

Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collect= ible stainless steel lock-pick business card!

To enter just go here fill out the form, it's quick, easy and often a sho= cking discovery. Yep, it=E2=80=99s that easy.
https://info.knowbe4.com/dst-sweepstakes-062017
Interesting News Items This Week

Ransomware Attack Affects 500,000 Patients:
http://www.bankinfosecurity.com/ransomware-attack-affects-500000-patients= -a-10057

Phishing and Social Engineering Cause Over Half of All Cyber Incidents: https://www.infosecurity-magazine.com/news/phishing-and-social-engineerin= g/

Cyber Attacks Have Long-Lasting Business Impact: Lloyd=E2=80=99s of Londo= n:
http://www.oann.com/cyber-attacks-have-long-lasting-business-impact-lloyd= s-of-london/

Classic Ether Wallet Compromised Via Social Engineering:
https://threatpost.com/classic-ether-wallet-compromised-via-social-engine= ering/126657/

Breached Bitcoin Bithumb Bosses Blame Bod's BYOD =E2=80=9CHumans Still Th= e Weakest Link=E2=80=9D:
http://www.theregister.co.uk/2017/07/06/bithumb_hack/

SMBs need to fortify their =E2=80=98human firewall=E2=80=99 with cybersec= urity training:
http://thirdcertainty.com/infographics/smbs-need-to-fortify-their-human-f= irewall-with-cybersecurity-training/
Cyberheist 'Fave' Links=
This Week's= Links We Like, Tips, Hints and Fun Stuff
  • People are Awesome - Best of the Month= - June 2017:
    http://www.flixxy.com/people-are-awesome-best-of-the-month-june-2017.htm= ?utm_source=3D4

  • If You Solve This In 30 Seconds You Ar= e A Genius! This is a fun pattern recognition drill that you can only do = once:
    http://www.flixxy.com/if-you-solve-this-in-30-seconds-you-are-a-genius.h= tm?utm_source=3D4

  • Counteracting the current mind-set tha= t everything is terrible, some 65,000 fans waiting for the sold-out Green= Day concert in London=E2=80=99s Hyde Park on July 1 organically collabor= ated on a giant, life-affirming sing-along: Queen=E2=80=99s =E2=80=9CBohe= mian Rhapsody,=E2=80=9D
    https://flipboard.com/@flipboard/-great-job-internet-find-hope-for-human= i/f-eaaae1f4ea%2Favclub.com

  • This is a super viral YouTube 1:15 tha= t's just silly, irreverend and plain fun:
    http://www.flixxy.com/hi-i-am-steve.htm?utm_source=3D4

  • Recommended Cybersecurity TED Talks | = Last updated June 22, 2017:
    https://infosec-conferences.com/events/cybersecurity-ted-talks/
  • More TED - Playlist (10 talks): Short = talks to watch during your coffee break:
    https://www.ted.com/playlists/467/short_talks_to_watch_during_yo    <= /li>
  • You Have More In Common With the World= Than You Think:
    http://www.flixxy.com/you-have-more-in-common-with-the-world-than-you-th= ink.htm?utm_source=3D4

  • David Blaine performs some amazing car= d tricks at The Tonight Show before freaking everyone out with an illusio= n no one expects:
    http://www.flixxy.com/david-blaines-magic-act-at-the-tonight-show-is-inc= redible.htm?utm_source=3D4

  • 'Elmo' the dog is a Chihuahua and a St= affordshire Bull Terrier mix. He is also a little greedy:
    http://www.flixxy.com/the-sausage-thief.htm?utm_source=3D4

  • The ultimate 3500-word guide in plain = English to understand Blockchain:
    https://www.linkedin.com/pulse/blockchain-absolute-beginners-mohit-mamor= ia?

  • Jordan and Bradly D'Souza set out in a= Tesla Model S 85D on July 1st from LA to NY and set a new record by arri= ving in 51 Hours and 47 Minutes, besting the previous record held by Alex= Roy and friends of 55 hours by a whopping 3 hours and 13 minutes:
    https://www.youtube.com/watch?v=3DwleUNEYXxb0&feature=3Dyoutu.be
Twitter | LinkedIn | Google | YouTube
Copyright =C2=A9 2014-2017 KnowBe4, Inc. All rights reserved.<= /div>
=C2=A0
=C2=A0
=C2=A0 This email was sent= to edward@transocean.com by feedback@knowbe4.com

33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA
=C2=A0 		=C2=A0
----==_mimepart_59638345d7254_971c3f81cb0159123823--