Archive

Posts Tagged ‘social engineering’

Got Security?

April 1, 2015 Comments off

SecuritySecurity is a topic that’s on everyone’s minds these days. And there’s a good reasons for it: Security is important. Now, that might sound like a tremendous understatement, but it’s the truth. In fact, the truth is that security is the top concern for most of the world’s businesses. It should be. Every day you read about another significant breach of a major retail chain, of a bank, or even of a government site. Prominent companies are under constant attack from so-called “black hat” or criminal hackers whose sole purpose is to compromise data, steal valuable data, and to expose vulnerabilities in your security.

If you think that you’re safe, for whatever reason that you’ve told yourself, you aren’t. If you’ve ever had a fraud alert from a credit card company or your bank, then you realize how vulnerable you really are.

Unfortunately, as a customer of a restaurant, of a clothing store, of an online vendor, or of your corner market, you’re vulnerable to credit card and, ultimately, identity theft. While the point of this post is to inform you, rather than to scare you, please note that the threats are real and that you should take more care and practice vigilance in the use of your identity, including your credit cards, debit cards, and online accounts.

If you own a business, you owe it to yourself and to your customers to make every effort to prevent breaches of your company information, your personal information, and your customer’s information. It’s not easy to do by yourself. There’s all kinds of advice, good and bad, on the Internet about how to protect yourself, how to recover from identity theft, and how to go on the security offensive for you, your business, and your family.

Bad information is worse than no information at all. You can put yourself at greater risk by listening to alleged experts than you can by playing it smart and hiring a security consultant who can find out exactly what the bad guys can find out about you and your business.

It works something like this: If you want to find out how vulnerable your house is to break-ins, who would you hire–a clean-shaven, upstanding, taxpaying citizen who’s never been arrested for breaking and entering or would you be smarter to hire a reformed bad guy to tell you how it’s really done? If you’re smart, you’ll hire the person with a criminal background who’s gone straight to figure out where you’re vulnerabilities are.

On the same hand, if you want to test your company’s or your personal security, you should hire someone who’s hacked for a living–in the criminal sense.

That’s the service I’m offering you. I have a select group of former black hat hackers as my associates who’ll put your security through its paces. Further, we’ll help you mitigate the flaws we find* and tell you how to fix the problems.

Here is a partial listing of our services:

  • Identity fraud checking/fixing
  • Employee Social Engineering checking/fixing
  • Website Penetration/Vulnerability analysis
  • Company penetration/information grabbing
  • Training and prevention

If you’re not 100 percent sure of how vulnerable you might be, here are some examples:

About four years ago, I bought a cake from a local bakery and used my debit card for the purchase. One of the workers there used my card to buy pizza and some other things that he’d had delivered to his girlfriend’s house. Once I found the fraudulent charges, I tracked him down, via his girlfriend and confronted him. I won’t go into detail, but I did make an impression. The bank investigated and made good on the losses to my account.
That scenario is common, except for the part where you get to confront the perpetrator. Typically, the guilty party is so far away that you’ll never find him. Bad for you, but great for him.

My wife paid my son’s technical school tuition with a credit card only to find later that we’d been charged an additional $1,800 for services that we’d never heard of, much less purchased. We contacted the vendor and explained the situation and they promptly removed the charges.

I receive calls from unknown numbers on a weekly basis, trying to have me answer so that my phone can be charged bogus fees or to verify my number for fraudulent charges. I Google the numbers to verify their legitimacy. So far, all of them have been sources of fraud.

Yes, these things actually happened to me/us. These are only three examples and we’re only one family in 750 million that’s had our accounts or cards compromised. Think about the repercussions of poor security on you, your family, and your business. Your integrity and reputation, not to mention your credit score, are at risk. It’s made us all a lot smarter about how we transact business these days.

So that you realize that we’re trying to help you, I’m going to offer you a free list of 10 things you can do to make yourself more secure today.

  • Google yourself – Contact all of the “public information” carriers/resellers and have them remove your information from their databases.
  • Do Not Call lists – Go to https://www.donotcall.gov/ and register to have your phone numbers removed.
  • Mall survey cards – Never fill out one of those mall survey cards or enter any contest at a mall or other retail establishment.
  • Unrecognized phone numbers – Never answer calls to your cell phone when you don’t recognize the phone number.
  • Use cash – Carry cash with you and avoid using credit/debit cards as much as possible.
  • Email attachments – Don’t open email attachments that don’t make sense and don’t respond to those emails.
  • Nigerian Princes – Never respond to any email from a Nigerian Prince who wants you to deposit money in a bank account for him.
  • Ignore “You’re a Winner!” emails – If you didn’t enter it, you didn’t win it.
  • Passwords/SSNs – Never give your passwords or Social Security Numbers to anyone over the phone.
  • Account-oriented emails – No online service will ever request your password or a login via email.

If you’d like to discuss your security or your security concerns, you may contact me via email at ken@kenhess.com. I’ll be glad to setup a time to call you and discuss your concerns and how we can help you get a handle on your personal or business security. Don’t be a victim. Don’t be a statistic. Learn to fight back by finding out what the bad guys know about you and how to fix it.

*Ask about our 50 percent rebate plan.

Advertisement
Categories: Articles, Hot Topics Tags: , , , , , , , , , , ,

KnowBe4 Issues Alert: Social Engineering Threats Soaring

December 3, 2014 Comments off

KnowBe4Tampa Bay, FL (Dec 3, 2014) KnowBe4 issued an alert today warning of a recent spate of high profile social engineering attempts targeted at prominent businesses. One such attack includes high profile financial advisors, officers and deal makers, thought to be an attempt to gain a Wall Street edge. The FBI also alerted private sector companies that targeting of their networks is a significant threat as reported by Reuters lateMonday. Not to be left out, small business and consumers are being targeted with fake IRS agents looking for a little extra dough for the holidays along with an uptick in phishing emails posing as  Costco, Home Depot and a variety of shipping sources.

Stu Sjouwerman, KnowBe4 CEO said, “Hackers will use as many avenues to break in as they can dream up, but social engineering is one of the favored. We are hitting the season when online shipping is at a peak and employees become much more complacent. It is important to keep users alert and aware of how much a target they are, especially during scam season.” Furthermore, Sjouwerman warns, “I cannot think of a more urgent reason to step all employees through effective security awareness training to keep them on their toes with security top of mind.”

Similar to a magazine’s editorial calendar, hackers have a “scam calendar” that focuses on events and opportunities to take maximum advantage of unsuspecting users or lax employees. These malware campaigns don’t discriminate between home or office and use social engineering to trick users. Millions of such phishing emails are sent each day and just one user in a hurry clicking on something might take down a system or a company.

Sjouwerman offers this advice:

1) Be on the lookout for “Shipping Problem” emails from from FedEx, UPS or the US Mail, where the email claims they tried to deliver a package from (for instance Apple Computer) but could not deliver due to an incomplete address. “Please click on the link to correct the address and you will get your package.” If you do, your computer is likely to get infected with malware. Warn everyone in the family, especially teenagers.

2) Watch out for alerts via a TEXT to your smartphone that “confirm delivery” from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think Before You Click!

3) Reiterating a warning KnowBe4 sent out a few weeks ago, there is a fake refund scam going on that could come from a big retailer. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device may be infected with ransomware.”

If not a customer, KnowBe4 will allow IT managers to create a free account and send a simulated phishing test to 100 users to see what the Phish-prone percentage of your organization is.

For more information visit: www.KnowBe4.com

Additional links:
Reuters story: http://www.reuters.com/article/2014/12/01/us-sony-cybersecurity-malware-idUSKCN0JF3FE20141201
Social engineering: http://www.knowbe4.com/what-is-social-engineering/
Security Awareness Training: http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Ransomware: http://blog.knowbe4.com/bid/400080/New-Flavor-of-Ransomware-Is-More-User-Friendly

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Categories: Contributed Articles Tags: , , , , , , , , , ,
CrapDance Film Festival

It's a real shit show

Experimental Film Fest

A refuge for art house, avant-garde, experimental, exploratory, and silent cinematic creations

False Pretense Films

Films with a Twist

I'm Just Trying to Help

Helpful Hints, Tips, Tricks, and Info

5K a Day 2017

Our 2017 fitness goal

The securityNOW Podcast Show

Cybersecurity News and Interviews

chichiforme.wordpress.com/

LoneStarFreedomPress

Phoenix Republic - The Lone Star Gambit / Sovereign's Journey

%d bloggers like this: