Discover Yahoo! With Your Friends

Explore news, videos, and much more based on what your friends are reading and watching. Publish your own activity and retain full control.

To get started, first

YOUR FRIENDS' ACTIVITY

    IT Security Expert Stu Sjouwerman Warns That Cybercriminals Are Using Publicly Available Email Addresses to Target Employees and Executives’ Spouses

    Clearwater, FL (PRWEB) November 07, 2011

    As cybercriminals continue to expand their arsenal of phishing tactics, Internet Security Awareness Training(ISAT) firm KnowBe4 remains committed to educating small and medium enterprises (SMEs) about emerging threats. IT security expert Stu Sjouwerman, founder and CEO of KnowBe4, is warning clients and the public of two new scams that have making the rounds – spear-phishing lawsuit threats and “whaling.”

    “One of cybercriminals’ favorite tricks is to create emails that purport to be sent by a government agency, bank or other well-known entity, accusing the recipient of some illicit activity and threatening legal action,” explained Sjouwerman (pronounced “shower-man”). “Some of the more cunning crooks use spear-phishing. For example, they might target employees of a specific organization by sending emails that appear to be sent by a legitimate customer, partner or vendor. The urgency of the message and a desire to preserve the business relationship may lead the recipient to click without thinking.”

    Sjouwerman cites a recent spear-phishing campaign detected by the Websense® ThreatSeeker® Network, in which cybercriminals sent emails threatening to sue the recipient for sending spam.(1) The emails were spoofed to make it seem as if they had been sent by established companies, and they claimed to have documented evidence of the spam messages in an attached ZIP file. However, the file actually contained an executable programmed to download malware to the user’s system.

    “These types of scare tactics often prove particularly effective in highly regulated industries, such as insurance, finance and healthcare,” said Sjouwerman. “In these cases, the spear-phishing emails appear to be sent by a regulatory agency. The recipients’ fear of non-compliance often overrules their caution, leading well-meaning employees to take the bait.”

    While employees are generally the primary mark for spear-phishing attacks, some cybercriminals have starting going after executives – an approach referred to as “whaling” – by targeting family members who may be less tech-savvy. A recent Network World article featured insights from two security specialists: Chris Larsen of Blue Coat Systems and Paul Wood of Symantec.cloud.(2) Larsen suggested that cybercriminals are banking on at least one executive having a poorly secured personal computer or home network shared by a spouse who may be vulnerable to spear-phishing. When cybercrooks compromise an executive’s home PC, they can often leverage it to gain access to corporate systems. Wood reported that these types of whaling incidents are on the rise: “Just a couple years ago, we saw one or two of these sorts of attacks per day. Today, we catch as many as 80 daily.”

    Sjouwerman asserts that easy access to corporate email addresses is enabling the latest spate of spear-phishing attacks. “Cybercriminals will conduct a ‘deep search’ to locate email addresses for as many employees as possible within a specific organization. They’ll then use that information to develop a highly targeted spear-phishing email, and send it to individuals throughout the company,” he noted. “If you haven’t implemented formal Internet Security Awareness Training, chances are that at least one person will click on the email – thereby giving intruders open access to your network.”

    To help SMEs determine their “attack footprint” in terms of publicly available email addresses, KnowBe4 offers a free email exposure check(EEC). The firm sends regular EEC updates to customers, and will provide a complimentary one-time EEC service to any company that requests it. In addition, KnowBe4 offers a free phishing security test that enables SMEs to determine what percentage of their workforce is Phish-prone™, or susceptible to phishing tactics.

    KnowBe4’s clients have reported great success with their ISAT implementation. For example, one customer’s database/network administrator stated, “The training has helped a lot, although we still have a handful of people that just can’t seem to resist clicking on links. When we started the training in March, the phishing security test found about 20% of the folks clicked on the phishing link. After training, the next phishing campaign went down to 3%.”

    The administrator ran a series of subsequent tests between July and September to determine which simulated phishing emails were most likely to elicit clicks. He found that banking emails netted fluctuating response rates – from 0% in July, to 7% in August, then back to 0% in September after retraining. Social networking messages garnered a 7% response in July, while August and September emails only lured 3% to click. The highest response rate was for a current events mailing in August (the email claimed to provide a link to the bin Laden kill video), with 15% of recipients taking the bait. These results helped the administrator and his employer determine where to focus the company’s retraining efforts, and which tactics they needed to teach employees to avoid – thereby minimizing the potential for cybercriminals to gain access to the network.

    To learn more about KnowBe4’s Internet Security Awareness Training (ISAT) programs – or to take advantage of the free email exposure check (EEC), phishing security test and other cybercrime prevention resources – visit http://www.knowbe4.com.

    About Stu Sjouwerman and KnowBe4


    Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness training. He and his colleagues work with companies in many different industries, including highly regulated field such as healthcare, finance and insurance. Sjouwerman is the author of four books; his latest is Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

    (1) “‘We are going to sue you’ scare tactic used in malicious emails.” Websense® Security Labs Blog; September 20, 2011. http://community.websense.com/blogs/securitylabs/archive/2011/09/20/_2200_We-are-going-to-sue-you_2200_-spam.aspx

    (2) Vance, Jeff. “The future of malware.” Network World; October 3, 2011. http://www.networkworld.com/news/2011/100311-malware-251426.html?page=2


    Media Inquires:


    Karla Jo Helms


    CEO and PR Strategist


    JoTo Extreme PR


    Phone: 888-202-4614


    http://www.JoToPR.com

    ###

    Karla Jo Helms Ciotti
    Joto Extreme PR
    1-888-202-4614
    Email Information


     

    There are no comments yet

    [ [ [['Connery is an experienced stuntman', 2]], 'http://yhoo.it/KeQd0p', '[Slideshow: See photos taken on the way down]', ' ', '630', ' ', ' ', ], [ [['Connery is an experienced stuntman', 7]], ' http://yhoo.it/KpUoHO', '[Slideshow: Death-defying daredevils]', ' ', '630', ' ', ' ', ], [ [['know that we have confidence in', 3]], 'http://yhoo.it/LqYjAX ', '[Related: The Secret Service guide to Cartagena]', ' ', '630', ' ', ' ', ], [ [['We picked up this other dog and', 5]], 'http://yhoo.it/JUSxvi', '[Related: 8 common dog fears, how to calm them]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 5]], 'http://bit.ly/JnoJYN', '[Related: Did WH share raid details with filmmakers?]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 3]], 'http://bit.ly/KoKiqJ', '[Factbox: AQAP, al-Qaeda in Yemen]', ' ', '630', ' ', ' ', ], [ [['have my contacts on or glasses', 3]], 'http://abcn.ws/KTE5AZ', '[Related: Should the murder charge be dropped?]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 5]], 'http://yhoo.it/JD7nlD', '[Related: Bristol Palin reality show debuts June 19]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 1]], 'http://bit.ly/JRPFRO', '[Related: McCain adviser who vetted Palin weighs in on VP race]', ' ', '630', ' ', ' ', ], [ [['A JetBlue flight from New York to Las Vegas', 3]], 'http://yhoo.it/GV9zpj', '[Related: View photos of the JetBlue plane in Amarillo]', ' ', '630', ' ', ' ', ], [ [['the 28-year-old neighborhood watchman who shot and killed', 15]], 'http://news.yahoo.com/photos/white-house-stays-out-of-teen-s-killing-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120411/martinzimmermen.jpg', '630', ' ', 'AP', ], [ [['Titanic', 7]], 'http://news.yahoo.com/titanic-anniversary/', ' ', 'http://l.yimg.com/a/p/us/news/editorial/b/4e/b4e5ad9f00b5dfeeec2226d53e173569.jpeg', '550', ' ', ' ', ], [ [['He was in shock and still strapped to his seat', 6]], 'http://news.yahoo.com/photos/navy-jet-crashes-in-virginia-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120406/jet_ap.jpg', '630', ' ', 'AP', ], [ [['xxxxxxxxxxxx', 11]], 'http://news.yahoo.com/photos/russian-grannies-win-bid-to-sing-at-eurovision-1331223625-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/a/p/us/news/editorial/1/56/156d92f2760dcd3e75bcd649a8b85fcf.jpeg', '500', ' ', 'AP', ] ]
    [ [ [['did not go as far his colleague', 8]], '29438204', '0' ], [ [[' the 28-year-old neighborhood watchman who shot and killed', 4]], '28924649', '0' ], [ [['because I know God protects me', 14], ['Brian Snow was at a nearby credit union', 5]], '28811216', '0' ], [ [['The state news agency RIA-Novosti quoted Rosaviatsiya', 6]], '28805461', '0' ], [ [['measure all but certain to fail in the face of bipartisan', 4]], '28771014', '0' ], [ [['matter what you do in this case', 5]], '28759848', '0' ], [ [['presume laws are constitutional', 7]], '28747556', '0' ], [ [['has destroyed 15 to 25 houses', 7]], '28744868', '0' ], [ [['short answer is yes', 7]], '28746030', '0' ], [ [['opportunity to tell the real story', 7]], '28731764', '0' ], [ [['entirely respectable way to put off the searing constitutional controversy', 7]], '28723797', '0' ], [ [['point of my campaign is that big ideas matter', 9]], '28712293', '0' ], [ [['As the standoff dragged into a second day', 7]], '28687424', '0' ], [ [['French police stepped up the search', 17]], '28667224', '0' ], [ [['Seeking to elevate his candidacy back to a general', 8]], '28660934', '0' ], [ [['The tragic story of Trayvon Martin', 4]], '28647343', '0' ], [ [['Karzai will get a chance soon to express', 8]], '28630306', '0' ], [ [['powerful storms stretching', 8]], '28493546', '0' ], [ [['basic norm that death is private', 6]], '28413590', '0' ], [ [['songwriter also saw a surge in sales for her debut album', 6]], '28413590', '1', 'Watch music videos from Whitney Houston ', 'on Yahoo! Music', 'http://music.yahoo.com' ], [ [['keyword', 99999999999999999999999]], 'videoID', '1', 'overwrite-pre-description', 'overwrite-link-string', 'overwrite-link-url' ] ]

    News For You

    Loading...