Attention March 13th, 2024 Webinar Attendees, please click here to complete our Survey or Attendance Verification and Credit Request Form. (required for CLE credit)

Watch Out for These Two New Social Engineering Threats

Last update

at

by:

by:

Share

Print Friendly, PDF & Email
One preys on our love of online games.

A pair of new social engineering scams pose increased threats to your business. One preys on our desire for light-hearted online entertainment. The other expands the risk that criminals will steal your sensitive data.

Here are two posts (reprinted with permission) from the blog of KnowBe4, a leading cybersecurity defense company.

Original posts authored by Stu Sjouwerman, CEO of KnowBe4

“We’ve all seen them – quizzes on Facebook asking everything from which Harry Potter character are you, to what state were you born in, to what was your first pet’s name. It seems that none of the people answering these questions saw the scene in the movie Now You See Me where the main characters tricked Arthur Tressler into divulging personal information to be used later against him.

According to security vendor Avast, the new wave of social media quizzes may very well be intent on doing the same thing. “They’re meant to seem so light and fluffy that anyone looking for a boredom-killer might be amused by them. And that’s the point. The creators of these quizzes want them to appear meaningless and harmless. They want everyone to engage whimsically with them. Because in truth, many are phishing attempts at your personal data.”

Because of the seemingly innocent (and entertaining) nature of the quizzes, threat actors using such tactics can easily capture information that is often used as the source of passwords or password reset questions.”

Succession Planning is key to your law firm’s future. Having a succession plan doesn’t mean you’re ready to retire or need to stop work today. It means having a blueprint for your future and a process for transitioning ownership smoothly, seamlessly and profitably. Learn more about succession planning – and how you can design a plan that’s right for your practice – by attending our upcoming live webinar, Success in Succession Planning. Our guest speaker is Camille Stell, CEO and founder of Lawyers Mutual Consulting & Services, who (literally) wrote the book on Designing a Succession Plan for Your Law Practice. One hour of CLE credit has been applied for and is expected to be approved. Register here.

QakBot Expands Business Email Risk

“Representing a new evolution of banking trojan, QakBot proves to be a formidable adversary against security defenses with its’ ability to steal emails – your users.

“The most effective tools a threat actor can have are context and credibility. These are the foundational elements of a really good social engineering scam. Historically, threat actors have simply used online services such as LinkedIn to identify individuals with specific roles in a target victim organization, and any public-facing detail (e.g., social media, press releases, etc.) to craft believable social engineering.

But according to security researchers at Kaspersky, the newest version of QakBot takes the discovery portion of building a social engineering scam to a whole new level. In addition to the ability to steal keystrokes cookie, browser-based passwords, and login credentials, QakBot now has the ability to exfiltrate email content from the infected endpoint. This detail can be easily used in future attacks to establish credibility, commit fraud, and more when used against those in the initial victim’s contact list. This new ability to capture email may be the reason Kaspersky is seeing QakBot’s use is up 65 percent compared to last year.

If you add a QakBot-based attack with a Business Email Compromise attack (which organizations already have as much as an 85 percent chance of experiencing weekly), the added degrees of context and detail potentially extracted from stolen emails could make a malwareless attack all but undetectable to its’ victim.”

Security Awareness Training will help keep employees vigilant against such social engineering tactics, helping to minimize your organization’s threat surface and keep attacks from being successful.”

Sources: KnowBe4.com and KnowBe4.com

If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay on top of ethics and risk management news by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.

Share

Print Friendly, PDF & Email

Related Posts on Altaprorpg.com!

Alta Pro Logo Icon

About the Editorial Staff

In an age of consolidation where increasingly impersonal transactions have made customer service an oxymoron, we bring together independent agents, insurance companies, and other industry specific service providers to develop and deliver insurance products and risk management solutions that benefit our insurance customers.

June 12, 2024 1:00 pm EST
1.0 Ethics Credit
September 18, 2024 1:00 pm EST
1.0 Regular Credit
December 11, 2024 1:00 pm EST
1.0 Ethics Credit

Join Our Newsletter

Occasional newsletters and CLE invites

Find Us on Social

Upcoming CLE Webinar: Cybersecurity Ethics : Start with the Basics

June 12, 2024 1:00 pm EST
CLE Credit: 1.0 Ethics

David G. Ries

Clark Hill

Archives

Need Help?

Visit our Frequently Asked Questions page. 

Or email us directly at info@altaprorpg.com

Or submit your issue in the comment form below and we will respond as soon as possible.