It’s important that we help educate others that these scams do still happen. Lower income, unemployed and retired people are especially prone to this sort of scam. It sounds like easy money, and even appeals to the undercover 007 type in most of us, but it can do a number on your bank account.
Key thing to remember is, if someone sends you a check and asks you to send the change, it’s a scam. This doesn’t matter if it’s a car purchase on ebay or craigslist, or anything else, don’t do it. Checks can take a long time to clear, or be found to be fake, and you are held holding the bag.
Mystery shopping is the SCAM OF THE WEEK here at KnowBe4, and there is some good info on what to look for, and something you can copy/paste for friends and family. Check it out.
Please note, this is a reposting of some previous entries made in 2016 when my position was eliminated and I found myself unexpectedly unemployed. This is being reposted here simply for the purpose of preservation as I am not maintaining the old site much. In any case, enjoy if you feel like reading it:
Day 12 of unemployment – Arizona Football and Wal-Mart Bathrooms
Day 12 of unemployment – This is a small update, and for this, I’m going to have to take it back to the previous night. You see, there was this football game. This game you see, pitted my Arizona Cardinals against the Green Bay Packers and was for moving ahead in the post-season. This game started at 8:30pm Florida time, it ended late. I mean really late. On top of that, it was a great game. One of those “did you see the game?” games. This was full of crazy plays, including an almost impossible “hail mary” and a coin flip where the coin did not actually flip. Couple this is a night full of storms, and bammo, not much sleep.
On a plus note, we were able to spend some quality time with the chicken-dog when the thunder happened. Oh, yeah!
That made my 0800 call time at church where I was working as the Producer, a bit of a challenge. I don’t think I really woke up until halfway through the 2nd service. No one seemed to notice so all was well. I was happy to realize that at least I was wearing pants.
Other than that, I spent most of the day working a firearm trade and eating various things. Overall, a day well spent.
Oh, a message to my fellow male people. When you are using a public toilet, please lift the lid before you pee in (or on) the toilet. This was even low for Wal-Mart standards. Not cool. Seat, UP, Leave it if you must, I won’t complain.
Day 13 of unemployment – Return of My Nemesis
Day 13 of unemployment – Today is Martin Luther King Day, so many others joined me on my quest to do very little. I actually kind of failed at that despite sleeping in until 10am. More practice is obviously needed.
I got a few things knocked off the ‘Honey-do’ list and we did go do a little target shooting. I know some folks are anti-gun, but I find target shooting very therapeutic. There is a focus and concentration that needs to be attained to be accurate while others are unloading the fury of their bangstick of choice 3 feet on either side of you. Couple this with dodging hot brass cases flying at you, and you have the makings of a good time indeed. Indoor ranges make this especially challenging. In the end, I managed to do pretty well even though it has been a while.
Upon returning home, I got to enjoy part one of the two pig-men episodes of Doctor Who. While I don’t really like Martha as a companion, I still go back and forth between David Tennant and Matt Smith as my favorite Doctors. Yeah, I admit it, I’m a nerd like that.
While watching the episode, Maci, our spastic fuzzball of a dog started losing her mind looking out the back door. When we let her out, she was like a shot straight to the BBQ grill. Yep, you guessed it, my little brown rodent friend is back. Given the paralyzingly cold Florida weather we had tonight (it was 57 degrees Fahrenheit out there people!) I was not shocked that it had returned to the grill. I opened the grill doors and saw nothing, but given the dog’s maniacal circling of the grill, I knew it must be around somewhere. When I slid out the grease drip tray a little, there it was staring at me with those hollow brown eyes and razor sharp teeth. This thing must have been 6… ok 5… maybe 3 feet… er, inches long. OK, size doesn’t matter OK, it was a murderous rodent and it was looking right at me.
Have you ever looked in to the eyes of a cold blooded killer? Me neither, but I’ll bet it is really close to what happened here. I could hear it chanting, “Redrum. Redrum!” as it prepared to spring at me, aiming no doubt for the jugular! I frantically looked around for something to smack it with, a shoe, a stick, a small car, whatever! While I was looking, it made its escape and shot out the back of the grill and headed toward its hold in the lanai screen. The dog was right there though, and using all of the hunting skills it has perfected by laying on her cushy dog bed all day, she did a masterful job of completely failing to catch the mouse. She did however fire herself through the lanai door (thankfully sparing the screen) and chased that little booger all around the yard, eventually in to the 8’ hedge we have in our yard.
I am hoping one of the snakes that inhabit that hedge will eat the mouse, but if not, we will meet again and I will have a mouse pelt for sale shortly after word!
Tomorrow I have an interview at 2pm with the owner of a business. This will be my 3rdinterview with the company, and I am supposed to meet the HR Manager right afterword. I’m trying not to be too excited about this, but I am. Here’s to hoping for a win tomorrow!
Day 14 of unemployment (recap) – Torture Devices and More
Today, nothing really happened. Well, that’s not true because I did have my 4th interview (my wife corrected me when I said yesterday it was my 3rd). I guess what I’m saying is nothing FUNNY really happened. Well, that may not be true either. I got to take my youngest kid to the orthodontist and learn about this piece of medieval piece of hardware they recently installed in her mouth. This particular piece of torture gear is called an “expander”. As far as I can tell, it’s a device similar to the infamous “rack” of lore, only it pushes teeth apart instead of stretching things out.
Because we live in the world we do, the orthodontist has enlisted us, the parents, as the torture administrators. We have to take a “key” twice a day and “turn” the device. What this means is, we turn a screw in this thing which pushes the teeth apart. This doesn’t seem pleasant and my child reports it makes her nose hurt. I’m not sure I’m in board with making her head wider, but hey, we are playing for the privilege. I think I’ll transfer this chore to my wife and give the kiddo ice cream or something. Staying the “good” parent isn’t always easy. :snicker:
The mouse has not returned, but I’m keeping an eye on things. This isn’t over yet.
Today, I’m going to keep applying for jobs and see if anything new comes along. I am still excited about the 2 opportunities in the hopper, but as of right now, no offers. I hope that changes today as well. I’ll let you know.
This is really getting stupid. School after school are sending the teacher’s W2 to scammers. Groton Public Schools in Connecticut is the focus of this post. You know, because teachers don’t have enough to deal with, what with miniature humans eating the all of the paste and creating mayhem by the truckload.
And again I find myself reporting on a W2 scam. This time, It’s Yukon Public Schools that fell for a phishing scam and emailed W2’s to scammers. Superintendent Dr. Jason Simeroth said the email looked like it was sent from him, then later in the story it was mentioned that it was spoofed from an AOL email address. Really? AOL in this day and age? This is twice today I have heard of people using AOL email. I really thought it was dead.
Kids, today’s lesson is, if you are handling sensitive information or transferring money, you might want to pick up the phone BEFORE you hit send. Just sayin.
So, I’ve been playing with Kippo and Dionaea using the Modern Honey Network (MHN) tool and having some fun with it. At this point, I’m going to reload my Kippo box at home and deploy it with Dionaea as well rather than WordPot. I like being able to see the different types of attacks on FTP and HTTP, but I’m having some trouble with the config.
Currently, FTP will make a connection, but fails to send a directory listing. Likewise, I am not capturing any binaries right now. I tried making the folder wide open (777 & nobody:nogroup) but still no luck. If you have any ideas, let me know please. I want to start playing with captures. In the meantime, my pew pew map is about done collecting sources now. Few of the attacks come from a new place now.
Pew Pew Pew!
Mucho attacks, no binaries captured. I do have pcap’s, but I want some malware files! 🙂
After taking some time off, Cryptolocker appears to be back in a very aggressive campaign, and it has some new ‘features’. It’s sent via Word docs with a PowerShell script, infects and spreads via shared files, and it’s also grabbing credentials as well.
Right now it appears to be targeting Europe, especially Italy, but we need to keep our eyes open regardless of where we live.
Please note, this is a reposting of some previous entries made in 2016 when my position was eliminated and I found myself unexpectedly unemployed. This is being reposted here simply for the purpose of preservation as I am not maintaining the old site much. In any case, enjoy if you feel like reading it:
Day 9 of unemployment – (Recap) – Crack-aland
Day 9 of unemployment – (Recap) – This is really getting silly now. I was in a suit again, this time at 6:20 in the morning. I was getting ready to head for an interview again, only my truck would not start. Great. I took Jen’s car instead. Why was I leaving at 6:20? Well, Google was kind enough to estimate my travel time between 40 minutes and 1 hour and 40 minutes to the interview in Tampa. That’s a bit of a difference.
Well, I got there in about an hour, leaving me a while to sit around, so I decided to find a nice Starbucks or something to hang out at. Well, turns out this is not a “Starbucky” neighborhood. It was however more of a street crack peddling, daytime hooker sort of neighborhood. Even the church I found had an 8 foot wrought iron fence surrounding it. It was 7am and the locals I saw were wandering around like the zombies from Walking Dead, only hung over. I ended up retreating to the IKEA about 10 minutes away, where I parked in the middle of the lot with plenty of open space around me. First rule of crack-zombie-meth-head-survival is to allow plenty of room to escape before being car jacked.
After hanging out there for a little while, I went to the office where I was interviewing. That went pretty well and I got to meet some pretty cool folks during the interview. From there, I made the trek back to my home area where I met up with some of my friends from church for lunch. We ended up going to Buffalo Wild Wings. We must have been a bit of a sight walking in there. We had a mix of hipsters, farm boys and even a guy in skinny jeans, with me in a suit.
After lunch I went home to return Jen’s car, got some tools, jump started the truck and headed to Costco to replace my batteries. I guess I didn’t realized that my batteries had been going bad for a while. Now that I have the new batteries in, it cranks over like a caffeinated squirrel now. Awesome!
I spent the rest of the night at church doing rehearsals for the weekend service, getting home at around 9pm. 6am to 9pm made for a really long day. Hence the lack of updates yesterday.
On a plus note, I’m excited about the interview and opportunity. Wish me luck!
Day 10 of unemployment – Wonderful laziness
Day 10 of unemployment – Not much to report today. It’s 7pm and I’ve not worn pants for most of the day. Jammies are awesome, I’ll leave it at that. I already described my Wal-Mart trip this morning, but I also officially applied for unemployment… in my jammies. I tell you, we live in a wonderful time!
Other than that, I mostly napped today. It was glorious and I needed it.
Tomorrow I have no plans until 4:00 when we do rehearsal at church and the Saturday night service, but there is a lot of things on the fix-it list around the house. Might try to get some of those done.
I have another interview on Tuesday that I’m excited about. I may have some decisions to make next week.
Day 11 of unemployment – Smells and Storms
Day 11 of unemployment – Once again, I showered today. I needed it. Waking up, I stretched my arms to the sky and was victim of a full-on assault on my olfactory senses. Once I quit involuntarily twitching, I took care of the issue.
I might have to schedule showers so I quit forgetting. When the dog avoids you, perhaps one should consider their hygiene habits.
Oh, and still no fishing. Grrrr.
I did manage to sell some stuff on Craigslist today. Not having cardboard for dinner tonight kids!
Tonight was my first night as Producer at church. It was fun and I hardly messed anyone up. Tomorrow I have 2 more chances to cause trouble. I’m not sure why they trust me with this much responsibility, I barely wear pants at this time in my life.
One of the songs at Church is called “It is well”. The chorus being, “It is well with my soul”. That about describes things right now. I still feel great not having to go back to my old job and am looking forward to what’s in the future.
**NEWSFLASH** There is supposed to be a heck of a storm tonight with tornadoes possible. We are charging our cell phone power banks and making sure the beer is cold in the fridge. I expect to be joined by our chicken-dog in bed tonight. She does a great Scooby Doo impression when there is thunder. I’ll let you know how this works out tomorrow.
NOTE: This is a repost of something I initially posted to LinkedIn on . I will be consolidating a number of older posts to my blog in the near future. Enjoy.
As I am here at the (ISC)2 Security Congress which is collocated with the ASIS International annual convention in Orlando, I am once again struck by the growing crossover between the information and physical security worlds.
For those that do not know, ASIS is an association dedicated to education and advancement of operational security professionals around the world. Their annual conference features a huge expo hall with every type of physical/operational security gadget you could ever want. There are a plethora of security cameras, gate systems, sensors and even weapons here on the ASIS side of the conference. The “3 G’s” (Guns, Gates and Guards) are the bread and butter of ASIS.
(ISC)2 on the other hand is a cybersecurity certification organization most well-known for the CISSP certification. They also have information security vendors on the expo hall floor.
These two are joined together because as the lines between traditional security and information security start to blur, both sides need to be educated. More and more, these two worlds are colliding and it makes me think about the level of training these security guards and other law enforcement individuals receive with respect to social engineering, especially on the cyber side. Why does it matter if they can spot phishing type attacks or other electronic social engineering? Well, these folks are the front line of security and more and more, their tools are living in cyberspace. These individuals can control gates, cameras and entry points remotely from 100s of miles away in a SOC. Often times, the very control of these gates, cameras or sensors is transmitted to “The Cloud” and then relayed to or from the internet-connected device that is being controlled. A large number of camera systems are IP-based, doors are even networked and controlled by computers and IP-based networking.
To top it off, many physical security manufacturers are not agile enough to provide patches to zero-day software vulnerabilities as quickly as infosec vendors, which leaves the devices vulnerable for extended periods of time. Often these vulnerable systems are on the same network as the rest of the organization’s information technology assets. This is a recipe for disaster, much like what happened with Target where the attack on the POS credit card machines started with vulnerabilities in the HVAC systems.
Imagine if you will, ransomware stopping an organization’s ability to control ingress and egress from buildings or parking lots or even worse, the bad guys being able to control it themselves. How about the ability to remotely deploy an active vehicle barrier system or silence the sensors on the fences?
Untrained individuals can allow this to happen by simply clicking on a malicious link or opening the wrong attachment. Once the bad guys are in, the network is their oyster. This is why, as these digital and physical worlds collide, it is more important than ever to ensure the very people who are guarding our buildings and property are aware of the electronic threats as well as the physical ones.
Cloud-based risk is nothing new to us IT folks, but for those that employ high-tech tools for your operational security, take the time to assess the risk these pose and train your employees to resist the threat they may not be aware of.
Sadly the Swiss company disclosed about 2,400 employees W2’sto scammers. The employees were in Jeffersonville, Indiana; Oregon, Ohio; Bloomsburg, Pennsylvania; and Aiken, South Carolina; and at its North American headquarters in Farmington Hills, Michigan. At least 1 employee already found their taxes having been filed by the scammers.
OK, this is a VERY packed edition of the weekly wrap up of security stuff.
Amazon S3 went down for a while
There was a collective cry of pain and the echoing sound of SLAs being violated when Amazon’s S3 service went down. To top it off, their dashboard showed that all things were warm and fuzzy for quite some time. The official word was, that the outage is due to “high error rates with S3 in US-EAST-1,”. By “high error rates”, they meant all hell was breaking loose somewhere. This prompted a lot of fun on the Twitters as folks weren’t so happy about things being up in flames around them. Imagine that.
Cloudpets leaked a bunch of data because they are idiots
I’m a bit peeved at this since my youngest daughter (and therefore me) has one of these. Luckily we didn’t do much with it, but for those that have, recordings and info was leakeddue to poor security. It even seems they were warned about in advance. This really does make sad because the little buggers are adorable and are a great idea for those who travel a lot, or are deployed.
Android Ransomware Wants Victims To Speak The Unlock Code
Lockdroid is throwing out a new twist. What could possibly go wrong here? Think about how often you have been annoyed by trying to get a machine to understand your voice. Imagine that after you have been ransomed. You are really screwed if you are Scottish (language warning)!
Torrent spread macOS ransomware spotted in the wild. Decryption doesn’t work even if you pay
It looks like this Mac ransomware is spreading by posing as a software license crack in torrents. The bad news is, even if you pay, the dev doesn’t have the key to decrypt the files. Another lesson to stay away from illegitimate software.
Spora Ransomware Chat Logs posted
This is an interesting read if you want to see what happens with the Spora ransomware chat help. Looks like no chance to negotiate price, but you can get some time.
Cloudbleed strikes: If You Use Any Of These Sites, Reset Your Password Now
Cloudflare had a memory leak, so if you went to any of the 5 million sites impacted between 09-22-2016 and 2-18-2017, your passwords, private messages, API keys, and other sensitive data may have been leaked. The list of affected sites is here.
American Senior Communities Falls For A W2 Scam. 17,000 Employees Affected
Really Monarch? Twice by the same employee?
The scam happened in mid-January, but they didn’t realize it until employees started having trouble filing returns in mid-February. This is the third Central Indiana employer in less than a month to fall for W2 scams. Monarch Beverage Co. and Scotty’s Brewhouse also fell for it, with the employee at Monarch having done the same thing last year.
Sometimes I just want to shake people until they get it and put training and procedures in place to stop this sort of thing. It’s really not that hard or expensive to implement.
W2 scams are no joke and really mess with the employees. Please be careful when handling this sort of info.
Do You Know What Your Cyber Insurance Really Covers?
This is just a reminder to be aware of what is and isn’t covered by your cyber insurance. I highly recommend that you speak with an agent and do a review of the coverages BEFORE it hits the fan. I recently learned that while notification can be the most expensive part of a breach, it’s often not covered by default in the policy. To add to that, cyber insurance is still in its infancy, so coverage is rarely standardized. Don’t blame the insurance companies for this as it’s a very new type of risk, it’s your job to know, with their help, what you are paying for.
Take for example the P.F. Chang’s breach. The $1.7 million cost of defense against customer lawsuits were covered, but the roughly $2 million in fees and fines imposed by credit card issuers to pay for notifications to cardholders, reissuance of credit cards, and other costs was not. It really pays to know what coverage you have.
Maine Credit Union Members Victims Of ATM Skimmer
Downeast Federal Credit Union found a skimmer on an ATM after several members called to report fraudulent charges. A skimmer was found on the ATM at the credit union’s Lincolnville Avenue branch. The Belfast Police Department has checked all Downeast FCU ATM machines and found no additional skimmers.
Ransomware recovery time is longer and more expensive than most think
Here are some pretty ugly numbers and a look in to why I am so obsessed with helping people avoid infection. The sad part is, you can protect yourself pretty well with basic “security 101” stuff like segmenting the network, “least privilege” access, weapons-grade backups and quality awareness training/simulated phishing. You don’t need to burn money to protect yourself.
85 percent of those infected had systems forced offline for at least a week
1/3rd of cases resulted in data being inaccessible for a month or more
15 percent found that their data was completely unrecoverable
63 percent of orgs have no official ransomware policy in place
About 50 percent of victims paid more than £3000 ($3700) in ransom
SMBs usually paid between £500 ($621) and £1500 ($1864)
Roxana Police Department is done cleaning up after ransomware attacks
I swear, small town police departments can’t wait to get hit by ransomware. I keep seeing it over and over again. In this case, “the work of sophisticated hackers who seek out vulnerabilities in digital networks, enter computer systems and encrypt important data…” (a.k.a. a piece of malware sent in a phishing email) was inconvenient rather than crippling. Based on the article and the lack of desire to share any info, along with the sensationalizing of the attack above, I’d say they are pretty embarrassed about it.
Madison, WI Requires “Unique Locking Devices” On Gas Pumps Due To Skimmers
I can’t say that I like a lot of government involvement and additional regulations, but I appreciate that they are trying to stop the issue. It’s far too easy for folks to install skimmers and while this doesn’t solve the issue or counter skimmer overlays, it does take a step to help. Locally here in Florida, I have seen attendants at more than one Speedway station checking the pumps daily and putting on tamper seals. I have told them I appreciated the effort.
VISA warns for Flokibot Spear Phishing Infections
So, it looks like a new malware variant identified as “Flokibot” is hitting the Caribbean and LATAM. The malware is focused on point-of-sale (PoS) devices and, like so many other types of malware, is being spread predominantly by phishing email. I will be personally volunteering to go look at this threat, especially in the Caribbean, on behalf of my company. It may take a while to investigate. You know, weeks, maybe months…
It’s important that we help educate others that these scams do still happen. Lower income, unemployed and retired people are especially prone to this sort of scam. It sounds like easy money, and even appeals to the undercover 007 type in most of us, but it can do a number on your bank account.
This is really getting stupid. School after school are sending the teacher’s W2 to scammers. 
And again I find myself reporting on a W2 scam. This time, It’s 
These two are joined together because as the lines between traditional security and information security start to blur, both sides need to be educated. More and more, these two worlds are colliding and it makes me think about the level of training these security guards and other law enforcement individuals receive with respect to social engineering, especially on the cyber side. Why does it matter if they can spot phishing type attacks or other electronic social engineering? Well, these folks are the front line of security and more and more, their tools are living in cyberspace. These individuals can control gates, cameras and entry points remotely from 100s of miles away in a SOC. Often times, the very control of these gates, cameras or sensors is transmitted to “The Cloud” and then relayed to or from the internet-connected device that is being controlled. A large number of camera systems are IP-based, doors are even networked and controlled by computers and IP-based networking.
There was a collective cry of pain and the echoing sound of SLAs being violated when
Cloudbleed strikes: If You Use Any Of These Sites, Reset Your Password Now
Downeast Federal Credit Union 
Here are 
I can’t say that I like a lot of government involvement and additional regulations, but I appreciate that