Catch of the Day: LinkedIn Job Offer Phish
Chef’s Special: Doordash Phish
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at firstname.lastname@example.org.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
If you’ve been approached by recruiters on LinkedIn for a potential job opportunity, you may want to pay attention to this recent scam.
In a LinkedIn post, a prospective UI/UX designer attending a university believed she was being interviewed for a position at Splunk, a prestigious software company. She received an email interview invitation and spoke to a ‘recruiter’ and eventually the ‘CIO’.
Then she got the request to link up her credit card so then she could be given “company funds.” It was in fact a scam, and the bad actors were only using her credit card to buy Apple products and other equipment for themselves.
While the victim took immediate action by stopping the shipment, freezing her credit card, and report identity theft to the Federal Trade Commission (FTC), she was still a victim of social engineering. She stated that the threat actors used common language such as, “You’re Welcome Splunker!” to sound like these were legitimate employees. She even included a screenshot with a conversation.
This case the victim came out unscathed, but this can happen to anyone in your organization. It is a must to implement new-school security awareness training to ensure your users know how to spot and report social media scams.
Blog post with the gory details, links and screen shots:
We know everyone is busy. Everyone already has too much on their plate and is trying to learn as much as they can every day.
But here, in a nutshell, is what you can teach yourself, your co-workers, your friends, and your family to help them to better recognize and beat social engineering and phishing. It’s not perfect. It doesn’t cover every scenario, but it does cover a huge percentage of them.
And if you learn and teach it well…if you make a culture of healthy skepticism around these common social engineering/phishing traits, nothing else you could learn or teach will reduce more risk.
We’ve been teaching the same lesson since the very beginning: Stop! Look! Think! It’s the guiding message of all content we deliver. Teach two common traits of all social engineering and recommend one response.
Doordash Hack Dubbed 0ktapus Part of a Phishing Campaign Targeting Okta Customers
Aug 26, 2022 – Alex Henderson at Needham & Company published: “This morning a Doordash hack dubbed by the name ‘0ktapus’ has been reported. The attack vector is a sophisticated phishing campaign. Earlier this month similar SMS based Phishing attacks by the same actor penetrated Twilio and several other companies. It has been reported this phishing campaign is specifically targeting Okta customers, as implied by the campaigns name.”
Our current understanding is despite the targeting of Okta customers, it does not represent a flaw in the Okta security tools but instead points out the risks of phishing. Optically, it is not good that the hackers are specifically targeting Okta customers even if there is no issue in Okta’s technologies.
We think it does point out the rising prevalence of phishing as a method of penetration and the importance of training employees, which of course is KnowBe4’s forte.
“A massive Phishing campaign ‘unprecedented in scale and reach’ orchestrated across a swath of technology companies, primarily targeting Okta customers. Cloudflare and Twilio began detailing the attack a couple of weeks ago, and we anticipate ripple effects may still be on the horizon with DoorDash’s announcement this morning stating a subset of their customer bases credentials had been compromised, with limited credit card detail also extracted.”