Case Studies

Case Studies

SITUATION: Cyber criminals have a new and very profitable racket: cyberheists. They are now targeting Small and Medium Enterprise and there are hundreds of victims with emptied bank accounts, exposed customer databases and/or stolen intellectual property. They use specialized malware for these crimes. Small and medium organizations represent good targets for organized cybercrime as they often lack the sophistication and knowledge of the Fortune 1000 to prevent cyber attacks. But something can be done about it!

Visible Proof The KnowBe4 System Works

After a year of helping our customers train their employees against social engineering, we decided to go back, look at the actual numbers over those 12 months, and show you a few case studies that clearly show the sequence of:

  • The initial Phishing Security Test (PST) that shows the baseline Phish-prone percentage,
  • Stepping all employees through our Internet Security Awareness Training, and
  • Follow up with regular PSTs that continue to keep them on their toes. All graphs start out high on the left (baseline), and drop dramatically over time.

    Here is the page with the details of seven case studies:

    Sometimes They Do Get Caught

    We often write about situations gone bad as the perpetrator for the most part have been successful. But law enforcement officials also have some share of success. But better to not worry about luck or informants, etc. and have an educated staff that knows before it goes!

    Back Door Banking

    Many of today’s banks are neither as sound nor as secure as Fort Knox, as we have seen during the recent financial meltdown. The Internet with all its wonderful abilities has also opened the door to cyber-theft on a grand scale.

    Financial Institutions Fall Victim To Cyber-Theft

    In a cyber-twist, a bank is targeted and (possibly a lot) more than $100K removed from its coffers. The bank won’t say how much. Most of our case studies involve businesses who wake up one morning to find their bank accounts emptied of accumulated cash.

    Cybercrime Attacks Charities – How Criminal Is That?

    We have seen some acts from cyber bad guys, especially those that take advantage of disasters and catastrophes, but looting a charity’s bank account seems especially low even for them. In the world of these criminals, nothing is sacred or holy.

    Vandals Go To Town On Small Towns

    Someone once said that you can’t fight city hall. Well, online criminals have changed this equation. They have found the means to not only fight city hall but take it to the cleaners.

    An Apple A Day Didn’t Keep This Thief Away

    You enjoy buying online and and find many a bargain. But sometimes those prices just might be too good to be true. This is especially so when buying a limited distribution item like an Apple Computer. This might just be one apple that you should not take a bite from.

    Dentist Gets Drilled

    Just when you thought you heard everything, here comes this new weapon from the bad guys – ‘telephony denial-of-service’. Imagine you cannot use your telephones, land, mobile, home, work, etc. because gangsters have engaged in a bombardment of calls to those numbers while at the same time they systematically drain your bank accounts.

    School’s Out For Christmas, Hackers Get Presents

    Here you are in the far Western part of Pennsylvania, a comparatively modest school district and your payroll suddenly expands by 42 employees from California and Puerto Rico during Christmas break. Would that not strike you as unusual?

    Losing The Trust In A Trust Fund

    So you think you know the ins and outs of Internet banking. You make up strong passwords and you even remember to change them once in a while. You have “normal” security in place?

    Hackers Crack Library Without A Card: Making Withdrawals Without A Library Card

    How open is your company’s Internet access? Does your staff go online when no one is looking? Do you have patrons or customers that have access as well? What security safeguards do you have in place? What are your rules for using the Internet?

    Job Applications Open Door To Cybertheft

    Do you have a corporate policy regarding clicking on attachments or downloading from sites or email? If you don’t you better get on it. There is a new covert trick running around that implants your computer with malicious software, just because you downloaded an applicant’s resume.

    Looking At The Bank’s Role In Cybertheft

    Do banks have sufficient safeguards to prevent unauthorized electronic transfers? In particular does your bank double verify before sending your money to a criminal organization? It may sound harsh but this is the current state of affairs for small businesses in particular. Have you checked out your bank’s security procedures?

    Cyber Birds Of Prey Hunt Small Business

    Small businesses are notorious for lack of security procedures. Little or no IT staff, busy owners, inadequately trained staff and lax procedures open the door to cybercrimes. In fact the door is wide open. And to make matters worse, banks are refusing to be the fall-guy and accuse account holders of poor security practices.

    Will The Real Thief Stand Up?

    We are getting into some very dangerous territory lately. If a hacker breaks into a bank account and transfers the money out. Who is responsible – the account holder or the bank? Banks are supposed to have stringent safeguards that should prevent an outsider from coming in and rampaging a bank account.

    Is Your Health-Care In Danger From Cyber-Gangs? – Part 2

    Organized cybercrime has shifted its focus to small healthcare providers. After having stolen millions from corporations and schools, their greedy eyes have moved on to local community based health-care providers. Could poorly or untrained employees be at the root of these attacks being successful?

    Is Your Health-Care In Danger From Cyber-Gangs? – Part 1

    Organized cybercrime has shifted its focus to small healthcare providers. After having stolen millions from corporations and schools, greedy eyes have moved on to other “easy pickings” – to non-profit organizations that service the uninsured and the disabled. Is it because their defenses are so poor or are they not educated enough about cyber-heists?

    These Mules Move Money

    In illegal commerce vernacular, a mule is someone who carries the contraband from one location to another. Recent history is full of stories of people carrying drugs across borders secreted on their person.

    From Cold War To Cyber War – The Eastern Connection

    The cold war may have ended in 1991 but a new war and method of warfare has reared its ugly head in recent years. This cyber war is run by criminals who grimly want to bring our economy to its knees and get rich at the same time.

    Case In Point – Sanford | December 3, 2009

    Patco Construction filed suit in York County Superior Court Sept. 18, seeking the return of $345,000 not recovered from $588,851 in funds hackers were able to transfer to bank accounts out of the country from Patco’s Ocean Bank.