Too Smart to Fall for a Phishing Ruse? Think Again!

Ever wonder how stupid or careless someone has to be to be fooled by a phishing scam? Well, according to research conducted by a group of German experts, virtually anyone can be fooled.

In their study “Unpacking Spear Phishing Susceptibility” the researchers showed that although email  phishing scams get more publicity, Facebook scams would appear to be more effective.

“By a careful design and timing of a message, it should be possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message’s content and context.”

The Goal of the Study

The researchers, sensing there was a dearth of research related specifically to spear phishing decided to create a study that would fill the gap. They constructed a study that would explore the differences in delivery medium effectiveness (Facebook vs. email) while at the same time quantify the personal motivations that led to people either clicking on the phishing link, or just as importantly, not clicking on the link.

The Phishing Scam

The selected participants were sent a phishing link either as part of an email or a personal Facebook message from fake, non-existing person. The message claiming the link led to pictures from a party.

Facebook Gets 2X Clickthrough Rate

As Table 2 shows, when the same phishing message is presented via Facebook as compared to email individuals are over 2X more likely to click on the link and begin the phishing process.

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes


Why Did They Click?

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

Why Didn’t They Click?

Just as important to the researcher’s was attempting to understand why people didn’t click. Here is what they found.

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

How Can Konsultek Help?

Whenever humans are involved there are going to be errors in judgement and successful phishing. That’s why all of our custom security solutions take a holistic approach to network security using a proven model of intrusion prevention, detection and mitigation. When you are ready to take your network security to the next level, give us a call.


Cyber-Espionage Exploding in Education Services Sector

There has been a major shift in the type of breach incident happening in the education services sector according to the Verizon 2017 Data Breach Investigations Report.

Can you spot the shift in the graphic below?

Source: Verizon 2017 DBIR

Cyber-Espionage has exploded since mid-2012! That’s right, because of the cutting-edge research that happens at many colleges and universities they have become a target for state-sponsored hacking.

As Verizon puts it…

“So college isn’t just pizza and tailgates—research studies across myriad disciplines conducted at universities put them in the sights of state-affiliated groups.”

So while of course the personal information of students and faculty were commonly extracted during breaches (a little more than half of all breaches) intellectual property losses were tied to a little more than a quarter of all breaches.

Targeted or Random Acts of Unkindness?

The evidence is clear that state-sponsored hacking and some criminal, profit based hacking is specifically targeting the hallowed halls of our academic institutions.

How do They do it?

Good question. Here is the answer in a graphic from the Verizon report.

Phishing email was the predominant threat vector in the social category while the use of stolen credentials was the dominant hacking technique. One interesting thing to note is the number of incidents involving Social and one or more other vector.

How Would You Like to Get a Threat Vulnerabilty Education for FREE?

At Konsultek we believe an educated client is the best client. That’s why we offer a variety of free vulnerability assessments to help you determine both your risk exposure and the likelihood of that exposure in regards to the veracity of your current security measures. Who would you rather educate you, the good guys at Konsultek or the bad guys out in the wild? Well, what are you waiting for? Pick up the phone and give us a call today so we can get your vulnerability assessment scheduled ASAP!


Hacking Insights from Verizon

The 2017 Verizon Data Breach Investigations Report (DBIR) has been released and as always, it is chock full of fascinating facts about the current state of the hacking and cyber threat world. You can get the full report from Verizon for free here.

Who are the Perps?

According to this year’s DBIR the breakdown of who’s been doing the most hacking looks like this:

  • 75% Perpetrated by outsiders
  • 51% Linked to organized criminal groups
  • 25% Involved internal actors
  • 18% Starred state affiliated actors
  • 3% Featured multiple parties
  • 2% Involved partners

How Did They Do it?

  • 62% Of breaches featured hacking
  • 51% Involved Malware
  • 81% Leveraged stolen or weak passwords
  • 43% Were social attacks
  • 14% Were linked to errors or privilege misuse
  • 8% Involve physical actions

The above information is just a sneak peek at a portion of the summary data contained in the 2017 DBIR. Next week we’ll take a deeper dive into what industries were hardest hit and by whom as well as get into specifics of how these industries were attacked.




James Comey and Nigerian Spam

Woke up today to find this gem in the mailbox. Who knew that the FBI and the Central Bank of Nigeria would be looking for me!

This email is entertaining for a couple of reasons (at least!) beyond the alleged working relationship between Mr. Comey and the Central Bank of Nigeria.

Take a look at the portions highlighted with blue text! First a warning that “you should ignore any message that does not come from the above email address and phone number for security reasons.”

Next, look at Mr. Comey’s email address. I would have thought that after all the email scandals in Washington that Mr. Comey would not be using an AOL  email address for such important and sensitive business!

Re: Urgent January Notice…….

From: James B. Comey, Jr., <> 

Jan 18 at 12:37 PM




935 Pennsylvania Avenue, NW

Washington, D.C. 20535-0001. USA.

Attention: Beneficiary,After proper investigations, we, the Federal Bureau of investigation (FBI) discovered that your impending (over-due contract) payment with Central Bank of Nigeria is 100% legal and has been approved for release to you.

We recently had a meeting with the Executive Governor of the Central Bank of Nigeria, in the person of Mr Godwin Emefiele and other top officials of the concerned Ministries regarding your case and we were made to understand that your files have been held in abeyance pending on when you personally apply for the claim.

Investigations also revealed that a lady, by name Mrs. Joan B Melvin from New York has already contacted Central Bank of Nigeria with a power of attorney and some documents, which stipulated that you have mandated her to claim your fund of US$25,000,000.00 (Twenty Five Million United States Dollars) on your behalf due to your ill health.

In view of this, we have been urged to warn US citizens who have received information pertaining to their outstanding contract payment to be very careful and not to be a victim of ugly circumstance. In case you are already dealing with anybody or office of the Central Bank of Nigeria, you are strictly advised to STOP further communication with them in your best interest and thereby contact the real office of the Central Bank of Nigeria via the below information:



OFFICE ADDRESS: Central Bank of Nigeria,Central Business District,

Cadastral Zone, Abuja, Federal.

Capital Territory, Nigeria.


NOTE: In your best interest, you should ignore any message that does not come from the above email address and phone number for security reasons. And to enable the Central Bank of Nigeria to process and release the fund to you, you are required to re-confirm your full details such as

FULL NAMES: __________________________________

CITY: _________________________

STATE: __________________________________

ZIP: ______________COUNTRY: _______________________

SEX: _______________AGE: __________________

TELEPHONE NUMBER: _____________________

Ensure that you follow the Central Bank of Nigeria due process as enshrined in the International Banking Secrecy Act to avoid any form of discrepancy, which may hinder your fund transfer.Thanks for your understanding and cooperation as we earnestly await your urgent response.

Best Regards,

James B. Comey, Jr.,

Federal Bureau of Investigation

J. Edgar Hoover Building,

935 Pennsylvania Avenue,

NW Washington, D.C



Top 10 Hacks of 2016

In the first of the “Top Hacks of 2016” lists I’ve seen this year (they seem to start earlier each year, similar to holiday shopping!) has published their top 10 list.

Let’s take a look at the list and take a stroll down 2016’s memory lane of hacks.

1. World Anti-Doping Agency
2. SnapChat
3. Verizon
4. Democratic Party
5. LinkedIn
6. BitCoin
7. DropBox
8. Yahoo!
9. Cisco
10. AdultFriendFinder

The post on doesn’t explicitly state whether or not the hacks are listed in order of decreasing severity. Personally, I would re-order the list and put the DNC (because of the potential ramifications it had on the election) or Yahoo (because of the sheer scope) at the top of the list.

Nonetheless,  a solid list in a year when pairing such a list down to just 10 is a challenge!

What do you think? Any egregious omissions? How would you order the list?

Sound Security Solutions for Organizations of all Sizes

At Konsultek we specialize in customized security solutions and managed security solutions for organizations of all types. Education, finance and healthcare are just a few of the dozens of different niches our security experts work in every week. If you are ready to learn more about your secure future, please give us a call.


NSA Covert Hacking Group Hacked!

In a narrative that could have been lifted from a Tom Clancy novel, reports surfaced this week that an elite hacking group with ties to the NSA had been hacked and a treasure trove of their hacking tools stolen.

According to, the elite covert hackers known as the “Equation Group” have been hacked and a portion of their toolkit has been released publicly. Another portion of their most potent tools and exploits is apparently up for sale at auction with an asking price of $1 Million Bitcoins!

Source: Washington Post

The hackers, who go by the name “The Shadow Brokers” had this to say about their stunning hack:

“We follow Equation Group traffic,” says the Shadow Broker. “We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.”

While the authenticity of the hack was at first questioned, many security experts from free-lancers to Kaspersky have examined the publicly leaked materials and have concluded that they are indeed products from Equation Group.

Hack or Inside Job

In an update to the rapidly unfolding story, security expert Matt Suiche spoke with an anonymous source who used to work in the NSA’s TAO (Tailored Access Operations) unit. The credible source indicated that the leaked files were stored on a physically isolated network and that either an inside mistake or purposeful act brought the files into contact with the outside world.

For certain, this story is not over yet and probably won’t be for some time. Will the final plot twists be as interesting as something penned by Clancy? We’ll have to wait and see!

In the meantime, if you have security concerns about your information and network please pick up the phone and speak with one of our operatives, um I mean team members!


Planned Pokemon Go DDoS Attack Gets Postponed by Insider Leak

We wouldn’t be on the cutting edge of topicality if we didn’t have a post about Pokemon Go and fortunately, thanks to the hacking group PoodleCorp, we are happy to be able to bring you a post about Pokemon GO AND Info Sec all tied together!

Softpedia broke the exclusive story of DDoS failure to launch on Aug 3. Initial reports were that hacking crew PoodleCorp’s planned Aug 1 DDoS was waylaid by an external hacker who hacked their site, dumped the database, and shared it with data breach index service LeakedSource who tweeted news of the breach to their followers.

In response to the LeakedSource Twitter proclamation of the breach, PoodleCorp fired back through a popular YouTuber that the leak was not a result of hacking but rather the inside work of a disgruntled partner.

The Games People Play

PoodleCorp also apparently fired off multiple DDoS attacks against LeakedSource, to no avail, in retaliation for LeakedSource’s announcement.

Not ones to apparently shy away from a little friendly DDoS gamesmanship, LeakedSource trolled the leaked database and reportedly found PayPal transaction information as well as the “full address information on 3 members, which we plan on reporting to the relevant authorities.”

Not sure if that counts as “check mate” but certainly well played LeakedSource!

Who Do You Want on Your Team?

At Konsultek we know that information security is not a game, but rather serious business. If you feel as though you’ve been played or want to keep from being played by hackers and cybercriminals, just pick up the phone and give us a call. Our team is always ready to take on new challenges and to help you and your business stay secure.


University of Calgary Pays $20,000 CDN to Unlock Ransomware

In April of this year we posted a story about the disturbing trend of ransomware infecting healthcare systems. In that story we wrote this prophetic sentence.

“As cybercriminals become better at identify those niches most apt to “pay up” we will undoubtedly see concentrations of ransoms springing up.”

Today, the University of Calgary announced on its website that it had paid $20,000 CDN to unlock access to portions of its network system.

Is the University of Calgary’s experience the first among many in a new hot niche for ransomware?  I suppose only time will tell but it may very well be the case.

From their website:

“Ransomware attacks and the payment of ransoms are becoming increasingly common around the world. The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”

What Can You Do to Prevent a Ransomware Attack?

Like every other malware, ransomware is most often delivered with the help of unsuspecting humans. Email attachments, links in email and links to malware infected sites in the form of advertisements on websites employees are known to visit are some of the most common vectors for infection.

We’ve previously touched on the need for having a “culture of security” within your organization and certainly addressing the human factor of security is becoming ever more important. However, from a technology perspective, much can be done to prevent ransomware attacks as well as mitigate their damage if an infection were to occur.

  1. Authenticate in-bound email
  2. Backup data frequently and keep a separate copy offline
  3. Be certain to protect your Internet of Things (especially critical in medical and healthcare settings)
  4. Monitor your network for unusual activity such as higher than normal file rewriting
  5. Have a ransom recovery plan in place BEFORE you need it. If and when a ransomware attack occurs the perpetrators are counting on you having insufficient time to react in a calm and clinical way.

How Konsultek Can Help?

As a company who believes wholeheartedly that an ounce of protection is better than a pound of cure, we help organizations such as yours craft intelligent, effective and customized security solutions.  So if you would like help getting your learning organization up to speed on all matters of network and information security just pick up the phone and give us a call!


Uber Fined $20,000 for Tardy Breach Reporting

Uber has had its share of bad publicity in recent months but last week they got a bit more bad news when the New York state Attorney General fined them $20,000 for failing to report a data breach that released the personal information of customers.

The $20,000 fine is hardly notable in terms of dollar value but it apparently served enough of a wakeup call to prompt Uber to evaluate their information security and begin making changes.

According to an article on Uber collects and store sufficient personally identifiable information on its app users to put their identities at risk.

It All Began with Uber’s “God’s View”

Back in November of 2014 (what seems like a lifetime ago for Uber news!), Eric Schneiderman began investigating Uber when it was disclosed that app users’ personal information was being displayed in a virtual aerial view that is referred internally at Uber as “God’s View”.


Then, last spring Uber came clean with officials stating that “an unauthorized third-party” had accessed personal information including names and driver’s license numbers as far back as September of 2014.

“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” said Schneiderman. “We are committed to protecting the privacy of consumers and customers of any product in New York State, as well as that of employees of any company operating here. I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers’ and employees’ private information.”

Corrective Actions

According to Uber has agreed to make changes to the way personal information is handled within the organization and its network. For example, location data will now be kept in a password-protected system and data in transit will be encrypted. Location data will also be limited to employees with legitimate business needs.

Key Take Aways

As regulating and law enforcement agencies begin to better understand the best practices available to organizations in regards to protecting personally identifiable data we can expect to see more frequent and heavier fines being levied against organizations that fail to apply sufficient safeguards.

At Konsultek, our business process savvy combines with over 20 years of information and network security to develop custom solutions for organizations of all sizes and across a myriad of industries. If you don’t want to be taken for a ride when it comes to your organization’s security, just give us a call.



Which Industries Were Most Targeted by Spear Phishing in 2014?

Symantec’s April 2015 Volume 20 Internet Security Threat Report contains over 100 pages of interesting facts and research regarding Internet and information security.

One of the infographics contains data similar to what was reported by Verizon and was discussed here previously. The data pertains to the likelihood and prevalence of attacks by industry.

Symantec’s research corroborates Verizon’s findings that the manufacturing sector is amongst the most highly targeted (in this case, specifically by spear phishing attacks).

Source: Symantec April 2015 Volume 20 Internet Security Threat Report

Mining Industry a Likely Target for Illicit Data Mining!

It is interesting to note that if your organization falls in the mining space you were more likely than any other industry to have been targeted by a spear phishing attack. This seems an outsized risk for a somewhat low tech industry considering that, according to the Verizon data, “secrets” were the most commonly mined corporate information. More obvious targets would have been technology companies or perhaps pharmaceutical or financial companies.

One thing is certain, spear phishing and other types of corporate hacking are happening every day across a wide variety of industries. At Konsultek, we specialize in developing custom security solutions that work for organizations both large and small. To learn more about the potential vulnerabilities of your organization and what you can do to protect your intellectual property and trade secrets please pick up the phone and call (847)426-9355 to begin a dialogue.

© Copyright 2018 Konsultek