“Social engineering attacks continue to be one of the top ways malicious hackers breach organizations and/or cause damage,” said Stu Sjouwerman, CEO, KnowBe4.

“We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns. By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec professionals can strengthen their human firewall. Now more than ever, end-users need to remain vigilant and remember to stop and think before they click.”

Here are the top 10 Email Categories Globally:

1. Business
2. Online Services
3. Human Resources
4. IT
5. Banking and Finance
6. Coronavirus/COVID-19 Phishing
7. Mail Notifications
8. Phishing for Sensitive Information
9. Social Networking
10. Brand Knockoffs

Top phishing email subjects were also broken out, comparing those in the U.S. to those in Europe, the Middle East, and Africa (EMEA).

In Q3 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. In the U.S., most of the email subjects appear to originate from the users’ organization. However, in EMEA, the top subjects are related to users’ everyday tasks.

The organization also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious.

The results are below.

Top Phishing Email Subjects in the US:

Vacation Policy Update
Password Check Required Immediately
Important: Dress Code Changes
Acknowledge Your Appraisal
Remote Working Satisfaction Survey
Top Phishing Email Subjects in Europe, Middle-East, and Africa:

Your Document is Complete – Save Copy
Stefani has endorsed you!
You have requested a reset to your LinkedIn password
Windows 10 Upgrade Error
Internet Capacity Warning
Common “In-the-Wild” attacks:

IT: Odd emails from your account
IT: Upcoming Changes
HR: Remote Working Satisfaction Survey
Facebook: Your Facebook access has been temporarily disabled for identity check
Twitter: Potential Twitter Account Compromise

By Luis Monzon

The initial champions team is comprised of winners and enthusiasts from CyberSmart BW’s first ever CyberSmart competition held during last year’s Cyber Awareness month in October.

This year’s initiative commenced with a two-day workshop on September 27 and 28, 2021 focusing on ‘Developing a Cyber Awareness Campaign’.  Fourteen young people have been selected to be part of the initial team of young Cyber Smart champions. The workshop was organized by CyberSmart BW, an initiative that was founded by the InFuture Foundation, with support from Cyber4Dev, D.I.Y, and the European Union Delegation to Botswana and SADC.

Speaking at the opening of the workshop, the Head of the EU Delegation to Botswana and SADC, Ambassador Jan Sadek affirmed the growing need for cybersecurity awareness in the society, and that an initiative such as the Cybersmart Champions programme will go a long way in promoting safe and secure online behaviours.

As pointed out by Cybersmart BW Founder and Coordinator, David Moepeng, the Cybersmart Champions programme will build on the foundation laid through the inaugural Cybersmart Challenge in 2020. The aim is to encourage youth to participate in cybersecurity awareness raising.

“We were really impressed by how creative these young people were last year. So we decided, let’s encourage them to do more”, said Moepeng.

As more and more people go online and with digital technologies touching almost every aspect of our lives, societal security and safety in digital spaces has become a growing concern. This is because as we more and more of us use the Internet to make payments, send materials, that presents an opening for (cyber) criminals to move in.  It is thus imperative that we learn to stay ahead of their tricks.

In October 2021 a new CyberSmart BW competition will be launched. It is hoped that the contenders will help swell the ranks of the network. “The ultimate goal is to have a network of cybersecurity peer educators throughout Botswana to increase the reach of its cybersecurity awareness campaigns.

The Cybersmart Champions are now at work developing campaigns to reach their peers, in villages, universities, schools, or even in schools and public libraries, Mr Moepeng explained. For this these emerging champions will receive support, guidance and mentorship from the CyberSmart Coordination team.

John Churu, Gaborone, Botswana

Image By BiztechAfrica

On Friday, US District Judge Todd Robinson granted a request from the US Department of Justice and the US Attorney’s Office for the Southern District of California for authority to liquidate BitConnect crypto-currency worth approximately $56m.

The digital fortune was amassed by BitConnect’s self-described “number one promoter,” 44-year-old Glenn Arcaro of Los Angeles. United States authorities seized the crypto-currency as the proceeds of crime after Arcaro admitted being involved in an international fraud scheme.

On September 1, Arcaro pleaded guilty to participating in a massive conspiracy to defraud BitConnect investors in the United States and abroad. 

Under the scheme, Arcaro and others conned victims out of $2bn. By concealing and misrepresenting the truth on social media, the fraudsters made it appear to investors that BitConnect’s purported proprietary technology (BitConnect Trading Bot and Volatility Software) could generate substantial profits and guaranteed returns, trading on the volatility of crypto-currency exchange markets. 

“In truth, BitConnect operated a textbook Ponzi scheme by paying earlier BitConnect investors with money from later investors,” stated the Office of the US Attorney for the Southern District of California. 

Special Agent in Charge Eric Smith of the FBI’s Cleveland Field Office said Arcaro had defrauded thousands of individuals worldwide.

The BitConnect case is still actively being investigated by the Federal Bureau of Investigation and the Internal Revenue Service – Criminal Investigation. 

Arcaro is scheduled to be sentenced by a federal district court judge in the new year, on January 7. The self-confessed fraudster could receive a maximum prison sentence of 20 years. 

Plans to liquidate the crypto-currency to benefit victims of the BitConnect fraud were shared on Tuesday by the Department of Justice’s Office of Public Affairs.

The Office said that the BitConnect scheme is the largest crypto-currency fraud scheme ever charged criminally and the planned liquidation is “the largest single recovery of a crypto-currency fraud by the United States to date.”

All potential victims of the BitConnect scheme are advised to visit https://www.justice.gov/usao-sdca/us-v-glenn-arcaro-21cr02542-twr.

Sarah Coble News Writer