The Lateral Phishing Attack is the New Trojan Horse

The Lateral Phishing Attack is the New Trojan Horse

What is a lateral phishing attack? A lateral phishing attack occurs when “one or more compromised employee accounts in an organization are used to target other employees in the same organization. Lateral phishing is similar to business email compromise (BEC), but while the latter is usually about getting victims to carry out fraudulent wire transfers, the main goal of the former is usually credential theft.” I suppose it means the attack occurs laterally across the org chart.

Continue reading “The Lateral Phishing Attack is the New Trojan Horse” »

Cyber Security News Update – Week 34 of 2019

Cyber Security News Update – Week 34 of 2019

Been called to jury duty lately? Even if you haven’t, you might still get phished. Last week, in Ventura County, CA, a phishing scam was going around telling people that they missed their jury duty appointment.

According to the Citizens Journal, “In the calls and emails, recipients are pressured to provide confidential information, potentially leading to identity theft and fraud. These calls and emails,  which threaten recipients with fines and jail time if they do not comply are fraudulent and are not connected with the Camarillo Police Department or the Ventura County Sheriff’s Office.”

Continue reading “Cyber Security News Update – Week 34 of 2019” »

The One Time You Absolutely Do Not Want to Use Email Forwarding

The One Time You Absolutely Do Not Want to Use Email Forwarding

Email forwarding is so common place, most people don’t give it another thought. But, as I pointed out in a recent post, email forwarding isn’t always smart to do.

In that post, I point out a handful of reasons why blindly forwarding emails can get you into a little hot water. First, there are the copyright issues. When someone writes an email, it is by definition, copyrighted. Depending on who you are forwarding it to, where and how often, you could be in violation of copyright law.

Continue reading “The One Time You Absolutely Do Not Want to Use Email Forwarding” »

Hackers Now Going After the Most Vulnerable in Society

Hackers Now Going After the Most Vulnerable in Society

If you follow the news at all, you know that phishing attacks, cyber breaches and ransomware are everywhere. It’s practically an epidemic. But, not all victims are created equal.

It’s one thing if a bank or a big corporation or even a government entity gets hit with a cyber-attack. They either have, or can find the resources to recover from such an event. Many even have some form of insurance to bail them out. But lately, hackers have pulled out all the stops and have started targeting some of the most vulnerable in society.

Continue reading “Hackers Now Going After the Most Vulnerable in Society” »

Cyber Security News Update – Week 33 of 2019

Cyber Security News Update – Week 33 of 2019

If it’s making headlines, you can be sure it’ll be used in a phishing scam. What’s the big news this week? Jeffrey Epstein suicide in jail. Queue the phishing emails.

According to KnowBe4, “a series of scams are underway using the Epstein death as social engineering tactic.” Maybe something to the effect of “See Jeffrey Epstein Last Words on Video.” Admittedly it’s hard not to click on that, but don’t.

Continue reading “Cyber Security News Update – Week 33 of 2019” »

The Misguided Solution to the Phishing Problem

The Misguided Solution to the Phishing Problem

About a year ago, information security company Shred-it released a report saying “Employee negligence is the main cause of data breaches.” I have no doubt that’s true. The part I disagree with is the solution.

The solution that’s being promoted for the “employee” problem is phishing awareness training. And not just training, but MORE training. There’s only one problem with this way of thinking: it won’t eliminate data breaches.

Continue reading “The Misguided Solution to the Phishing Problem” »

Cyber Security News Update – Week 32 of 2019

Cyber Security News Update – Week 32 of 2019

We’re always impressed when fraudsters come up with new and clever ways to execute phishing scams and this week didn’t disappoint us. This week we get word of a phishing scam disguised as fake e-tickets for Korean Airlines.

According to the article, “South Korean flag carrier Korean Air (KE) has warned customers against phishing scams using fake e-tickets. Seungwon Chung, KE Global Communications deputy general manager, confirmed with the Philippine News Agency (PNA) on Monday that the carrier has received [a] few complaints regarding this recently.”

Continue reading “Cyber Security News Update – Week 32 of 2019” »

DuoCircle Scholarship Winner Announced

DuoCircle, an email security company, has just completed its first scholarship program offering a $1000 award for the best essay or video on email privacy and security. 

Specific topics covered included the following:

  • How can the underlying causes of phishing be addressed?
  • What will change in email security in the next 10 years?
  • How would you teach older folks or children to avoid phishing and protect their privacy?

Continue reading “DuoCircle Scholarship Winner Announced” »

Finally, a Phishing Attack That Makes Somebody Happy

Finally, a Phishing Attack That Makes Somebody Happy

Phishing attacks can cause a lot of damage, so we try to not make light of them. But every now and then you have to look on the bright side.

There was news last week that “Several thousand school children in Alabama had their summer vacation extended by two weeks as the Houston County School District was forced for the second time to delay opening day due to a cyberattack.”

Continue reading “Finally, a Phishing Attack That Makes Somebody Happy” »

A New Day – A New Set of Phishing Tactics

A New Day – A New Set of Phishing Tactics

At DuoCircle we like to stay up to date on the latest phishing tactics so we can share them with you to keep you prepared. And we never cease to be amazed at the cleverness of hackers.

One of the fastest-growing email threats is account takeover, where a hacker takes over someone’s email account. Once they do, they have a lot of options, and one of the options they’re starting to choose is something called lateral phishing.

Continue reading “A New Day – A New Set of Phishing Tactics” »

Cyber Security News Update – Week 31 of 2019

Cyber Security News Update – Week 31 of 2019

It wouldn’t be a week if there was some scam aimed at Apple customers. Now comes word of a phony Apple phishing email. “Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Apple. As phishing emails go, this one is pretty good.”

Continue reading “Cyber Security News Update – Week 31 of 2019” »

Email Forwarding: Easy to do but not Always Smart to do

Email Forwarding: Easy to do but not Always Smart to do

At DuoCircle, we offer email forwarding. We understand that at this point email forwarding is more or less a commodity. Oh sure, you want your email forwarding to come with advanced features like forwarding groups, spam/virus protection and seamless integration into your email service. But, just because email forwarding is easy to do, doesn’t mean it’s always smart to do.

Continue reading “Email Forwarding: Easy to do but not Always Smart to do” »

Email Backup and Email Archiving: Why You May Need Both

Email Backup and Email Archiving: Why You May Need Both

Email backup is not the same as email archiving. They’re different, and solve very different problems.

Email backup stores your emails when your email server goes down by providing you a backup email server. In this manner, email backup is a very important part of business continuity and disaster recovery (BC/DR). That’s the problem it solves. If something goes wrong with your email server, you won’t lose any emails.

Continue reading “Email Backup and Email Archiving: Why You May Need Both” »

The Week That Was – Scams of the Week 29

The Week That Was – Scams of the Week 29

This is not a good time to be a city in Florida if you’re looking to avoid a ransomware attack. First it was Riviera Beach on June 5. Then it was Lake City on June 10. Now it’s Key Biscayne. According to the Miami Herald, “The village of Key Biscayne confirmed Thursday it had been hit by a cyberattack — the third Florida city this month to fall victim to outside hackers.”

Continue reading “The Week That Was – Scams of the Week 29” »

Employee Business Travel Should Not Put Your Company at Risk

Employee Business Travel Should Not Put Your Company at Risk

Employees travel, that’s part of being in business. And when they travel, they’re going to check their email. There’s no reason that simple act should put your organization at risk, but for many companies, it does. That’s because of the safeguards they put in place, don’t always travel with the employees. But they should.

Continue reading “Employee Business Travel Should Not Put Your Company at Risk” »

Pin It on Pinterest