It’s the most wonderful time of the year…for hackers. And while all indications are that hackers are actually getting started early this year with phishing emails, you can expect Black Friday and Cyber Monday to be the main events.
According to Global Security Mag, “Black Friday and Cyber Monday marks the traditional start to the holiday shopping season. Yet, with 39% of shoppers starting before then, cybercriminals have kicked off the season early too.” Their research indicates a 400% increase in pre-holiday phishing activity specifically targeted at “well-known online shopping sites.”
At its core, phishing is a pretty simple exploit. Send a malicious email, but make it look like it comes from some person or some company you know and trust.
One of the most frequently-used phishing tactics is domain name spoofing.Domain name spoofing occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees. This can be done by sending an email with a false domain name that looks like the correct domain name, or including a link in an email to what appears to be a trusted domain.
A lot of people have a Gmail account, which means marketers send a lot of emails to Gmail accounts. It sure would be nice if most or all of those emails could avoid the spam folder. Unfortunately, Google doesn’t see it that way.
According to a new report from Twilio, How Political Campaigns Can Ensure Their Email Messages Hit Home, only 3.8% of email messages from Presidential candidates made it into the primary tab of the Gmail account. What’s worse, is that 21.3% of emails ended up in the spam folder while the remaining 74.8% ended up in promotions.
Well, according to Proofpoint’s Q3 2019 Threat Report, if you got phished, there’s an 88% chance it’s because you clicked on a malicious link. So, the correct answer is #1. And that’s just one of the findings in the latest quarterly report.
Microsoft forms a natural base of the computer world. Almost every big or small organization makes use of the tools provided by Microsoft for their daily operations. Initially, Microsoft Office had a few tools. But because they have the basics done right, the enterprise has now expanded to a lot of other utilities. Outlook 365 is such a tool from Microsoft that has above 150 million users in the corporate sector. The platform combines every facility that one would ever need for the smooth functioning of their business, such as storage of files, exchange of emails, etc. It also features seamless integration of OneDrive as well as SharePoint into one platform.
If you have any kind of alarm in your home, like a smoke detector or burglar alarm, you probably don’t think about how it works very often. As it turns out, every alarm, to be effective, actually has to do two things: it has to sense something bad and then it has to take action. In most cases, that action is to blast a really loud signal. Loud enough to wake you up from a sound sleep.
In today’s digital age, emails have become a crucial channel of communication for all organizations. Emails have various benefits, such as reliability, economy, and mobility. Since we exchange a lot of important and sensitive data through emails, it is no wonder that users are seeking the best and latest solutions to uphold the confidentiality of their email contents. Any exposure of the vital information to the wrong people is enough to cripple an organization’s functioning. And a single click on a malicious link is all it takes to compromise the confidential data of an enterprise. Hence, email security plays a crucial role in enterprise networking, and email encryption is the appropriate way to secure emails.
Phishing attacks are endless, escalating in numbers, frequency, and intensity with phishers launching hundreds of thousands of attacks every day. You may be wondering why authorities can’t keep check of this nefarious activity. Well, what makes it so challenging to prevent these attacks is the fact that the attackers are tech-savvy people who are professionals in what they do, and they keep on improving their techniques and modus operandi. However, one can adopt anti-spam measures and phishing protection strategies to protect oneself to a great extent, if not entirely, from these cyber threats.
By now you probably know what comes before a data breach: a phishing attack. Phishing is the attack vector the bad guys use most often to steal the credentials which lead to the data breach. Did you ever ask yourself what comes after a data breach? Well, if you’re a small business, the answer is not good.
From Stay Safe Online, “A new survey released by the National Cyber Security Alliance (NCSA) today found that an overwhelming majority of small businesses believe that they are a target of cybercriminals, highlighting the growing awareness among small businesses about the threat of a cyberattack.”
In today’s era of unlimited internet access, users often end up sharing their personal information on different websites, applications, and portals. However, personal information is not the only commodity at stake here. Cyberattacks pose a grave threat to corporate resources as well. Thus, the administration needs to educate their employees about the latest cyber threats. Furthermore, if an organization wants to follow different industrial and government compliances such as PCI, HIPAA, FISMA, and Sarbanes-Oxley, then on-campus or online security awareness training for employees is a necessity for them.
Didn’t even know Facebook had a lottery. Apparently it doesn’t, but that doesn’t stop fraudsters from using it to scam people.
According to ID Theft Center, “The Facebook Lottery Scam is certainly nothing new, but what makes this version different is the accompanying image of a certificate of authenticity made out to the recipient. In this version, which typically comes through private messages on Facebook due to lack of email security service, someone contacts you to let you know that you’ve won, and then informs you that you must show up in person to collect your winnings.
Say what you will about hackers, but they do their homework. They don’t just send out phishing emails willy nilly. The send them out and measure their effectiveness, including what day of the week is the most effective to send them on.
According to an article on NationalCybersecurity.com, research “has revealed more malicious emails are delivered on Monday mornings than any other day.” As if Mondays weren’t bad enough already. “More than 30 per cent of all cyber-attack emails sent by opportunistic hackers and scammers go out on the first day of the week, declining steadily with each passing weekday.”
When it comes to getting hit by ransomware, it doesn’t get much worse than the city of Baltimore. When the city got hit by ransomware earlier this year, apparently it had neither anti-phishing software protecting its email accounts nor cyberinsurance in the event that it did. And because the city has refused to pay the ransom ($76,000), it has spent in excess of $18 million restoring systems to date.
Most phishing attacks are pretty straight forward. They try to get the login credentials to your bank account, wipe you out and go on vacation. I’m not really sure about the vacation part, but the rest is pretty typical.
What else is typical is that the way to get your credentials is to send you an email with a link to a bogus website that captures your information and looks convincing enough so that you’ll provide it. Phishing attacks mostly come by email, but not always.
Phishing attempts are up 400% from January to July 2019, according to a new Webroot report. That’s not a shocking statistic. Afterall, phishing is a very profitable business and profitable businesses tend to reinvest in their business. The more successful phishing becomes, the more phishing attacks you’d expect to see.
Are you an accountant looking for an opportunity to work from home? Be careful, you may be a victim of a phishing scam. That according to the South Carolina Association of CPAs. From the association’s website, “A job hiring scam that advertises a fraudulent work from home accountant opportunity tricks jobseekers into laundering money, warns John LaCour, the founder of Charleston-based cybersecurity firm PhishLabs.”
Not if you believe the latest headlines. According to an article in Wired magazine, it’s not just the Russians anymore who are trying to affect the upcoming U.S. elections. Apparently, the Iranians are now trying to get in on the action too.
It’s a dubious honor. Apparently the people inAustralia are really bad when it comes to phishing attacks. How bad? “Over half of office workers have been victims of a phishing attack.” Half!
“Australians are among the most frequently targeted by hackers and cybercriminals, and the numbers back that up. Over 50 per cent of the office workforce have been victims of a hacking attack of some kind, according to recent research on the matter. The global-scale study was performed by online security firm Webroot, a company based in the United States of America.”
This week’s scams exploit people’s greed, desire to go on vacation and desire to be entertained. This first one is greed. If you have an account with Yahoo, and most people do, then you probably received an email from them this week regarding their Security Breach Proposal Settlement. Or did you?
If there’s money to be had, you know the bad guys will jump on it. According to the security training firm KnowBe4, “The bad guys are going to use the ‘urgency’ trick. The settlement is a set amount, meaning there’s only so much cash to go around. If too many people sign up for the cash option, they will have to split the pool. If someone had to spend time or money dealing with identity theft or other problems they believe stemmed from the Yahoo hacks, they can file a claim for up to $25,000 in out-of-pocket losses. All in all, enough bait to trick people.”
Could you spot a phishing email if one made it into your inbox? I’ll bet you think you could. Most people do, but they’re wrong.
According to a Webroot survey, “While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message.”
