We start this week with a repeat offender. From the Daily Mail, news comes that “Scammers have targeted Netflix customers in Australia with an email scam aimed at getting their bank account details. The emails included a link for people to reactive their subscription, which takes them to a Netflix branded phishing page. Once the user logs into their account, they are taken to what appears to be a Netflix account page, with a notification at the top stating their account has been suspended and payment information needs to be updated.”
If given a choice between violating Amazon’s policies and getting phished, I’d much rather tick off Amazon. But hackers think that you think differently, which is the motivation for their latest phishing scam.
From Hoax Slayer, “According to an email, which purports to be from Amazon, your account will be locked because of violated policies. Supposedly, you are required to click a link to login and verify your account. The email features the Amazon logo and seemingly legitimate footer information in an effort to make it seem genuine. However, the email is fraudulent and the claim that your account has been locked is false.”
The purpose of Business Email Compromise (BEC), a type of phishing attack, is to target employees with access to company finances and trick them into sending money to the hacker. In the past this almost always meant a wire transfer.
From the hackers standpoint, there are two problems with wire transfers. First, they’re hard to keep anonymous. The hacker has to send some information about where to transfer the money. Second, companies are getting wise to this and changing policies to ensure all wire transfer requests are verified through a second channel.
You have to hand it to hackers. They’re always coming up with new ways to slip some malware passed unsuspecting email recipients.
It’s not uncommon today for prospective employees to email their resume to the HR department of the hiring company in an effort to land a job. What is uncommon, or at least it was until recently, was for that resume to contain malware.
Use your campus library much? You may be the target of the latest phishing scam. According to SC Magazine, ” The Mabna Institute, an Iranian firm whose members were indicted last year for cyberattacks against U.S. universities and other organizations, appears to have launched a new global phishing operation targeting the education sector last July and August.”
The wars of the future won’t be fought with bombs and planes they’ll be fought with 1s and 0s. And while the U.S. is worried about North Korea getting nuclear weapons, it should be more worried about their cyberattacks.
The latest salvo from North Korea is a spear-phishing attack targeting U.S. firms “with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions.” Apparently this is an ongoing malware campaign aimed at U.S. companies.
To protect critical data from being lost, a system for data protection, recovery, and retrieval was established; the system is popularly known as email archiving.
Email archiving should be a significant aspect of the data management and protection policy for any organization. Emails are the global form of communications and thus, a vulnerable entry point and a popular vector for cyber attacks. Although the primary purpose of email archiving is to protect the emails, IT experts believe it to be more important than just that.
“Malicious actors target government contractors,” according to SC Magazine. While targeting government contractors certainly isn’t a new occurrence, it does seem to be on the rise. “Over the past few months we have observed the increasing use of yet another type of transaction-based social engineering scheme designed to hook companies dependent on government contracts: the invitation to bid.”
If you haven’t been paying attention, cities are getting killed by ransomware. The number of cities that have fallen victim to ransomware just 2019 is too long to list. And once a city does get hit by ransomware, the question that always comes up is, should the city pay the ransom? It’s not an easy question to answer.
One the one hand, paying the ransom is no guarantee that the city will get their systems back. On the other hand, not paying the ransom leaves the city with the unknown financial burden of restoring their systems.
Software-as-a Service (SaaS) has been around a while now. One of the strongest benefits of SaaS is that it affords businesses the luxury of not having to buy and/or build all of their IT services. And SaaS almost always saves companies money. But what was once a luxury, is rapidly becoming a necessity.
The number of cyberattacks and security breaches increases every year. Year by year, the percentage surges upwards. According to Gemalto, there was a 164 percent increase in cyberattack frequency between 2016 and 2017. Projections between 2017 and 2018 already show a trend towards even greater growth.
It’s one thing to be taken in by a hacker. It’s another thing to be taken in by a bot. Called trickbots, they are a network of bots, or Internet robots, that trick the recipient into divulging some personal information.
Now word comes that the latest trickbot, which is an updated version of an existing trickbot, is being used “to target three of the largest mobile carriers in the United States, namely Verizon Wireless (August 5), T-Mobile (August 12), and Sprint (August 19).” The trickbot in this instance is being used to grab user’s PIN code.
If you haven’t heard, cyberattacks are a big problem. They’re an even bigger problem for small companies. Why is that? Two reasons. First, because there are a lot of them and second, because they aren’t very well prepared.
Small and mid-size businesses (SMB) are the target of cyber-attacks quite often. “According to the Verizon 2019 Data Breach Incident Report (DBIR), 58% of SMBs experienced a cyber incident in 2018.”
Office 365 has successfully moved mountains of email from on-site servers to the cloud. But, does Office 365 really meet the criteria for archiving compliance, e-discovery, and legal holds? Should businesses consider and use a third-party email archiving solutions?
Join us as we explore these questions and their answers.
As a hosting provider, your IP reputation is of paramount importance. This is one of the factors that determines whether your customers’ emails arrive at their inbox or junk folders.
Unfortunately, traditional SMTP providers collect reputation data at the server level. This puts shared hosting and VPS providers in a tight spot.
If you host hundreds of customers on a single server, one bad actor sending spam emails can ruin the reputation of every single other user. This significantly damages the user experience for all your legitimate customers and generates a ton of support tickets, thereby straining your resources considerably.
Mobile phishing is not a new phenomenon. Almost anyone old enough to remember using pre-smartphone mobile devices also remembers getting suspicious texts and calls from early scammers. Often, these scam artists used some variant of the now-campy Nigerian Prince scheme to trick victims.
But times have changed. Today’s mobile phishing attacks are sophisticated, high-tech, and largely automated. Mobile phones have taken on a more important role in users’ lives than ever before, and the world’s hackers have access to more data than the previous generations could dream of. Without mobile phishing protection, users are vulnerable.
Do you ever wonder why Microsoft consistently tops the list of favorite brands to target with phishing scams? Because it’s one of the most widely used brands, AND because apparently it’s security isn’t very good.
Now comes word of a spear phishing scam, targeting a company in the energy sector, “using a savvy trick to get around the company’s Microsoft email security stack.”
You can purchase anything as a service today—even malware. According to ThreatPost, “A phishing campaign that spoofs a PDF attachment to deliver Adwind spyware has been taking aim at national grid utilities infrastructure.”
“Adwind, a.k.a. JRAT or SockRat, is being used in a malware-as-a-service model in this campaign. It offers a full cadre of info-gathering features, including the ability to take screenshots, harvest credentials from Chrome, Internet Explorer and Microsoft Edge, record video and audio, take photos, steal files, perform keylogging, read emails and steal VPN certificates.” One stop shopping to create havoc.
It’s everywhere you turn. Advertisements for security awareness training. The last line of defense. The human firewall.
There’s nothing wrong with training your employees to recognize security exploits. We recommend it. But it should be one part of a holistic defense-in-depth approach to security. Why is that? Because the math of having employee awareness training be your only line of defense is frightening. How frightening?
Phishing scams are more common than you might think. In fact, a person receives an average of six malicious emails per day, threatening the security of their computer and their systems.
Between 2013 and 2016, American businesses faced a staggering $500 billion in losses due to phishing scams. This led to an extensive FBI investigation of over 22,000 reported phishing scams.
