Hackers were busy at it again this week with some standard phishing tactics, as well as some new, creative ones. And it should come as no surprise that Microsoft was in the thick of things being a victim of brand identity theft.
If you haven’t already heard, the Internet of Things (IoT) is going to be big. IoT simply means that every electrical device in your life will be connected to the Internet. From your doorbell to your thermostat to your refrigerator to every possible medical device. If you can plug it into an electrical socket it will probably plug into the Internet.
Phishing attacks give a little warning and they don’t linger at all. The timeline for many phishing websites is just a few hours. According to the 2018 Webroot Threat Report, “most phishing sites were only online for 4-8 hours.” Sometimes less. According to an article on Dark Reading website, “Many phishing campaigns last year combined attacks that were active for just a few minutes.”
Phishing attacks will always be successful because they’re not attacks on technology, they’re attacks on human nature.
As Danny Bradbury points out in SC Magazine, “Successful data breaches need not require expensive technology, massive deceptions, or even expertly faked credentials. Sometimes all it takes is a phone call to the help desk and a request for assistance logging in. You do not even have to be a legitimate user if you are convincing enough.”
It’s been shown repeatedly that all the phishing awareness training in the world won’t get the click rate on malicious emails down to zero. And now we know why.
Thanks to research conducted by Symphony Communication Services, “An alarming percentage of workers are consciously avoiding Its guidelines for security.”
Smart companies use phishing prevention technology to protect their employees and organization from phishing attacks. And whether they use their own, on-premises email server, or opt for a cloud-based email provider, companies have some important security decisions to make.
You can lose a lot of things if you get successfully phished: money, credentials, personal information, productivity, reputation, to name a few. Do you know what else you can lose? Your life!
It’s been all over the news lately that successful phishing attacks have led to patient’s medical records being exposed. There was a breach at Baystate Medical Center that impacted 12,000 patients. There were three physicians at UC Davis that got hit in a phishing scam affecting 1,800 patients. And there were the 30,000 Medicaid recipients who had their data exposed in Florida due to a phishing attack. The list goes on.
If you subscribe to the notion that hackers go where the users are, it’s not surprising that Microsoft Remains the #1 Impersonated Brand in Phishing Attacks. Others making up the top five include PayPal, Netflix, Facebook and Bank of America, which confirms the theory.
There’s a lot of spam out there. More than 14.5 billion spam messages are sent each day by some estimates. To the extent that anyone thinks about it, they probably envision that spam coming from a bunch of spammers in some third-world countries, but that’s rarely the case.
It’s why awareness training will never be good enough. And it’s why the best phishing protection technology may always fall a little short. The truth is, some of the best and brightest minds around are using their smarts to come up with more clever and more undetectable phishing exploits. It’s a technological arms race, and maybe the best you can ever hope for is a tie.
A remote vulnerability has been discovered in the EXIM email server that allows an attacker to run commands as root.
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/
If your mail server is running EXIM our email gateway can offer you complete protection from this exploit and can keep your users safe. The service is cloud-deployed and fully managed and can scale from a single domain to hosting providers needing filtering for tens of thousands of domains.
Phishing attacks are everywhere, and so is advice for how to prevent them. None of the advice offered is wrong, it’s just woefully incomplete.
A recent article on the Security Week website, Business Email Compromise Still Reigns, discusses the FBI’s annual Internet Crime Complaints Center (IC3) report and why business email compromise (BEC)—a type a phishing attack—is so prevalent.
It’s not surprising that hackers use W-2 phishing scams during tax season. Taking advantage of topical and popular subjects is at the heart of social engineering. But, the W-2 scams don’t usually target taxpayers.
According to the article on CSO Online, “The W-2 scam tries to take advantage of folks in accounting, controller and HR roles by presenting urgent
Imagine your company just fell victim to a ransomware attack. What would you do? One group of doctors decided to retire rather than pay the ransom. The officials in Jackson County, Georgia decided to pay the $400,000 ransom. The city of Chicago paid more than $1 million. So, what would you do?
If you ever find yourself the victim of a phishing attack and ransomware, you’ll only have a few options to try and deal with your circumstances.
Today, successful ransomware attacks involve stolen or encrypting the victim’s data. And to get it back, you have to pay the ransom. Of course, paying the ransom is no guarantee that you’ll get your data back, but it’s certainly higher than not paying it.
Earlier today our mail servers prevented some email from reaching some customers. The messages that were impacted had .co.uk in their domain name. Other messages were unaffected.
That’s more than 30% of people on the planet with internet access. In one month! All of that during April 2019, bringing the annual total to 5.64 billion. I wonder what will happen in May.
An article on IT Governance Blog details all of the cyber-attacks, ransomware, data breaches and financial information that was compromised during the most recent month. There’s over 70 in the list including 25 healthcare providers and 19 schools and government agencies. I doubt the list is complete.
(more…)
The last season of Game of Thrones (GoT) is finally on air, and everyone seems to be excited about it! GoT is one of the most successful shows ever to be shown on TV. However, the massive popularity of the show has lead to cybercriminals exploiting people’s love for it by tricking individuals into various online scams, and many people have lost their hard earned money by fraudulent emails in circulation nowadays.
(San Diego, CA – April 24, 2019)
DuoCircle LLC is an integrated, cloud-based email solutions company. DuoCircle has purchased Commando.io, a service that helps IT companies simplify server management. Commando.io is a web-based platform for running commands on servers via SSH.