If it’s making headlines, you can be sure it’ll be used in a phishing scam. What’s the big news this week? Jeffrey Epstein suicide in jail. Queue the phishing emails.
According to KnowBe4, “a series of scams are underway using the Epstein death as social engineering tactic.” Maybe something to the effect of “See Jeffrey Epstein Last Words on Video.” Admittedly it’s hard not to click on that, but don’t.
Phishing is so widespread today, you can feel the effects of a phishing attack even if you’re not the one who got phished. The latest example of this is detailed in a report on Bleeping Computer: “Phishing Attacks Target US Utilities with Remote Access Trojan.”
About a year ago, information security company Shred-it released a report saying “Employee negligence is the main cause of data breaches.” I have no doubt that’s true. The part I disagree with is the solution.
The solution that’s being promoted for the “employee” problem is phishing awareness training. And not just training, but MORE training. There’s only one problem with this way of thinking: it won’t eliminate data breaches.
We’re always impressed when fraudsters come up with new and clever ways to execute phishing scams and this week didn’t disappoint us. This week we get word of a phishing scam disguised as fake e-tickets for Korean Airlines.
According to the article, “South Korean flag carrier Korean Air (KE) has warned customers against phishing scams using fake e-tickets. Seungwon Chung, KE Global Communications deputy general manager, confirmed with the Philippine News Agency (PNA) on Monday that the carrier has received [a] few complaints regarding this recently.”
DuoCircle, an email security company, has just completed its first scholarship program offering a $1000 award for the best essay or video on email privacy and security.
Specific topics covered included the following:
Phishing attacks can cause a lot of damage, so we try to not make light of them. But every now and then you have to look on the bright side.
There was news last week that “Several thousand school children in Alabama had their summer vacation extended by two weeks as the Houston County School District was forced for the second time to delay opening day due to a cyberattack.”
At DuoCircle we like to stay up to date on the latest phishing tactics so we can share them with you to keep you prepared. And we never cease to be amazed at the cleverness of hackers.
One of the fastest-growing email threats is account takeover, where a hacker takes over someone’s email account. Once they do, they have a lot of options, and one of the options they’re starting to choose is something called lateral phishing.
It wouldn’t be a week if there was some scam aimed at Apple customers. Now comes word of a phony Apple phishing email. “Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Apple. As phishing emails go, this one is pretty good.”
At DuoCircle, we offer email forwarding. We understand that at this point email forwarding is more or less a commodity. Oh sure, you want your email forwarding to come with advanced features like forwarding groups, spam/virus protection and seamless integration into your email service. But, just because email forwarding is easy to do, doesn’t mean it’s always smart to do.
What if there existed a technology that could dramatically lower the chances of your domains being spoofed and used for phishing attacks on recipients. Would you take advantage of it? Probably not, because the technology does exist and almost nobody is using it. And the reasons why are confounding.
Most phishing emails contain a malicious link in the hope that the recipient will click on it. Phishing prevention technology is wise to this tactic, which has forced attackers to adapt. Their latest adaptation is a novel new phishing technique targeting American Express customers, by breaking the malicious link up into two parts.
Email backup is not the same as email archiving. They’re different, and solve very different problems.
Email backup stores your emails when your email server goes down by providing you a backup email server. In this manner, email backup is a very important part of business continuity and disaster recovery (BC/DR). That’s the problem it solves. If something goes wrong with your email server, you won’t lose any emails.
We anticipate that the DNS migration to Cloudflare on July 20th, 2019 will be uneventful, however in the event that there is an issue we have incorporated DNS redundancies into your
email services.
This is not a good time to be a city in Florida if you’re looking to avoid a ransomware attack. First it was Riviera Beach on June 5. Then it was Lake City on June 10. Now it’s Key Biscayne. According to the Miami Herald, “The village of Key Biscayne confirmed Thursday it had been hit by a cyberattack — the third Florida city this month to fall victim to outside hackers.”
Employees travel, that’s part of being in business. And when they travel, they’re going to check their email. There’s no reason that simple act should put your organization at risk, but for many companies, it does. That’s because of the safeguards they put in place, don’t always travel with the employees. But they should.
If you’re a professional archivist, one of the things you should archive is email. If you’re a Registered Investment Advisor, one of the things you MUST archive is email.
Hackers were busy at it again this week with some standard phishing tactics, as well as some new, creative ones. And it should come as no surprise that Microsoft was in the thick of things being a victim of brand identity theft.
If you haven’t already heard, the Internet of Things (IoT) is going to be big. IoT simply means that every electrical device in your life will be connected to the Internet. From your doorbell to your thermostat to your refrigerator to every possible medical device. If you can plug it into an electrical socket it will probably plug into the Internet.
Phishing attacks give a little warning and they don’t linger at all. The timeline for many phishing websites is just a few hours. According to the 2018 Webroot Threat Report, “most phishing sites were only online for 4-8 hours.” Sometimes less. According to an article on Dark Reading website, “Many phishing campaigns last year combined attacks that were active for just a few minutes.”
Phishing attacks will always be successful because they’re not attacks on technology, they’re attacks on human nature.
As Danny Bradbury points out in SC Magazine, “Successful data breaches need not require expensive technology, massive deceptions, or even expertly faked credentials. Sometimes all it takes is a phone call to the help desk and a request for assistance logging in. You do not even have to be a legitimate user if you are convincing enough.”