It’s been shown repeatedly that all the phishing awareness training in the world won’t get the click rate on malicious emails down to zero. And now we know why.
Thanks to research conducted by Symphony Communication Services, “An alarming percentage of workers are consciously avoiding Its guidelines for security.”
Smart companies use phishing prevention technology to protect their employees and organization from phishing attacks. And whether they use their own, on-premises email server, or opt for a cloud-based email provider, companies have some important security decisions to make.
You can lose a lot of things if you get successfully phished: money, credentials, personal information, productivity, reputation, to name a few. Do you know what else you can lose? Your life!
It’s been all over the news lately that successful phishing attacks have led to patient’s medical records being exposed. There was a breach at Baystate Medical Center that impacted 12,000 patients. There were three physicians at UC Davis that got hit in a phishing scam affecting 1,800 patients. And there were the 30,000 Medicaid recipients who had their data exposed in Florida due to a phishing attack. The list goes on.
If you subscribe to the notion that hackers go where the users are, it’s not surprising that Microsoft Remains the #1 Impersonated Brand in Phishing Attacks. Others making up the top five include PayPal, Netflix, Facebook and Bank of America, which confirms the theory.
There’s a lot of spam out there. More than 14.5 billion spam messages are sent each day by some estimates. To the extent that anyone thinks about it, they probably envision that spam coming from a bunch of spammers in some third-world countries, but that’s rarely the case.
It’s why awareness training will never be good enough. And it’s why the best phishing protection technology may always fall a little short. The truth is, some of the best and brightest minds around are using their smarts to come up with more clever and more undetectable phishing exploits. It’s a technological arms race, and maybe the best you can ever hope for is a tie.
A remote vulnerability has been discovered in the EXIM email server that allows an attacker to run commands as root.
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/
If your mail server is running EXIM our email gateway can offer you complete protection from this exploit and can keep your users safe. The service is cloud-deployed and fully managed and can scale from a single domain to hosting providers needing filtering for tens of thousands of domains.
Phishing attacks are everywhere, and so is advice for how to prevent them. None of the advice offered is wrong, it’s just woefully incomplete.
A recent article on the Security Week website, Business Email Compromise Still Reigns, discusses the FBI’s annual Internet Crime Complaints Center (IC3) report and why business email compromise (BEC)—a type a phishing attack—is so prevalent.
It’s not surprising that hackers use W-2 phishing scams during tax season. Taking advantage of topical and popular subjects is at the heart of social engineering. But, the W-2 scams don’t usually target taxpayers.
According to the article on CSO Online, “The W-2 scam tries to take advantage of folks in accounting, controller and HR roles by presenting urgent
Imagine your company just fell victim to a ransomware attack. What would you do? One group of doctors decided to retire rather than pay the ransom. The officials in Jackson County, Georgia decided to pay the $400,000 ransom. The city of Chicago paid more than $1 million. So, what would you do?
If you ever find yourself the victim of a phishing attack and ransomware, you’ll only have a few options to try and deal with your circumstances.
Today, successful ransomware attacks involve stolen or encrypting the victim’s data. And to get it back, you have to pay the ransom. Of course, paying the ransom is no guarantee that you’ll get your data back, but it’s certainly higher than not paying it.
Earlier today our mail servers prevented some email from reaching some customers. The messages that were impacted had .co.uk in their domain name. Other messages were unaffected.
That’s more than 30% of people on the planet with internet access. In one month! All of that during April 2019, bringing the annual total to 5.64 billion. I wonder what will happen in May.
An article on IT Governance Blog details all of the cyber-attacks, ransomware, data breaches and financial information that was compromised during the most recent month. There’s over 70 in the list including 25 healthcare providers and 19 schools and government agencies. I doubt the list is complete.
(more…)
The last season of Game of Thrones (GoT) is finally on air, and everyone seems to be excited about it! GoT is one of the most successful shows ever to be shown on TV. However, the massive popularity of the show has lead to cybercriminals exploiting people’s love for it by tricking individuals into various online scams, and many people have lost their hard earned money by fraudulent emails in circulation nowadays.
(San Diego, CA – April 24, 2019)
DuoCircle LLC is an integrated, cloud-based email solutions company. DuoCircle has purchased Commando.io, a service that helps IT companies simplify server management. Commando.io is a web-based platform for running commands on servers via SSH.
If you haven’t heard lately, when it comes to getting phished, municipalities and local governments aren’t doing too well. And it’s costing them a lot of money.
According to a recent article on SC Magazine website, four different municipalities were hit with ransomware attacks during the week of April 15, 2019. The article said, “Augusta, Maine; Imperial County, Calif.; Stuart, Fla.; and Greenville, N.C. were all in different stages of recovering from ransomware attacks over the last seven days.”
SMTP service (i.e., email) today is a commodity. So much so, that many businesses pay some other business to “host” their SMTP service for them. This enables the business to send and receive email without having to buy, set up or manage an SMTP server. And judging by how prices have come down over time, it’s fair to assume that there are a lot of hosted SMTP service providers.
Phishing protection is big business. There are many providers out there using advanced technologies to protect companies of all sizes. And these technologies are needed, because as research has shown, phishing protection education alone will not protect your company.
We regularly help businesses migrate from one Office 365 to another Office 365 tenant. A verycommon use case involves the transition between (or within) email providers or splitting out business units or the migration of tenants between organizations. Microsoft warns that a new Office 365 tenant may be inaccessible for as long as 24 hours during the migration, which means there is a chance for email to be lost. Microsoft’s guide to migrating email accounts between Office365 tenants includes the following instruction: