You almost have to be living under a rock or in a cave to not be aware of the constant threat from cyber events in general and phasing attacks and ransomware in particular. But that’s what seems to be the case for a lot of small and mid-size businesses today.
This week’s first scam comes courtesy of the U.S. Postal Service. From an article online, “USPS® and the Postal Inspection Service are aware of the circulation of a fake email/email scam claiming to be from USPS officials including the Postmaster General.
Security Awareness training companies love to point out how important employee training is in keeping organizations safe from ransomware and malware. And to be sure, training employees to spot phishing emails is better than not doing it. But, the ubiquity of security awareness training advertising has led to two large problems.
Got an Amex or a Chase credit card? Then you were the target of a new phishing campaign this week. According to Information Security Buzz, “A new phishing campaign involves scammers sending fake Chase and Amex fraud protection emails asking users if the listed card transactions are valid. Victims who click the no button in the message to dispute the transactions will be redirected to a fake yet legitimate-looking Chase or American Express login site where they will go through a fake verification process that invites them to enter their username, password, birth date, social security number, as well as their bank and credit card information.” (more…)
You can take every precaution imaginable and still have your company get hit with a successful phishing attack. Why is that? Because hackers are just that good and employees are, well, just that human.
Our first scam of the week “Says it will pay for data breaches.” Really? You don’t say?
“A new phishing scam that masquerades as a U.S. government consumer agency is supposedly paying data breach victims for the loss of their personally identifiable information. Instead, once consumers enter their name, birthdate, credit card number and Social Security number, you can probably guess what happens next.” Yes, we can.
Do you ever use an online service that gives you multiple ways to sign in? For example, there’s the online storage service Dropbox which lets you login with your Google credentials, Yahoo credentials, Office 365 credentials and others. Seems very convenient, because you don’t have to remember as many login credentials. Well guess what? Attackers know that and they’re now using it to phish you.
You know it’s a bad week when the scam of the week involves professional sports teams’ social media accounts getting hacked. From SC Magazine, “According to multiple news sources, the hackers compromised the NFL’s league Twitter and Facebook account, as well as social media accounts belonging to the Buffalo Bills, Arizona Cardinals, Chicago Bears, Cleveland Browns, Dallas Cowboys, Denver Broncos, Green Bay Packers, Houston Texans, Indianapolis Colts, Kansas City Chiefs, Los Angeles Chargers, Minnesota Vikings, New York Giants, Philadelphia Eagles, San Francisco 49ers and Tampa Bay Buccaneers.” A lot of teams lost this week…and they didn’t even play.
Now that we’re in 2020, the phishing numbers from 2019 are starting to trickle in. Numbers which attempt to quantify the state of phishing, such as how many emails were malicious and how many were effective. And so far, things look pretty bleak.
For starters, what percentage of people do you think can spot all of the phishing scams out there? It’s important to spot them all because it only takes one click to bring down an entire organization. The answer? 5% according to a survey from Security.org.
FedEx is back in the news for…phishing scams. According to the Tullahoma News, “Law enforcement is warning about a new FedEx phishing scam. The company’s customers from across the country, including locals, have received a text message showing a tracking code and asking to click and set delivery preference. The link is fraudulent.”