We start this week with a repeat offender. From the Daily Mail, news comes that “Scammers have targeted Netflix customers in Australia with an email scam aimed at getting their bank account details. The emails included a link for people to reactive their subscription, which takes them to a Netflix branded phishing page. Once the user logs into their account, they are taken to what appears to be a Netflix account page, with a notification at the top stating their account has been suspended and payment information needs to be updated.”
If given a choice between violating Amazon’s policies and getting phished, I’d much rather tick off Amazon. But hackers think that you think differently, which is the motivation for their latest phishing scam.
From Hoax Slayer, “According to an email, which purports to be from Amazon, your account will be locked because of violated policies. Supposedly, you are required to click a link to login and verify your account. The email features the Amazon logo and seemingly legitimate footer information in an effort to make it seem genuine. However, the email is fraudulent and the claim that your account has been locked is false.”
The purpose of Business Email Compromise (BEC), a type of phishing attack, is to target employees with access to company finances and trick them into sending money to the hacker. In the past this almost always meant a wire transfer.
From the hackers standpoint, there are two problems with wire transfers. First, they’re hard to keep anonymous. The hacker has to send some information about where to transfer the money. Second, companies are getting wise to this and changing policies to ensure all wire transfer requests are verified through a second channel.
You have to hand it to hackers. They’re always coming up with new ways to slip some malware passed unsuspecting email recipients.
It’s not uncommon today for prospective employees to email their resume to the HR department of the hiring company in an effort to land a job. What is uncommon, or at least it was until recently, was for that resume to contain malware.
Use your campus library much? You may be the target of the latest phishing scam. According to SC Magazine, ” The Mabna Institute, an Iranian firm whose members were indicted last year for cyberattacks against U.S. universities and other organizations, appears to have launched a new global phishing operation targeting the education sector last July and August.”
The wars of the future won’t be fought with bombs and planes they’ll be fought with 1s and 0s. And while the U.S. is worried about North Korea getting nuclear weapons, it should be more worried about their cyberattacks.
The latest salvo from North Korea is a spear-phishing attack targeting U.S. firms “with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions.” Apparently this is an ongoing malware campaign aimed at U.S. companies.
To protect critical data from being lost, a system for data protection, recovery, and retrieval was established; the system is popularly known as email archiving.
Email archiving should be a significant aspect of the data management and protection policy for any organization. Emails are the global form of communications and thus, a vulnerable entry point and a popular vector for cyber attacks. Although the primary purpose of email archiving is to protect the emails, IT experts believe it to be more important than just that.
“Malicious actors target government contractors,” according to SC Magazine. While targeting government contractors certainly isn’t a new occurrence, it does seem to be on the rise. “Over the past few months we have observed the increasing use of yet another type of transaction-based social engineering scheme designed to hook companies dependent on government contracts: the invitation to bid.”
If you haven’t been paying attention, cities are getting killed by ransomware. The number of cities that have fallen victim to ransomware just 2019 is too long to list. And once a city does get hit by ransomware, the question that always comes up is, should the city pay the ransom? It’s not an easy question to answer.
One the one hand, paying the ransom is no guarantee that the city will get their systems back. On the other hand, not paying the ransom leaves the city with the unknown financial burden of restoring their systems.
Software-as-a Service (SaaS) has been around a while now. One of the strongest benefits of SaaS is that it affords businesses the luxury of not having to buy and/or build all of their IT services. And SaaS almost always saves companies money. But what was once a luxury, is rapidly becoming a necessity.
