The Lateral Phishing Attack is the New Trojan Horse

The Lateral Phishing Attack is the New Trojan Horse

What is a lateral phishing attack? A lateral phishing attack occurs when “one or more compromised employee accounts in an organization are used to target other employees in the same organization. Lateral phishing is similar to business email compromise (BEC), but while the latter is usually about getting victims to carry out fraudulent wire transfers, the main goal of the former is usually credential theft.” I suppose it means the attack occurs laterally across the org chart.

Continue reading “The Lateral Phishing Attack is the New Trojan Horse” »

Hackers Now Going After the Most Vulnerable in Society

Hackers Now Going After the Most Vulnerable in Society

If you follow the news at all, you know that phishing attacks, cyber breaches and ransomware are everywhere. It’s practically an epidemic. But, not all victims are created equal.

It’s one thing if a bank or a big corporation or even a government entity gets hit with a cyber-attack. They either have, or can find the resources to recover from such an event. Many even have some form of insurance to bail them out. But lately, hackers have pulled out all the stops and have started targeting some of the most vulnerable in society.

Continue reading “Hackers Now Going After the Most Vulnerable in Society” »

The Misguided Solution to the Phishing Problem

The Misguided Solution to the Phishing Problem

About a year ago, information security company Shred-it released a report saying “Employee negligence is the main cause of data breaches.” I have no doubt that’s true. The part I disagree with is the solution.

The solution that’s being promoted for the “employee” problem is phishing awareness training. And not just training, but MORE training. There’s only one problem with this way of thinking: it won’t eliminate data breaches.

Continue reading “The Misguided Solution to the Phishing Problem” »

Finally, a Phishing Attack That Makes Somebody Happy

Finally, a Phishing Attack That Makes Somebody Happy

Phishing attacks can cause a lot of damage, so we try to not make light of them. But every now and then you have to look on the bright side.

There was news last week that “Several thousand school children in Alabama had their summer vacation extended by two weeks as the Houston County School District was forced for the second time to delay opening day due to a cyberattack.”

Continue reading “Finally, a Phishing Attack That Makes Somebody Happy” »

A New Day – A New Set of Phishing Tactics

A New Day – A New Set of Phishing Tactics

At DuoCircle we like to stay up to date on the latest phishing tactics so we can share them with you to keep you prepared. And we never cease to be amazed at the cleverness of hackers.

One of the fastest-growing email threats is account takeover, where a hacker takes over someone’s email account. Once they do, they have a lot of options, and one of the options they’re starting to choose is something called lateral phishing.

Continue reading “A New Day – A New Set of Phishing Tactics” »

Phishing Attacks aren’t Just Targeted at People Anymore

Phishing Attacks aren’t Just Targeted at People Anymore

If you haven’t already heard, the Internet of Things (IoT) is going to be big. IoT simply means that every electrical device in your life will be connected to the Internet. From your doorbell to your thermostat to your refrigerator to every possible medical device. If you can plug it into an electrical socket it will probably plug into the Internet.

Continue reading “Phishing Attacks aren’t Just Targeted at People Anymore” »

The Harsh Truth About Phishing Attacks: Your IT Staff Isn’t Fast Enough

The Harsh Truth About Phishing Attacks: Your IT Staff Isn’t Fast Enough

Phishing attacks give a little warning and they don’t linger at all. The timeline for many phishing websites is just a few hours. According to the 2018 Webroot Threat Report, “most phishing sites were only online for 4-8 hours.” Sometimes less. According to an article on Dark Reading website, “Many phishing campaigns last year combined attacks that were active for just a few minutes.”

Continue reading “The Harsh Truth About Phishing Attacks: Your IT Staff Isn’t Fast Enough” »

Why Phishing Attacks Will Always be Successful

Why Phishing Attacks Will Always be Successful

Phishing attacks will always be successful because they’re not attacks on technology, they’re attacks on human nature.

As Danny Bradbury points out in SC Magazine, “Successful data breaches need not require expensive technology, massive deceptions, or even expertly faked credentials. Sometimes all it takes is a phone call to the help desk and a request for assistance logging in. You do not even have to be a legitimate user if you are convincing enough.”

Continue reading “Why Phishing Attacks Will Always be Successful” »

Now We Know Why You Can’t Depend on Awareness Training to Stop Phishing Attacks

Now We Know Why You Can’t Depend on Awareness Training to Stop Phishing Attacks

It’s been shown repeatedly that all the phishing awareness training in the world won’t get the click rate on malicious emails down to zero. And now we know why.

Thanks to research conducted by Symphony Communication Services, “An alarming percentage of workers are consciously avoiding Its guidelines for security.

Continue reading “Now We Know Why You Can’t Depend on Awareness Training to Stop Phishing Attacks” »

You Can Lose More Than Money in a Phishing Attack

You Can Lose More Than Money in a Phishing Attack

You can lose a lot of things if you get successfully phished: money, credentials, personal information, productivity, reputation, to name a few. Do you know what else you can lose? Your life!

It’s been all over the news lately that successful phishing attacks have led to patient’s medical records being exposed. There was a breach at Baystate Medical Center that impacted 12,000 patients. There were three physicians at UC Davis that got hit in a phishing scam affecting 1,800 patients. And there were the 30,000 Medicaid recipients who had their data exposed in Florida due to a phishing attack. The list goes on.

Continue reading “You Can Lose More Than Money in a Phishing Attack” »

Phishing Attacks: The State of the Art

Phishing Attacks: The State of the Art

It’s why awareness training will never be good enough. And it’s why the best phishing protection technology may always fall a little short. The truth is, some of the best and brightest minds around are using their smarts to come up with more clever and more undetectable phishing exploits. It’s a technological arms race, and maybe the best you can ever hope for is a tie.

Continue reading “Phishing Attacks: The State of the Art” »

Why Most Phishing Prevention Advice Falls Short

Why Most Phishing Prevention Advice Falls Short

Phishing attacks are everywhere, and so is advice for how to prevent them. None of the advice offered is wrong, it’s just woefully incomplete.

A recent article on the Security Week website, Business Email Compromise Still Reigns, discusses the FBI’s annual Internet Crime Complaints Center (IC3) report and why business email compromise (BEC)—a type a phishing attack—is so prevalent.

Continue reading “Why Most Phishing Prevention Advice Falls Short” »

Just When You Thought Taxpayer Phishing Season Was Over

Just When You Thought Taxpayer Phishing Season Was Over

It’s not surprising that hackers use W-2 phishing scams during tax season. Taking advantage of topical and popular subjects is at the heart of social engineering. But, the W-2 scams don’t usually target taxpayers.

According to the article on CSO Online, “The W-2 scam tries to take advantage of folks in accounting, controller and HR roles by presenting urgent

Continue reading “Just When You Thought Taxpayer Phishing Season Was Over” »

How One Successful Phishing Attack Lead to Forced Early Retirement

How One Successful Phishing Attack Lead to Forced Early Retirement

If you ever find yourself the victim of a phishing attack and ransomware, you’ll only have a few options to try and deal with your circumstances.

Today, successful ransomware attacks involve stolen or encrypting the victim’s data. And to get it back, you have to pay the ransom. Of course, paying the ransom is no guarantee that you’ll get your data back, but it’s certainly higher than not paying it.

Continue reading “How One Successful Phishing Attack Lead to Forced Early Retirement” »

Seriously? Over 1 Billion Records Leaked in One Month

Seriously? Over 1 Billion Records Leaked in One Month

That’s more than 30% of people on the planet with internet access. In one month! All of that during April 2019, bringing the annual total to 5.64 billion. I wonder what will happen in May.

An article on IT Governance Blog details all of the cyber-attacks, ransomware, data breaches and financial information that was compromised during the most recent month. There’s over 70 in the list including 25 healthcare providers and 19 schools and government agencies. I doubt the list is complete.
Continue reading “Seriously? Over 1 Billion Records Leaked in One Month” »

Game of Thrones Phishing Scams: What Do You Need To  Know?

Game of Thrones Phishing Scams: What Do You Need To Know?

The last season of Game of Thrones (GoT) is finally on air, and everyone seems to be excited about it! GoT is one of the most successful shows ever to be shown on TV. However, the massive popularity of the show has lead to cybercriminals exploiting people’s love for it by tricking individuals into various online scams, and many people have lost their hard earned money by fraudulent emails in circulation nowadays.

Continue reading “Game of Thrones Phishing Scams: What Do You Need To Know?” »

Pin It on Pinterest