Russia and its hackers have been popular in the news for the past several years. Whether to allegedly influence foreign elections or steal intellectual property its sphere of influence is worldwide.
But first a bit of history.
How did we get to this point in time? Countries have always been involved with clandestine activities to undermine or even overthrow neighboring governments. They have used deception and sometimes even force to accomplish their goals. So it was only a matter of time before technology was embraced as a tool to this end. And so began the partnership between hacker and government.
Continue reading “The Latest Phishing Trends Traced to Russia” »
What is spear phishing?
Spear phishing is when you receive an email from someone or some company you trust. It looks legitimate. It may even have the names and extension number of coworkers. It looks authentic, so you don’t give it a second thought. But you should, because it’s from an attacker, and they’re trying to steal your valuable information. Do you have reliable email phishing prevention security?
Continue reading “Spear Phishing Prevention for Small and Medium Size Businesses” »
2018 was a good or bad year for phishing depending on which side of the law you were on! Phishing is defined in many places on the internet, but I like the Cambridge Dictionary definition the best: “an attempt to trick someone into giving information over the internet or by email that would allow someone else to take money from them, for example by taking money out of their bank account”.
Continue reading “Top Phishing Email Attacks Worldwide in 2018” »
In this age of rampant cyber attack, corporations must take measures to protect themselves. Since 91% of all cyber attacks begin with a phishing email, taking steps to defend against phishing attack might be the single most important aspect of an overall threat defense plan.
Continue reading “Protecting Your Business From Phishing Attacks” »
By the time any business is aware that they are the target of a ransomware attack, it’s too late. Once a hacker has breached security and enticed a user to click on a malicious link or attachment, access to local data on that employee’s computer is locked. In order to unlock the data, a ransom must be paid. In about 91% of cases, the vector for ransomware is incoming email, often in the form of a spear phishing attack that purports to be from a sender known and trusted by the victim.
Ransomware is a multi-million dollar a year online business that can strike any organization.
Both Ransomware and legitimate business engage in email marketing campaigns with the intent of making sales to new customers. In the case of legitimate business, some good or service of value is returned to the client. In the case of ransomware, business is slowed or halted by malware that locks or deletes files, and a ransom is demanded that may or may not stop the attack or reverse the damage if paid. Ransomware is criminal but make no mistakes: its top producers make millions of dollars a year in revenue.
Microsoft® Office 365™ is one of the best choices around when it comes to business email
It offers multiple tools and benefits for not only email, but overall business productivity. While office 365 does offer Phishing protection as an add on feature, for a comprehensive and real time phishing protection a true end-to-end dedicated protection solution is required.
Locky is a ransomware variant that was first reported in 2016.
The most common version of the attack arrives as an attachment to an email. When opened, the attachment is mostly unreadable, except for a direction to the user to enable macros in order to make the content readable. If this is done however, an embedded macro in the “message” runs and saves the Locky virus to the user’s hard drive. After that, typically any Microsoft Office files, videos, and images on the hard drive are encrypted through the office 365 phishing email.
The overwhelming majority of attempts to compromise the security of business information today being with a phishing attack. By relying on the misplaced trust of users, phishing, spear-fishing, and whaling attacks gain access to confidential data: users click a link, open an attachment from a “trusted source,” respond to a social engineering attempt, or are otherwise tricked into revealing such information.
Every day, organizations around the world are subjected to a ransomware attack. Ransomware attacks can take many forms, in fact, the variety and ingenuity of these attacks increases as the business community becomes more aware of the challenges and adept at meeting them. But all forms of ransomware follow the same basic pattern: an employee receives an email containing an attachment. Read More
Every day, there is an increasing number of phishing and spear fishing threats, which cause disruption and damaging loss of revenue to companies worldwide.
These scams are crafted with the sole purpose of getting your employees to reveal passwords, security credentials, business secrets, and other information which would otherwise remain secure. So-called phishing scams are responsible for the vast majority of hacking attacks against corporations and individuals today.
Continue reading “Advanced Threat Defense Helps Your Organization Mitigate Phishing Scams” »
As the awareness of threats becomes more widespread, hackers and spammers are upping their game in an attempt to gain access to valuable information. Today’s phishing threats are becoming increasingly sophisticated and complex.
DuoCircle’s Advanced Threat Defense automatically generates SSL-certified domains for anti-phishing protection
At DuoCircle, we prioritize privacy and understand the need for encryption on the Web. We are passionate advocates for free speech, and the need to make encrypted connections ubiquitous online. We are happy to announce our sponsorship of Let’s Encrypt a market and thought leader in SSL and privacy online. While we are not a web hosting company that would benefit from issuing SSL certificates with each website we still believe in using the best of breed technology in all of our offerings. We specifically engineered our Advanced Threat Defense system for malware and phishing protection to utilize Let’s Encrypt certificates for our client domains. Continue reading “DuoCircle Sponsoring LetsEncrypt.org” »
One of our vendors just alerted us to this Phishing scam that they have seen over the past few months. One of their customers has been hit with increasing frequency with an attack that follows this 5-step pattern; Continue reading “Why a good password policy protects you against phishing” »
Protect your end users from email-based exploits
Last year was a rough year for malware and phishing. 2017 kicked off with hacking and malware infections making news in early January when an effective phishing scam targeted Google Gmail users by tricking them into sharing their login credentials. And now as we close out the year, these types of brazen frauds have not slowed down, in fact it has gotten worse.
Continue reading “Phishing Protection for Businesses” »
How email-based ransomware works and how to prevent attacks
Ransomware has become the largest, most dangerous malware threat to date. It affects individuals, businesses, and governments around the world by holding hard drive data hostage. The cost of ransomware infections was projected to exceed US$5 billion by the end of this year, according to this report from Cybersecurity Ventures. Costs go far beyond dealing directly with a ransomware attack. In many cases, organizations had to reduce or cease operations until the ransomware was removed. Lost business, damage to reputation, and lawsuits further added to the burden of cost for businesses that fell victim to ransomware attacks. Continue reading “7 Ways to Protect Your Organization from Email-based Ransomware Attacks” »
I just ran across this site Phishing Site in our spam quarantine folder, the sender had targetted a few thousand users on the system over the course of a few days. The thing that I found most interesting about this particular Phishing site is what I like to call the nibble.
Continue reading “PayPal Phishing Nibble” »
Did you receive a phishing email today from google with a document request from a friend? A user on reddit.com did and this is what he went through to figure it out.
You need to prepare yourself with the knowledge and understanding of just how important this attack vector is in context and how it is now going to be the model for NEW email-centric attacks. Continue reading “Understanding the Implications of the Google Phishing Attack” »
Hilton and I were talking and he mentioned to me that he got a great looking phishing email in his Yahoo account, so I decided to take a quick look at the format and believability of the message to see if it would fool the average user. I was VERY surprised at how well this message was formatted and you’ll see that during my review a second less. Continue reading “Quickbooks Phishing Email Live Walkthrough” »
If you believe your company is handling email security without any problems, the odds are you’re sadly mistaken. A recent Mimecast survey of IT security professionals found that 65% of them felt that their organization wasn’t capable of handling email-based cyber-attacks. A full third of them felt that their email was actually less secure than it was five years ago. Continue reading “65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks” »