The latest Threat Intelligence Report is out. Its findings are based on an analysis of 195 billion emails analyzed from January through June 2020. Of that large number, an astonishing 47% were flagged as malicious or spam.
It won’t come as a shock to learn that there were two main themes in the threatening emails this spring. According to HelpNetSecurity, “Two main trends ran throughout the analysis: the desire for attacker’s monetary gain and continued reliance on COVID-19-related campaigns, especially within certain vertical industries.” From the report, “One of the most significant observations of this research is that threat actors are launching opportunistic and malware-based campaigns across multiple verticals at volumes never seen before.”
Continue reading “What we Know from the Latest Email Threat Research” »
It’s 2020, which means it’s time for another Presidential election in the U.S. The big question is, who will win? But an even bigger question is, will we be able to trust the outcome? There are evil forces out there who’d love nothing better than to manipulate the outcome of the election for their own purposes. And what way are they most likely to do that? Through phishing, of course.
Continue reading “Will we be Able to Trust the Outcome of U.S. Elections Ever Again?” »
If you take an email security awareness training class, you’ll learn a dozen ways to spot phishing email. There are a lot of clues. Maybe the email contains poor spelling or grammar. Or maybe it contains an offer that’s just too good to be true. All of those are giveaways. But there is one clue that’s a more reliable predictor of a phishing email than any other one: the “from” address. If you truly know who the email is from, you’ll know whether or not it’s legitimate.
Continue reading “The Number One Clue to a Phishing Email (and what to do about it)” »
There are a lot of companies that depend on their employees to stop phishing attacks. In effect, their employees are their last line of defense. Seeing as how the cost of phishing attacks is now in the tens of billions of dollars per year (nobody knows the exact amount since victims are so reluctant to come forward), it seems like the employees stopping phishing attacks thing isn’t working too well. And now we know why.
Continue reading “The One Stat That Lets You Know You Need Help Stopping Phishing Attacks” »
Most phishing attacks are pretty straight forward. You receive an email that convinces you to log into some website you’re familiar with. But, it’s just a convincing looking replica of the website and what you’re really doing is entering your credentials into a bogus site. Once you do that, the bad guys have your credentials, and depending on which ones, they can create a whole lot of havoc for you.
Continue reading “How Hackers can Phish You Without Stealing Your Credentials” »
For the longest time, the number one delivery mechanism for ransomware was a phishing email. As much as 91% of ransomware was delivered that way. And then things changed.
According to an article on ZDNet, “in recent years, attackers have successfully pivoted to using remote ports, insecure public-facing servers and other vulnerabilities in enterprise networks to encrypt entire networks – often demanding hundreds of thousands of dollars in payment to release the data again.”
Continue reading “After a Hiatus Phishing Emails Once Again Being Used to Deliver Ransomware” »
What’s more dangerous than a phishing attack that uses a social engineering tactic to get you to click? How about a phishing attack that uses a combination of TWO social engineering tactics to get you to click? And that’s exactly what was detected this week according to InfoSecurity Magazine.
In this case, the two social engineering tactics are phishers hiding COVID-19 malware in both CVs (curriculum vitae or resumes) AND medical leave forms. According to the article, “Cyber-criminals are taking advantage of the evolving jobs market and employee health situation under COVID-19 to disguise malware in various emailed documents. The phishing campaigns spotted center around spoofed CVs and medical leave forms.”
Continue reading “The Always Dangerous Combination Phishing Attack” »
If your organization is the unfortunate victim of a phishing attack that leads to ransomware, you have a very important decision to make. Should you pay the ransom or not? The answer depends in large part on how much the ransom is. Hackers are smart not to ask for so much ransom that not paying it seems like the best alternative.
Continue reading “A Ransom may not be the Most Expensive Part of a Phishing Attack” »
I hope to never receive an email from the United States Supreme Court. It couldn’t possibly be good news. I would be very suspicious. But there is one small group of people who, if they received such an email, might not be suspicious: C-suite executives. And that’s exactly what some hackers thought as they targeted such individuals with a zero-day credential phishing attack impersonating the Supreme Court.
Continue reading “If You Received an Email from the Supreme Court Would You be Suspicious?” »
One of the ways the world has responded to the COVID-19 pandemic is to take a lot of the entertainment we used to enjoy live and in person and move it online into the world of virtual entertainment. The entertainment is still live, but now instead of watching musicians in a bar or theater, you get to watch them live streamed on your smart TV or mobile phone. The hackers know this, and they are aiming to do something about it.
Continue reading “As the World Moves to Virtual Live Entertainment Hackers Look to Take Advantage” »
The COVID-19 worldwide lockdown has had many side effects, not the least of which is that people are doing even more online shopping now. Weekly online purchases now include staples like food and cleaning products. Amazon’s sales since the pandemic arrived is up 35%. And what’s the one thing all these online sales have in common? A delivery service has to bring them to your door.
Continue reading “It Was Only a Matter of Time Before the Lockdown Lead to Delivery-based Phishing Scams” »
Hackers are always trying to come up with ever more enticing lures to phish you. Sometimes the lure is the promise of riches, while other times it’s a job opportunity or tax refund. Hackers may have outdone themselves this time with separate phishing attacks centered around fast food and free beer as a direct result of the COVID-19 pandemic.
Continue reading “Warning: Fast Food and Free Beer are Being Used to Phish You” »
Even when something as horrible as COVID-19 happens, there are some companies that benefit. One of the beneficiaries of the virus is Zoom Video, the video conferencing company that has seen a huge demand increase for their product.
Another, less obvious company, that has seen an increased demand for their service is Netflix. Recent stats display that as the COVID-19 crisis gripped nations throughout the world, Google searches for Netflix jumped to 142%. And sure enough, just as the demand goes up, so too do the number of phishing attacks targeting the company’s customers (and potential customers).
Continue reading “The Biggest Beneficiaries of COVID-19 are also the Biggest Phishing Targets” »
You have to hand it to those hackers. If there’s a way to trick you with a phishing email, they’ll figure it out. One of the best ways hackers try to trick you with a phishing email is to take advantage of the way web pages are rendered.
Web pages use HTML (hypertext markup language) and CSS (cascading style sheets) to display web pages on your computer and your mobile phone. These technologies are well-understood and have been around for a long time. One of the things that makes these technologies so powerful is how flexible they are.
Continue reading “A New Way Hackers Take Advantage of Web Pages to Phish You” »
While the pandemic known as COVID-19 is causing a dramatic increase in coronavirus-themed phishing attacks, it’s strangely having the opposite effect on other phishing attacks.
When it comes to phishing attacks, hackers tend to “specialize” in a certain type of phishing attack. And as things turn out, some of these “specialists” are really feeling the pinch from COVID-19. A lot of people are struggling in this economy, and apparently some of them are bad guys.
Continue reading “The Strange Irony of COVID-19’s Effect on Certain Phishing Attacks” »
Just the simple fact of working from home due to coronavirus leaves you more vulnerable to phishing attacks than if you were at work. Why is that? Because it’s almost certain that the cyber defenses on your home network are not as good as those on your company’s network.
Continue reading “Why Working from Home Leaves You Doubly Vulnerable to Phishing Attacks” »
If you’ve been paying any attention, you’ve seen that the healthcare industry is under a constant threat from phishing attacks that lead to ransomware. Every week it seems there’s another healthcare organization hit with a data breach or ransomware. The question is, why? And now we know the answer.
The short answer is, healthcare organizations are an easy target for hackers because their cyber defenses stink. So, the real question is, why do healthcare organizations cyber defenses stink? The short answer here is, it’s just not a priority for them. And apparently, the hackers know it.
Continue reading “Now We Know Why the Healthcare Industry is so Vulnerable to Ransomware” »
You have to hand it to those hackers, they’re always innovating. This week comes news of two new phishing exploits designed to do one thing: convince you it’s NOT a phishing email.
First, from Threat Post, comes a clever exploit that uses YouTube redirect links, which are whitelisted by many security defense mechanisms, to evade detection. From the article, “If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect the victim to their phishing landing page. URL redirects have been used in previous campaigns, including malicious redirect code affecting Joomla and WordPress websites and HTML redirectors being used by Evil Corp. Now, a new campaign is using legitimate YouTube redirect links.”
Continue reading “Two New Advanced Phishing Threats You Need to Know About” »
You almost have to be living under a rock or in a cave to not be aware of the constant threat from cyber events in general and phasing attacks and ransomware in particular. But that’s what seems to be the case for a lot of small and mid-size businesses today.
Continue reading “Small Business’s Shocking Response to Cyber Threats” »
Security Awareness training companies love to point out how important employee training is in keeping organizations safe from ransomware and malware. And to be sure, training employees to spot phishing emails is better than not doing it. But, the ubiquity of security awareness training advertising has led to two large problems.
Continue reading “Latest Research Confirms the Ineffectiveness of Security Awareness Training” »