email phishing scams

5 ways businesses can avoid phishing scams online

The concept of phishing is gaining immense popularity during the Covid-19 pandemic. People, by and large, are becoming victims of such fraudulent activities. Therefore, we have come up with 5 ways businesses can avoid getting trapped with emails that are meant to deteriorate their online identity. Based on recent Phishing records, almost 90 percent of companies have encountered spear phishing attacks...

...

5-Signs-Youre-Being-Catfished-on-Tinder-Making-Sense-of-Security

5 Signs You’re Being Catfished on Tinder

  5 Signs You’re Being Catfished on Tinder –  What You Need to Know and What You Can Do About it Thanks to advancing technology, the use of dating apps has made it possible to meet the love of your life. In fact, it’s more common than you think, with 1 in 5 relationships now beginning with an online encounter.  Unfortunately, the Internet has also made it possible to meet someone who can also ruin your life. As if we don’t have enough to worry about with stalking, catfishing has been happening more often than some may like to admit.  Disclosure: This page contains affiliate links, meaning we may earn a commission if you decide to make a purchase...

how to tell if its a fake website or hack

Website or hacker trap? Here’s how to tell

How to know if the website is a hack According to defectors, North Korea’s cyber army has about 7,000 hackers. Their job is to wreak havoc on the country’s enemies. Recently, North Korean hackers targeted cybersecurity researchers in the U.S. North Korean hackers set up a fake cybersecurity company called SecuriElite. They also created fake social media accounts on Twitter and LinkedIn. Their goal was to trick cybersecurity experts into visiting the fake company website. The website was booby-trapped with malware that exploited the victim’s browser. The website claims the company is an offensive security company located in Turkey. The hackers created a blog and profiles on websites to build trust with their targets. Their goal was to attack...

phishbait-surveys-rule-changes-boss

A Can of Phish Bait: from Surveys to Rule Changes to Your Boss’s Boss

Employees need to continue being wary of phishing scams as they begin to return to the office, according to Roger Kay at INKY. Kay describes several phishing templates that INKY has intercepted in recent months, including one that informed recipients that they needed to fill out a compliance form related to COVID-19 risks. “Reasonably well written, this email, apparently from the human resources department at the target company, actually came from phishers located in the United Kingdom,” Kay writes. “There are elements that might strike the recipient as strange. For example, the phrase ‘recuperating favorably’ is a bit off. Noncompliance is spelled ‘non-compliance.’ And ‘these guide and policies’ has an agreement-of-number problem. But otherwise, it’s a pretty good fake,...

Spoofing Tailored to Financial Departments

Spoofing Tailored to Financial Departments

Researchers at Area 1 Security have warned of a large spear phishing campaign targeting financial departments and C-suite employees with spoofed Microsoft 365 login pages. The researchers say that in some cases the attackers “specifically targeted newly-selected CEOs during critical transitionary periods.” Additionally, the attackers went after executives’ assistants. “Beyond financial departments, the attackers also targeted C-suite and executive assistants,” Area 1 says. “Targeting high-level assistants is an often overlooked method of initial entry, despite these employees having access to highly sensitive information and an overall greater level of privileges. In a few instances, the attackers even attempted to bait newly-selected CEOs of two major companies before any public announcements of this significant senior executive changeover were made.” The...

Billions of Spoofed Emails

Why Should You Be Using DMARC? 3 Billion Spoofed Emails are Being Sent Everyday

In a recent report from TechRadar, email is still the most popular form of malware distribution. Billions of emails that are spoofed are being sent everyday. Even though email is still the oldest form of online communication, it is still the go-to platform for cybercriminals to attempt to infiltrate. According to the report by Vailmail, “80% of all email inbox providers do DMARC check on inbound emails”. And with the pandemic, COVID-19 has been the key target for recent malicious email activity. Especially since your organization is still working remote. Since the increase enforcing of Domain-based Message Authentication, Reporting and Conformance (DMARC), a report from Vailmail found that there is still an influx of spoofed email messages. Despite this...

Cyber Insurance is might not Cover that $6 Million in Cyber Fraud

Think Your Cyber Insurance is Going to Cover that $6 Million attack in Cyber Fraud? Think Again.

The latest tale of an organization falling victim to a business email compromise cyber attack on their credit card processor highlights how very specific the scenario needs to be to see a payout.  In 2018, RealPage, a Texas-based service provider for property owners and property management companies was the victim of a cyber attack that took the company for $6 million. RealPage processed their credit card transactions through a third-party processor, Stripe. Stripe fell victim to an impersonation attack where cybercriminals gained control over a RealPage user’s credentials and convinced Stripe to modify the disbursement instructions to point to a bad guy-controlled bank account. In total, $10 million was sent to the fraudulent account, with $4 million recovered. In...

Phishing Attacks Continue to Impersonate Trusted Brands to Deceive Potential Victims

Phishing Attacks Continue to Impersonate Trusted Brands to Deceive Potential Victims

The use of impersonation in phishing attacks helps to establish credibility and a sense of ease. New data shows exactly how the bad guys are using this tactic to their advantage. We’ve covered impersonation scams before where cybercriminals pretend to be your CEO, hospital personnel, or even the government. New data from cybersecurity vendor Agari highlights the impersonation trends they found by looking at email throughout the second half of 2020. 63% percent of phishing emails impersonate trusted brands (with Microsoft continuing to top the list). This breaks down in the following manner: Brand display impersonation (62.6%)– where the display name looks to be UPS, Microsoft, Amazon, etc. Individual display name impersonation (22.1%) – where the display name represents...

Vendor Email Compromise is Officially A Big (Seven-Figure) Problem

While the Solarwinds “sunburst” attack brought to light the compromising of a vendor, Vendor Email Compromise has been around for some time and now seems to be going mainstream. We first mentioned Vendor Email Compromise (VEC) back in late 2019. This method of compromising an email account at one company purposely to use it to attack a second company has been quietly evolving over the last 14 months. New data from Abnormal Security’s report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era sheds light on just how prevalent this attack method is becoming. According to the report: Your chance of getting hit with a VEC attack during any given week increased 82% between Q3 of last...

Phishing Scammers Send a Fake “Private Shared Document” as the Initial Attack Vector for Stealing LinkedIn Credentials

Phishing Scammers Send a Fake “Private Shared Document” as the Initial Attack Vector for Stealing LinkedIn Credentials

A new social engineering scam demonstrates how cybercriminals are both evolving their tactics while still using tried and true methods that just work to attain their goals. I’ve covered scams impersonating Office 365 I don’t know how many times. But it’s not very often you hear about a scam that uses LinkedIn as both its distribution medium and its’ credential target. Last month, victim LinkedIn users received a message from one of their connections (which proved to have been compromised) that contained a link to a third-party website containing a “LinkedInSecureMessage” (which there is no such thing). Victims are taken to a page displaying the following very official-looking page: After pressing the “view document” button, they are presented with...

Phishing Emails Are After Credentials

Most Phishing Emails Are After Credentials

Most Phishing Emails Are After Credentials 57% of phishing emails in 2020 were designed for stealing credentials, according to Cofense’s most recent Annual State of Phishing Report. Meanwhile, just 12% of phishing attacks last year were used for delivering malware. Cofense believes this is because credential phishing emails are better at bypassing email security filters than emails with malicious attachments or download links. Likewise, conversational phishing attacks, like business email compromise (BEC), have grown more popular. “The vast majority of phishing campaigns are credential theft or conversational,” Cofense says. “While malicious attachments still play a role in phishing, the frequency of this has dramatically declined over the years. In fact, most phish attachments these days are not even malware, but...

security admin checklist

Security admins checklist: 10 tasks to perform every year

Here is a checklist of 10 important tasks security administrators should perform to keep devices protected and secure. Security administrators oversee the secured processes in place, safeguarding the day-to-day operations of an organization. While it is easy for users to focus solely on protecting computers and their devices, security admins are tasked with managing the overall landscape–including LAN/WAN, services, the devices used to access those services, and the most unpredictable factor of them all: The end user. Below is a checklist list of 10 items that should be performed  to ensure that devices and networks remain secured throughout the year. 1. Update your company’s policies Corporate policies governing computing systems, networks, and acceptable-use should be updated regularly to ensure they...

Scroll to top