Securing your Digital World
The concept of phishing is gaining immense popularity during the Covid-19 pandemic. People, by and large, are becoming victims of such fraudulent activities. Therefore, we have come up with 5 ways businesses can avoid getting trapped with emails that are meant to deteriorate their online identity. Based on recent Phishing records, almost 90 percent of companies have encountered spear phishing attacks...
5 Signs You’re Being Catfished on Tinder – What You Need to Know and What You Can Do About it Thanks to advancing technology, the use of dating apps has made it possible to meet the love of your life. In fact, it’s more common than you think, with 1 in 5 relationships now beginning with an online encounter. Unfortunately, the Internet has also made it possible to meet someone who can also ruin your life. As if we don’t have enough to worry about with stalking, catfishing has been happening more often than some may like to admit. Disclosure: This page contains affiliate links, meaning we may earn a commission if you decide to make a purchase...
How to know if the website is a hack According to defectors, North Korea’s cyber army has about 7,000 hackers. Their job is to wreak havoc on the country’s enemies. Recently, North Korean hackers targeted cybersecurity researchers in the U.S. North Korean hackers set up a fake cybersecurity company called SecuriElite. They also created fake social media accounts on Twitter and LinkedIn. Their goal was to trick cybersecurity experts into visiting the fake company website. The website was booby-trapped with malware that exploited the victim’s browser. The website claims the company is an offensive security company located in Turkey. The hackers created a blog and profiles on websites to build trust with their targets. Their goal was to attack...
Employees need to continue being wary of phishing scams as they begin to return to the office, according to Roger Kay at INKY. Kay describes several phishing templates that INKY has intercepted in recent months, including one that informed recipients that they needed to fill out a compliance form related to COVID-19 risks. “Reasonably well written, this email, apparently from the human resources department at the target company, actually came from phishers located in the United Kingdom,” Kay writes. “There are elements that might strike the recipient as strange. For example, the phrase ‘recuperating favorably’ is a bit off. Noncompliance is spelled ‘non-compliance.’ And ‘these guide and policies’ has an agreement-of-number problem. But otherwise, it’s a pretty good fake,...
Researchers at Area 1 Security have warned of a large spear phishing campaign targeting financial departments and C-suite employees with spoofed Microsoft 365 login pages. The researchers say that in some cases the attackers “specifically targeted newly-selected CEOs during critical transitionary periods.” Additionally, the attackers went after executives’ assistants. “Beyond financial departments, the attackers also targeted C-suite and executive assistants,” Area 1 says. “Targeting high-level assistants is an often overlooked method of initial entry, despite these employees having access to highly sensitive information and an overall greater level of privileges. In a few instances, the attackers even attempted to bait newly-selected CEOs of two major companies before any public announcements of this significant senior executive changeover were made.” The...
In a recent report from TechRadar, email is still the most popular form of malware distribution. Billions of emails that are spoofed are being sent everyday. Even though email is still the oldest form of online communication, it is still the go-to platform for cybercriminals to attempt to infiltrate. According to the report by Vailmail, “80% of all email inbox providers do DMARC check on inbound emails”. And with the pandemic, COVID-19 has been the key target for recent malicious email activity. Especially since your organization is still working remote. Since the increase enforcing of Domain-based Message Authentication, Reporting and Conformance (DMARC), a report from Vailmail found that there is still an influx of spoofed email messages. Despite this...
The latest tale of an organization falling victim to a business email compromise cyber attack on their credit card processor highlights how very specific the scenario needs to be to see a payout. In 2018, RealPage, a Texas-based service provider for property owners and property management companies was the victim of a cyber attack that took the company for $6 million. RealPage processed their credit card transactions through a third-party processor, Stripe. Stripe fell victim to an impersonation attack where cybercriminals gained control over a RealPage user’s credentials and convinced Stripe to modify the disbursement instructions to point to a bad guy-controlled bank account. In total, $10 million was sent to the fraudulent account, with $4 million recovered. In...
The latest Data on BEC scams shows how the bad guys are using a mix of Gmail accounts, increases in stolen wire transfers, and a shift to payroll diversions to trick you out of your money from email attacks....
The use of impersonation in phishing attacks helps to establish credibility and a sense of ease. New data shows exactly how the bad guys are using this tactic to their advantage. We’ve covered impersonation scams before where cybercriminals pretend to be your CEO, hospital personnel, or even the government. New data from cybersecurity vendor Agari highlights the impersonation trends they found by looking at email throughout the second half of 2020. 63% percent of phishing emails impersonate trusted brands (with Microsoft continuing to top the list). This breaks down in the following manner: Brand display impersonation (62.6%)– where the display name looks to be UPS, Microsoft, Amazon, etc. Individual display name impersonation (22.1%) – where the display name represents...
While the Solarwinds “sunburst” attack brought to light the compromising of a vendor, Vendor Email Compromise has been around for some time and now seems to be going mainstream. We first mentioned Vendor Email Compromise (VEC) back in late 2019. This method of compromising an email account at one company purposely to use it to attack a second company has been quietly evolving over the last 14 months. New data from Abnormal Security’s report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era sheds light on just how prevalent this attack method is becoming. According to the report: Your chance of getting hit with a VEC attack during any given week increased 82% between Q3 of last...
A new social engineering scam demonstrates how cybercriminals are both evolving their tactics while still using tried and true methods that just work to attain their goals. I’ve covered scams impersonating Office 365 I don’t know how many times. But it’s not very often you hear about a scam that uses LinkedIn as both its distribution medium and its’ credential target. Last month, victim LinkedIn users received a message from one of their connections (which proved to have been compromised) that contained a link to a third-party website containing a “LinkedInSecureMessage” (which there is no such thing). Victims are taken to a page displaying the following very official-looking page: After pressing the “view document” button, they are presented with...
Most Phishing Emails Are After Credentials 57% of phishing emails in 2020 were designed for stealing credentials, according to Cofense’s most recent Annual State of Phishing Report. Meanwhile, just 12% of phishing attacks last year were used for delivering malware. Cofense believes this is because credential phishing emails are better at bypassing email security filters than emails with malicious attachments or download links. Likewise, conversational phishing attacks, like business email compromise (BEC), have grown more popular. “The vast majority of phishing campaigns are credential theft or conversational,” Cofense says. “While malicious attachments still play a role in phishing, the frequency of this has dramatically declined over the years. In fact, most phish attachments these days are not even malware, but...
Microsoft Dominates as the Most Impersonated Brand in Phishing Attacks...
Here is a checklist of 10 important tasks security administrators should perform to keep devices protected and secure. Security administrators oversee the secured processes in place, safeguarding the day-to-day operations of an organization. While it is easy for users to focus solely on protecting computers and their devices, security admins are tasked with managing the overall landscape–including LAN/WAN, services, the devices used to access those services, and the most unpredictable factor of them all: The end user. Below is a checklist list of 10 items that should be performed to ensure that devices and networks remain secured throughout the year. 1. Update your company’s policies Corporate policies governing computing systems, networks, and acceptable-use should be updated regularly to ensure they...
English
Afrikaans
Albanian
Arabic
Bosnian
Bulgarian
Chinese (Simplified)
Chinese (Traditional)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Galician
Georgian
German
Greek
Haitian Creole
Hawaiian
Hebrew
Hindi
Hungarian
Icelandic
Indonesian
Irish
Italian
Japanese
Javanese
Korean
Kurdish (Kurmanji)
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Malay
Malayalam
Maltese
Mongolian
Nepali
Norwegian
Persian
Polish
Portuguese
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Vietnamese
Welsh
Yiddish