Entries by

WARNING: Your Head of Finance May Be 1 of 50,000 Execs Targeted in BEC Scams

According to a report from email security & protection vendor Agari, the cybercriminal group dubbed London Blue are directing their latest scams at very specific finance execs. The business email compromise (BEC) scam has seen many iterations – each one seeking to fool the recipient into taking actions that benefit the cybercriminal. Agari uncovered this scam by being […]

MUST Read This WSJ Article About Our Power Grid and How the Russians Hacked it With Phishing

Earlier this month, the Wall Street Journal reconstructed the worst known hack into the USA’s power grid revealing attacks on hundreds of small contractors.  The title is very apt: “America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It”.  It’s so relevant because it describes a very effective supply-chain attack that could happen […]

Real Estate Transactions are Increasingly Vulnerable to CEO Fraud

The real estate industry is a particularly attractive target for BEC (Business Email Compromise—also known as CEO Fraud—attacks, according to FBI spokesman David Fitz. Fitz told The Baltimore Sun that the industry’s day-to-day activities present a host of opportunities for scammers, including large, online transactions and a great deal of remote communication. Between January 2017 […]

Children’s Full Personal Data and SSNs Are Being Sold on the Dark Web

Motherboard reported on an ugly story: the data sold includes names, phone numbers, addresses, and Social Security Numbers: “Even if they may not be able to really do anything about it, children are not immune to identity theft. A data broker on several dark web marketplaces is currently advertising stolen personal information relating specifically to […]

Iranian Hacker Group Beats 2FA with New Phishing Campaign Targeting Google Users

A new phishing attack method shows that even the mighty two-factor authentication can be beaten without needing to possess a user’s mobile device. We’d like to think that using Multi-Factor Authentication (MFA) surrounds the logon process with such a high level of security that it can’t be broken. But a recent phishing attack shows that […]

Malicious Business Email Campaign Uses Google Cloud Storage to Target Banks and Financial Services Companies

Researchers at Menlo Labs have spotted and tracked a new campaign aimed at tricking employees of US and UK financial firms and banks into downloading Houdini Malware. It’s no surprise that cybercriminals are going where the money is – in this case, literally. A campaign that has been running since August of this year has been identified seeking […]