Entries by GDR Group

Users Pose the Greatest Security Risk

The latest data from CSO’s 2018 U.S. State of Cybercrime report highlights the risk users create, and how little organizations are doing to address it. This year’s report covers a wide range of topics, providing a relatively comprehensive view on the state of both cyberattacks, organizational preparedness, and incident response. I’ve pulled out a number […]

Bad Guys Are Now Taking Over Email Inboxes Without Phishing Attacks

According to an alert published earlier this year by the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since October 2013. Traditionally, social engineering and intrusion techniques have been the most common ways to gain access to business email accounts and dupe individuals to wire funds to […]

That Padlock Doesn’t Mean It’s Secure

We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that […]

Attackers Rev Up Financial Phishing Campaigns in Preparation for the Holidays

Shoppers around the world face an unprecedented number of phishing attacks this holiday season, according to Andrey Kostin at Kaspersky Lab. With Christmas and the New Year coming up within weeks, November and December are prime phishing season for attackers. Financial phishing made up 54% of all phishing attacks in 2017, and that number is […]

Your Weak Cyber Security Violates Federal Law

Reuters just made me aware of a U.S. Securities and Exchange Commission report about a recent SEC investigation if nine companies that had been victims of CEO fraud had sufficient internal controls in place as required by law. The report focused on what the FBI calls “business email compromise” and what in InfoSec circles is known as […]

Replica Phishing Sites Prey on User Trust

Attacks leveraging look-alike federated logon pages are more dangerous than malware-laden attachments in email. As you build out your security strategy to prevent successful cyber-attacks, much of it focuses on stopping malware attempting to enter via email-based phishing attacks. It’s a priority, as 93% of data breaches start with phishing. But, cyber criminals are changing tactics, […]

Everyone’s Cyber-Worried; No One’s Cyber-Prepared

New data from the 2018 Chubb Cyber Risk Survey shows people and companies have a false sense of cybersecurity and aren’t really doing much about it. It’s a safe assumption to think that most everyone is very much aware of cyber threats, phishing attacks, ransomware, social engineering, and other cyberattacks. In fact, Chubb’s new risk report makes […]

Creating a User Sensor Network to Stop Cyber-Attacks

If your users aren’t trying to protect corporate data and assets, you’re at risk. What you need is for the user to become an integral part of their security measures. In every attack that involves phishing, spear phishing, vishing, smishing, drive by downloads, etc., a user is necessary to carry out part of the threat […]

Fake Hotel Website Scams Target Travelers and Hotels

Cybercriminals will take advantage of any situation that separates people from their money. And what better way than to purport to be a reputable hotel and take reservations? The recent example in Turkey covered below demonstrates how far cybercriminals are willing to go to setup their scam. In this newest scam, fake hotel websites are […]