The latest data from CSO’s 2018 U.S. State of Cybercrime report highlights the risk users create, and how little organizations are doing to address it. This year’s report covers a wide range of topics, providing a relatively comprehensive view on the state of both cyberattacks, organizational preparedness, and incident response. I’ve pulled out a number […]
According to an alert published earlier this year by the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since October 2013. Traditionally, social engineering and intrusion techniques have been the most common ways to gain access to business email accounts and dupe individuals to wire funds to […]
We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that […]
Max Mitchell at Law.com has an interesting and rather painful story. Don’t let this happen to your organization. “A federal judge has dismissed the lawsuit that a Bucks County real estate firm brought against Bank of America for failing to stop a more than $500,000 wire transfer that happened after one of the firm’s principals […]
Shoppers around the world face an unprecedented number of phishing attacks this holiday season, according to Andrey Kostin at Kaspersky Lab. With Christmas and the New Year coming up within weeks, November and December are prime phishing season for attackers. Financial phishing made up 54% of all phishing attacks in 2017, and that number is […]
Reuters just made me aware of a U.S. Securities and Exchange Commission report about a recent SEC investigation if nine companies that had been victims of CEO fraud had sufficient internal controls in place as required by law. The report focused on what the FBI calls “business email compromise” and what in InfoSec circles is known as […]
Attacks leveraging look-alike federated logon pages are more dangerous than malware-laden attachments in email. As you build out your security strategy to prevent successful cyber-attacks, much of it focuses on stopping malware attempting to enter via email-based phishing attacks. It’s a priority, as 93% of data breaches start with phishing. But, cyber criminals are changing tactics, […]
New data from the 2018 Chubb Cyber Risk Survey shows people and companies have a false sense of cybersecurity and aren’t really doing much about it. It’s a safe assumption to think that most everyone is very much aware of cyber threats, phishing attacks, ransomware, social engineering, and other cyberattacks. In fact, Chubb’s new risk report makes […]
If your users aren’t trying to protect corporate data and assets, you’re at risk. What you need is for the user to become an integral part of their security measures. In every attack that involves phishing, spear phishing, vishing, smishing, drive by downloads, etc., a user is necessary to carry out part of the threat […]
Cybercriminals will take advantage of any situation that separates people from their money. And what better way than to purport to be a reputable hotel and take reservations? The recent example in Turkey covered below demonstrates how far cybercriminals are willing to go to setup their scam. In this newest scam, fake hotel websites are […]