The ransomware plague is not letting up and rapidly getting more technically sophisticated. New strains are popping up every month, using innovative methods to spread. Worse, the ransom demands themselves are skyrocketing at the same time. This week, cyber insurance experts reported incidents with ludicrous 1 million dollar extortion attempts after attackers were able to […]
The 2018 FIFA World Cup has drawn a worldwide audience. It’s also attracted phishing scams using event tickets as bait. Tickets for the matches can only be purchased legitimately through the FIFA website using a multilayered process. This is done for both business and security reasons. Individuals are permitted to buy one ticket only, and then, once […]
Social engineering follows seasonal patterns. It’s also connected to major events. We see this every year with holiday-themed phishing attacks between Thanksgiving and New Year’s Day. We’re seeing it now with last week’s implementation of GDPR, the European Union’s General Data Protection Regulation. GDPR took effect on May 25th. In this case the phishbait is the claim […]
In a study of Lookout users, more than half clicked mobile phishing URLs that bypassed existing security controls. Since 2011, Lookout has observed this mobile phishing URL click rate increase 85 percent year-over-year. “Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways,” said […]
Daniel R. Stoller at Bloomberg Law had an excellent observation about the risks of phishing related to general crime policies. Here is a short excerpt and the whole article is warmly recommended: “The Travelers Cos. will argue May 2 that cash payments made in connection with a phishing attack aren’t covered under a general crime insurance policy.” The […]
There is yet another email scam you need to watch out for. New European data privacy regulation is going into effect May 25th. It’s called General Data Protection Regulation (GDPR) and bad guys are using it as bait, claiming you’re not compliant and you are violating this new regulation. Just one example are phishing attacks […]
The Spiceworks staff wrote: “Years after CryptoLocker raised its ugly head — setting off an unfortunate security trend — ransomware continues to be a rather painful thorn in the side of IT professionals and organizations around the world.” In 2017, we saw entire companies and government agencies shut down for days thanks to WannaCry and […]
There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account. Here is how this scam works. The victim receives a text asking whether they’ve requested a password reset for their Gmail account – and, if not, to reply with the word ‘STOP’. Employees […]
HHS’ Healthcare Cybersecurity and Communications Integration Center released a report March 30th on SamSam, an ongoing ransomware campaign that has targeted the healthcare and government sectors since 2016. There have already been at least eight SamSam attacks on healthcare and government organizations since the beginning of 2018, including attacks on two Indiana-based hospitals and EHR […]
This particular phish spoofs a campus-wide security alert for a community college (confidential information blocked out) in Florida. Given that it appears to be tailored to a particular educational institution and its students and employees, it’s a good bet that other educational institutions could see similarly targeted phishing attacks. What makes this particular attack so infuriating is […]