877.603.8818 info@gdrgroup.com

GDR Group Blog

Do You Have A Millennial Security Awareness Training Gap?

Unlike previous generations, millennials have used (and trusted) technology all their lives. So, does it cause a gap in your organization’s Security Awareness Program?  Read more…

 

Employee Negligence – Your Organization’s (bigger than you think) Nightmare

A new study shows a vast majority of C-level executives see employee negligence as one of their most pressing security risks.

When most security professionals think about “insider risk”, thoughts turn to the malicious insider.  Read more…

Your Package is on its Way, But Not the One You Expected

Here’s a current scam those involved in shipping and receiving should be aware of. Suppose you’re expecting a package from a major package delivery company.  Read more…

Breach You Once? Shame on You. Breach You Twice? Still.. Shame on You.

Heed the warning found in the story of a Virginia bank that was not breached once, but twice in an 8-month period of timeRead more…

When Ransomware Attacks Triple, You Need to Pay Attention!

Security vendor SonicWall just released their latest report on cyberattack volumes… and the numbers are staggering.  Read more…

You Can’t Afford a Data Breach – And They’re Only Getting More Expensive

Companies face the constant, rising threat of data breaches each year, but the cost of a breach differs for every organization.  Read more

Phishing Epidemic: Emotet Infections Costing Orgs Up to $1 Million Per Incident

US-CERT alert sounds the alarm on Emotet, one of the most costly and destructive malware strains currently active. Read more…

Massive Downtime Caused by Bad Guys Killing Ban's 9,500 System

A cyberattack against Banco De Chile (BDC)—that country’s largest financial institution—bricked a hair-raising 9,000 workstations and 500 servers.  Read more…

Why Preventing Social Engineering Isn’t Enough

The heightened state of cyber-attacks in recent years has put a lot of focus on preventing those attacks from being successful. But, organizations can’t simply rely on defensive strategies to stay secure.  Read more…

There Is A New Hybrid Cyber Attack On Banks And Credit Unions In The Wild

There is a new strain of attack that’s the next scary thing your organization may become the target of.  Read more…

$94K Business Email Compromise Goes Unnoticed, then Unreported

One might think that a large wire transfer from a state office would be quickly noticed. But not necessarily.  Read more…

Phishing Attacks Make Mortgage Wire Fraud Easier

The stress of obtaining a mortgage has just gotten worse, thanks to cybercriminals trying to con you out of your money.  Read more…

What is Angler Phishing and How Do I Avoid Becoming a Victim?

In an ongoing campaign to clean up their massive hack Experian came out with this useful post: Read more…

Cyber Security News: Insurance Expert: “Bad Guys Do More Damage Than They Used To”

The ransomware plague is not letting up and rapidly getting more technically sophisticated. New strains are popping up every month, using innovative methods to spread. Worse, the ransom demands themselves are skyrocketing at the same time. Read more …

Watch Out for World Cup Soccer Phishing Scams

The 2018 FIFA World Cup has drawn a worldwide audience. It’s also attracted phishing scams using event tickets as bait.  Read more…

Sophisticated Phishing Scam Targeting Apple Users

This sophisticated phishing scam targets Apple users, threatening them with account suspension.  Read more…

 

Major Uptick in Mobile Phishing URL Click Rate

In a study of Lookout users, more than half clicked mobile phishing URLs that bypassed existing security controls. Since 2011, Lookout has observed this mobile phishing URL click rate increase 85 percent year-over-year.  Read more…

 

Insurance Claims Plan Doesn't Cover Cyber Losses

Daniel R. Stoller at Bloomberg Law had an excellent observation about the risks of phishing related to general crime policies.

Here is a short excerpt and the whole article is warmly recommended  Read more…

 

Phishing Attack Uses GDPR as Bait

There is yet another email scam you need to watch out for. New European data privacy regulation is going into effect May 25th. It’s called General Data Protection Regulation (GDPR) and bad guys are using it as bait, claiming you’re not compliant and you are violating this new regulation.  Read more

Poll: What Security Measures Are Most Effective In Fighting Ransomware?

The Spiceworks staff wrote:  “Years after CryptoLocker raised its ugly head — setting off an unfortunate security trend — ransomware continues to be a rather painful thorn in the side of IT professionals and organizations around the world.” Read more…

Clever Gmail Phishing Scam You Need to Know About

There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account. Read more…

New Guidance on Ransomware for Healthcare and Government Organizations

HHS’ Healthcare Cybersecurity and Communications Integration Center released a report March 30th on SamSam, an ongoing ransomware campaign that has targeted the healthcare and government sectors since 2016.  Read more…

Phishing Scam of the Week

This particular phish spoofs a campus-wide security alert for a community college (confidential information blocked out) in Florida.

Given that it appears to be tailored to a particular educational institution and its students and employees, it’s a good bet that other educational institutions could see similarly targeted phishing attacks. Read more…

SAM.gov Hackers Used Spear Phishing, Email Spoofing and Credential Theft

Cybercrooks who stole federal payments by hacking contractor accounts on a GSA website used sophisticated spear phishing techniques to steal login credentials and then diverted payments to bank accounts they controlled, an executive of a contractor targeted in the scam told FedScoop. Read more…

 

 

150 Million Under Armour MyFitnessPal Users Are Now Phishing Targets

Under Armour’s health- and fitness-tracking app, MyFitnessPal, has been hit by a data breach Read more…

 

A Really Difficult Phishing Scenario That's Very Hard to Beat

Over the past few months, there has been an increase of attacks that follow this 5-step pattern and are very hard to beat Read more…

 

Scam of the Week: FBI Warns of Spike in W2 Phishing

The FBI has joined the IRS in warning that W2 tax form phishing is on the rise.

The US tax filing deadline is now less than a month-and-a-half away, and tax-themed phishing is trending up. Compromised or spoofed emails alleging to be from a company executive are received by the human resources department. Those emails request W2 information.  Read more….

Which Phishing Messages Have a Near 100% Click Rate?

“Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease,” said Zeljka Zorz at Help Net Security. Zeljka had a great summary of Wombat’s latest State of the Phish report. Read more

Scam of the Week: Recent Florida Parkland School Shooting Charity Fraud

Cyber criminals are trying to benefit from the Florida Parkland school shootings. They are sending out phishing campaigns with topics and hashtags like Parkland, guncontrolnow, read more….

2018 Winter Olympics Phishing Campaign Hides Evil PowerShell Script In Image

According to researchers at McAfee, a new malware campaign is targeting organizations associated with the upcoming 2018 Winter Olympics in Pyeongchang, South Korea. Read more…

 

Scam of the Week: Wave of Payroll Direct Deposit Phishing Attacks

This Scam of the Week covers a new Direct Deposit phishing scam that is affecting employers nationwide without regard to their payroll portals or payroll service providers. Read more…

 

Scam of the Week: The Most Sophisticated Netflix Phishing

This Scam of the Week covers a phishing campaign that hijacked the Netflix brand. This phish tries to trick you into handing over your login details, your credit card data, and your photo ID. Read more…

 

Scam of the Week: Fake Meltdown and Spectre Patch Phishing Emails

You may be aware of the warnings and advisories that were recently discovered that practically all computer systems worldwide have a hardware bug called “Meltdown and Spectre.” Read more

 

Scam of the Week: New Massive Data Breach Poses Major Threat

Companies You’ve Never Heard of are Exposing Your Personal Data

Earlier this week, an analyst from the security firm Upguard shared that Alteryx had not properly protected detailed information it had collected on 123 million U.S. households.  Read more…

 

Scam of the Week Blends CEO Fraud and W-2 Phishing

A new “urgent alert” has been issued by the U.S. Internal Revenue Service, that internet criminals have combined CEO Fraud and W-2 phishing to target a much wider range of organizations than ever before.  Read more…

 

Scam of the Week: "Phishers Target PayPal Users"

Phishers Target PayPal Users With Fake “Failed Transaction” Emails

Scammers are pushing out fake PayPal emails that use the premise of an unverified transaction to phish for customers’ personal and financial information.  Read more….

Scam of the Week: "The Uber Hack"

Uber Total Loss: 57 Million Records Stolen But Data Breach Was Hidden For A Year

Uber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes . Read more…

 

Scam of the Week: "Cyber Monday is Scammer Heaven"

The majority of consumers are aware of online phishing scams, but still may fall victim this cyber Monday… DomainTools, a leader in domain name and DNS-based cyber threat intelligence, released the findings of their 2017 Cyber Monday Phishing Survey this week.  Read more…