Phishing Awareness


The Holidays are Coming Which Means Holiday Phishing Emails are Coming too

The Holidays are Coming Which Means Holiday Phishing Emails are Coming too

It’s that time of the year. Time for a special brand of phishing emails: holiday-themed emails.

Who doesn’t like receiving a discount code from their favourite retailer in an email promotion around the holidays? Or, a holiday e-card from a co-worker? Or, a shipping notification from UPS saying that a package is on the way? Everyone loves getting these types of emails around the holidays and hackers know it. Which is why they use these types of emails to phish you. And by all accounts, they’re planning on doing it even more this holiday season. So, you better be ready.

Continue reading “The Holidays are Coming Which Means Holiday Phishing Emails are Coming too” »

In Honor of Cybersecurity Awareness Month, Here’s the Only Fact You Need to Know

In Honor of Cybersecurity Awareness Month, Here’s the Only Fact You Need to Know

Two ways to penetrate a network

Cybersecurity is about keeping the bad guys out of your network. Whether it’s your home network or the one at work, once the bad guys get in, they can wreak all kinds of havoc. The good news, if you can call it that, is there’s really only two ways to penetrate any network: exploit equipment or exploit people. If you can stop both of these, you can keep your network safe.

Continue reading “In Honor of Cybersecurity Awareness Month, Here’s the Only Fact You Need to Know” »

Stop! Don’t Watch That Video

Stop! Don’t Watch That Video

If one of your Facebook friends sent you an email that said “Is this you?” with a link to a video, would you click on it to see if it’s you? If so, there’s a good chance you’re going to get phished, because you just fell for the newest Facebook phishing scam.

According to the Better Business Bureau, “There’s a phishing scam making the rounds. If you’re a victim, you receive a message from someone you know and trust, one of your friends and family members. The message expresses they were surprised to have seen you in a video and contains a web address that’s supposed to lead you to it. You’re not in the video.” The twist here is the bad guys are using Facebook Messenger to deliver their payload.

Continue reading “Stop! Don’t Watch That Video” »

The Real Purpose to Phishing Awareness Training: Paranoia

The Real Purpose to Phishing Awareness Training: Paranoia

It’s big business today. Training employees to defend themselves (and their organization) from phishing emails. And there’s a good reason for that. Phishing is big business.

It’s estimated that the average cost of a spear phishing attack is $1.6 million. So, no matter what a company spends to train its employees, if it keeps them from getting phished, it’s probably a good investment.

Continue reading “The Real Purpose to Phishing Awareness Training: Paranoia” »

Phishing Scams Don’t Always Arrive by Email

Phishing Scams Don’t Always Arrive by Email

When you hear the word phishing, you probably think of email. And that’s exactly what the scammers want you to think so you won’t pay attention to their latest delivery mechanism: voicemail.

Phishing is generally an email that looks real, but isn’t, in an effort to get you to do something you shouldn’t. Now, fraudsters are using deepfake technology to generate audio that sounds real, but isn’t, in an effort to get you to something you shouldn’t. And that’s exactly what scammers did to the CEO of a German energy company.

Continue reading “Phishing Scams Don’t Always Arrive by Email” »

A Big Part of the Phishing Problem is You

A Big Part of the Phishing Problem is You

The days of a hacker sitting alone at their computer screen in a dark room probing for network vulnerabilities is a thing of the past. That’s too much work. To penetrate networks today, hackers almost always enlist the help of an inside accomplice: you.

What hackers have discovered over the years is that it’s much easier to get unsuspecting humans to help them in their endeavour. This was confirmed by research and published in Proofpoint’s Human Factors Report 2019. From the report, “Over 99% of emails distributing malware required human intervention—following links, opening documents, accepting security warnings, and other behaviors—for them to be effective.”

Continue reading “A Big Part of the Phishing Problem is You” »

How to Stop Spam From Ending Up in Google Calendar

How to Stop Spam From Ending Up in Google Calendar

A lot of people use a web-based calendar to track all of their comings and goings. It makes sense. A web-based calendar is a smart way to make sure you have access to your calendar no matter where you are. And one of the most popular calendars in use today is Google Calendar. But, I’ll bet you didn’t realize that Google Calendar can be a giant repository for spam.

Continue reading “How to Stop Spam From Ending Up in Google Calendar” »

The Privacy Tool Used to Phish You

The Privacy Tool Used to Phish You

With email security, it’s a never ending cycle of attacks and counterattacks. Whenever the bad guys come up with some clever new way to scam people, the good guys eventually figure out a way to combat it. If only that were the end of the story.

Unfortunately, it really is a never ending cycle. So, whenever the good guys come up with a counter move, the bad guys immediately jump on it and figure out some way to use that counter move in their next scam. Such is the case with two factor authentication (2FA).

Continue reading “The Privacy Tool Used to Phish You” »

When is a 404 Error Page not an Error Page? When it’s a Phishing Page!

When is a 404 Error Page not an Error Page? When it’s a Phishing Page!

If you’ve been on the Internet, then you’ve run into a 404 error page. According to Lifewire, “a 404 error is an HTTP status code that means that the page you were trying to reach on a website couldn’t be found on their server. To be clear, the 404 error indicates that while the server itself is reachable, the specific page showing the error is not.” The server’s there but the page isn’t.

Continue reading “When is a 404 Error Page not an Error Page? When it’s a Phishing Page!” »

Seriously—Now a Phishing Attack Can Make You Deaf

Seriously—Now a Phishing Attack Can Make You Deaf

There used to be a time when the worst thing that could happen to you from a phishing attack was a financial loss. Maybe the hackers stole your credentials, got a credit card in your name and went on a shopping spree. Or, maybe they used ransomware to encrypt your hard drive and insisted on some Bitcoins before you could get your data back. At least there was no threat of bodily harm. Until now.

Continue reading “Seriously—Now a Phishing Attack Can Make You Deaf” »

What to do If You’re Hit by Ransomware – Part 2

What to do If You’re Hit by Ransomware – Part 2

As we mentioned in Part 1, when it comes to dealing with ransomware, you basically have three choices: pay it, don’t pay it or avoid it in the first place by deploying anti-phishing software.

Naturally, here at Phish Protection we think you should be proactive and use our inexpensive and easy-to-deploy cloud-based phishing protection with Advanced Threat Defense to avoid it in the first place. But, what if it’s too late? What if you’ve already been hit by ransomware?

Continue reading “What to do If You’re Hit by Ransomware – Part 2” »

Protection From Phishing: A Growing Threat In Today’s Information Age

Protection From Phishing: A Growing Threat In Today’s Information Age

The rapid transformation of the cyberspace and digital technologies in recent times have necessitated changes in an enterprise’s digital architecture. Adversaries these days make use of highly sophisticated techniques and advanced digital platforms to attack enterprises and individuals. One of these techniques employed by cybercriminals is ‘Phishing.’

Phishing is a type of online fraud, which makes use of deceptive e-mails, website, or pop-up ads. It involves a technique known as social engineering which consists of throwing a bait towards the intended victim (usual employees of an organization) and luring them to reveal his private information or user credentials. This information can further be used to compromise the financial assets and data of the organization.

Continue reading “Protection From Phishing: A Growing Threat In Today’s Information Age” »

What to do If You’re Hit by Ransomware

What to do If You’re Hit by Ransomware

There’s much debate going on today about what to do if your organization gets hit by ransomware. There’s really only two choices: pay it or don’t. And which side you come down on says a lot about your big picture perspective.

Recently, U.S. Mayors, at their yearly conference, which represents over 1,400 mayors from U.S. cities with over 30,000 people, adopted a resolution not to give in to ransomware demands. Of course the mayors “admitted that ransomware attacks can result in the loss of millions of dollars and months of work to repair damage, but highlighted that paying the attackers only ‘encourages continued attacks on other government systems, as perpetrators financially benefit.'”

Continue reading “What to do If You’re Hit by Ransomware” »

Phishing Attacks Depend Heavily on New Top Level Domains

Phishing Attacks Depend Heavily on New Top Level Domains

When the Internet first began, there were just a handful of top-level domains in use. Top-level domains (TLD) are the letters that come after the “dot” in the URL. Examples include .com, .org and .net.

One of the most-used phishing tactics is domain name spoofing. Domain name spoofing occurs when an attacker uses a domain, that at first glance, looks legitimate, but isn’t because the attacker substituted one or two letters in the domain.

Continue reading “Phishing Attacks Depend Heavily on New Top Level Domains” »

A Really Dumb Way to Protect Yourself from Phishing Attacks

A Really Dumb Way to Protect Yourself from Phishing Attacks

I have to admit, what I’m about to share with you will save you a few bucks.

There are a lot of ways to protect yourself from phishing attacks. There’s awareness training, endpoint security and real-time, cloud-based link scanning, to name a few. The problem with all of these is that they cost money. Not a lot of money, but money nonetheless.

Continue reading “A Really Dumb Way to Protect Yourself from Phishing Attacks” »

This Fall Season, Beware of Phishing Attacks

This Fall Season, Beware of Phishing Attacks

As the holiday season approaches and shoppers plan to spend more on online purchases buying toys, gifts, clothes, etc. for the loved ones, the Cyber criminals become more active during this time of the season trying to lure the online buyers into stealing their banking and credit card information. According to various reports published, October month is dangerous for organizations as attackers come out of their cave in search of prey. Email addresses, phone numbers, account numbers, and login credentials, are all akin to gold for the hackers. It has been proven by the reports that phishing is the top attack vector in multi-vector attacks.

Continue reading “This Fall Season, Beware of Phishing Attacks” »

Biggest Phishing Attack Risk: It Can’t Happen to Me

Biggest Phishing Attack Risk: It Can’t Happen to Me

Some people just refuse to put the seatbelt on when they get in their car. An act that takes about two seconds. It’s a lot of protection—perhaps lifesaving—for a little bit of time and effort. And it’s not like they’re unaware of seatbelts or the protection they provide. I guess they just assume that when it comes to getting into a wreck, it can’t happen to them.

Continue reading “Biggest Phishing Attack Risk: It Can’t Happen to Me” »

How Using Anti-Phishing Email Templates to Train Your Employees Can Help Avoid Phishing Attacks

How Using Anti-Phishing Email Templates to Train Your Employees Can Help Avoid Phishing Attacks

Phishing is among the most common types of cyber-attacks that take place these days and is preferred by cyber-criminals for stealing sensitive and confidential user data. Such data may include valuable personal information such as login credentials, credit card details etc. which can cause severe personal or financial damage if it falls in the wrong hands.

Continue reading “How Using Anti-Phishing Email Templates to Train Your Employees Can Help Avoid Phishing Attacks” »

Latest Phishing Vulnerability Confirms Awareness Training is Insufficient

Latest Phishing Vulnerability Confirms Awareness Training is Insufficient

Phishing prevention that primarily depends on awareness training is doomed to fail. That’s the implication of the latest research conducted at Ruhr University Bochum and Münster University of Applied Sciences

A team of researchers discovered several vulnerabilities in two technologies used for email authentication and verification: OpenPGP and S/MIME. The vulnerabilities could allow attackers to spoof signatures on over a dozen popular email clients including Microsoft Outlook and Apple Mail. Continue reading “Latest Phishing Vulnerability Confirms Awareness Training is Insufficient” »

Inception the Movie is Now an Undetectable Phishing Method

Inception the Movie is Now an Undetectable Phishing Method

Cyber expert James Fisher discovered a new phishing method he calls the “inception bar.” He named it after the movie Inception, and just like the movie, the phishing method traps you in a fake reality. You can see an example of how it works on his website.

He discovered the exploit in Chrome for mobile, confirming what we already know: mobile is the number one threat target going forward.

Continue reading “Inception the Movie is Now an Undetectable Phishing Method” »

Get Free Access to Phishing Protection Best Practices

  • Learn why hosted solutions like Office 365 are vulnerable to phishing.
  • Discover why you must protect both your employees AND your customers.
  • Read why checking reputation databases once a day is a waste of time.
  • Learn what real-time website scanning should look for.
  • Get strategies for saving time and money on email protection.

Sign Up Below... and Get Instant Access to the Report