A lot of people use a web-based calendar to track all of their comings and goings. It makes sense. A web-based calendar is a smart way to make sure you have access to your calendar no matter where you are. And one of the most popular calendars in use today is Google Calendar. But, I’ll bet you didn’t realize that Google Calendar can be a giant repository for spam.
With email security, it’s a never ending cycle of attacks and counterattacks. Whenever the bad guys come up with some clever new way to scam people, the good guys eventually figure out a way to combat it. If only that were the end of the story.
Unfortunately, it really is a never ending cycle. So, whenever the good guys come up with a counter move, the bad guys immediately jump on it and figure out some way to use that counter move in their next scam. Such is the case with two factor authentication (2FA).
If you’ve been on the Internet, then you’ve run into a 404 error page. According to Lifewire, “a 404 error is an HTTP status code that means that the page you were trying to reach on a website couldn’t be found on their server. To be clear, the 404 error indicates that while the server itself is reachable, the specific page showing the error is not.” The server’s there but the page isn’t.
There used to be a time when the worst thing that could happen to you from a phishing attack was a financial loss. Maybe the hackers stole your credentials, got a credit card in your name and went on a shopping spree. Or, maybe they used ransomware to encrypt your hard drive and insisted on some Bitcoins before you could get your data back. At least there was no threat of bodily harm. Until now.
As we mentioned in Part 1, when it comes to dealing with ransomware, you basically have three choices: pay it, don’t pay it or avoid it in the first place by deploying anti-phishing software.
Naturally, here at Phish Protection we think you should be proactive and use our inexpensive and easy-to-deploy cloud-based phishing protection with Advanced Threat Defense to avoid it in the first place. But, what if it’s too late? What if you’ve already been hit by ransomware?
The rapid transformation of the cyberspace and digital technologies in recent times have necessitated changes in an enterprise’s digital architecture. Adversaries these days make use of highly sophisticated techniques and advanced digital platforms to attack enterprises and individuals. One of these techniques employed by cybercriminals is ‘Phishing.’
Phishing is a type of online fraud, which makes use of deceptive e-mails, website, or pop-up ads. It involves a technique known as social engineering which consists of throwing a bait towards the intended victim (usual employees of an organization) and luring them to reveal his private information or user credentials. This information can further be used to compromise the financial assets and data of the organization.
There’s much debate going on today about what to do if your organization gets hit by ransomware. There’s really only two choices: pay it or don’t. And which side you come down on says a lot about your big picture perspective.
Recently, U.S. Mayors, at their yearly conference, which represents over 1,400 mayors from U.S. cities with over 30,000 people, adopted a resolution not to give in to ransomware demands. Of course the mayors “admitted that ransomware attacks can result in the loss of millions of dollars and months of work to repair damage, but highlighted that paying the attackers only ‘encourages continued attacks on other government systems, as perpetrators financially benefit.'”
When the Internet first began, there were just a handful of top-level domains in use. Top-level domains (TLD) are the letters that come after the “dot” in the URL. Examples include .com, .org and .net.
One of the most-used phishing tactics is domain name spoofing. Domain name spoofing occurs when an attacker uses a domain, that at first glance, looks legitimate, but isn’t because the attacker substituted one or two letters in the domain.
I have to admit, what I’m about to share with you will save you a few bucks.
There are a lot of ways to protect yourself from phishing attacks. There’s awareness training, endpoint security and real-time, cloud-based link scanning, to name a few. The problem with all of these is that they cost money. Not a lot of money, but money nonetheless.
As the holiday season approaches and shoppers plan to spend more on online purchases buying toys, gifts, clothes, etc. for the loved ones, the Cyber criminals become more active during this time of the season trying to lure the online buyers into stealing their banking and credit card information. According to various reports published, October month is dangerous for organizations as attackers come out of their cave in search of prey. Email addresses, phone numbers, account numbers, and login credentials, are all akin to gold for the hackers. It has been proven by the reports that phishing is the top attack vector in multi-vector attacks.
Some people just refuse to put the seatbelt on when they get in their car. An act that takes about two seconds. It’s a lot of protection—perhaps lifesaving—for a little bit of time and effort. And it’s not like they’re unaware of seatbelts or the protection they provide. I guess they just assume that when it comes to getting into a wreck, it can’t happen to them.
Phishing is among the most common types of cyber-attacks that take place these days and is preferred by cyber-criminals for stealing sensitive and confidential user data. Such data may include valuable personal information such as login credentials, credit card details etc. which can cause severe personal or financial damage if it falls in the wrong hands.
Phishing prevention that primarily depends on awareness training is doomed to fail. That’s the implication of the latest research conducted at Ruhr University Bochum and Münster University of Applied Sciences
A team of researchers discovered several vulnerabilities in two technologies used for email authentication and verification: OpenPGP and S/MIME. The vulnerabilities could allow attackers to spoof signatures on over a dozen popular email clients including Microsoft Outlook and Apple Mail. Continue reading “Latest Phishing Vulnerability Confirms Awareness Training is Insufficient” »
Cyber expert James Fisher discovered a new phishing method he calls the “inception bar.” He named it after the movie Inception, and just like the movie, the phishing method traps you in a fake reality. You can see an example of how it works on his website.
He discovered the exploit in Chrome for mobile, confirming what we already know: mobile is the number one threat target going forward.
Phish protection technology is needed more than ever for fans of the wildly popular TV show Game of Thrones. Scammers are out there with official-looking websites trying to steal everything from personal information to credit card numbers. According to Checkpoint Research, “The fraudulent websites exploit the popularity of the brand to display ads, Continue reading “When it Comes to Getting Phished, Game of Thrones is no Fantasy” »
Willie Sutton had a famous response when asked why he robbed banks: “Because that’s where the money is.” Hackers seem to be following Willie’s advice. When it comes to phishing attacks, hackers go where the people are. And as Instagram catches up in popularity to Facebook, it’s become the go-to destination for hackers looking to exploit victims via phishing attacks.
You might think that the worst thing you can do with a phishing email is to click on the malicious link embedded within. You’d be wrong. There’s something worse, much worse. What’s that? How about forwarding the email to other employees, lots of them?
A recent article on security website SC Magazine details all the bad things employees do with suspicious emails. As things turn out it’s not uncommon for employees to forward Continue reading “The Only Thing Worse Than Clicking on a Malicious Link in a Phishing Email” »
If you run a small or midsize business (SMB) and you’re concerned with phishing protection, there was a lot to read in the news last week. Let’s get the bad news out of the way.
According to an article on Security Week website, Karl Racine, attorney general for the District of Columbia introduced a new bill, the Security Breach Protection Amendment Act of 2019. The bill expands the types of information companies are held accountable for.
The bad news for Evaldas Rimasauskas of Lithuania is he’s facing up to 30 years in prison for scamming Facebook and Google out of $122 million. The good news is that he only has to pay restitution of about $50million. It’s not clear what’s happened to the other $73m, according to an article on BoingBoing. So, when he gets out, he’s going to be a very rich man.
If you get hit with a phishing attack today, most likely it will be your mobile device. That’s because mobile is where hackers are spending their creative energy.
According to an article on Hacker News this week, a new phishing attack was uncovered that is “based on the idea that a malicious web page could mimic [the] look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers.”