If one of your Facebook friends sent you an email that said “Is this you?” with a link to a video, would you click on it to see if it’s you? If so, there’s a good chance you’re going to get phished, because you just fell for the newest Facebook phishing scam.
According to theBetter Business Bureau, “There’s a phishing scam making the rounds. If you’re a victim, you receive a message from someone you know and trust, one of your friends and family members. The message expresses they were surprised to have seen you in a video and contains a web address that’s supposed to lead you to it. You’re not in the video.” The twist here is the bad guys are using Facebook Messenger to deliver their payload.
It’s big business today. Training employees to defend themselves (and their organization) from phishing emails. And there’s a good reason for that. Phishing is big business.
It’s estimated that the average cost of a spear phishing attack is $1.6 million. So, no matter what a company spends to train its employees, if it keeps them from getting phished, it’s probably a good investment.
When you hear the word phishing, you probably think of email. And that’s exactly what the scammers want you to think so you won’t pay attention to their latest delivery mechanism: voicemail.
Phishing is generally an email that looks real, but isn’t, in an effort to get you to do something you shouldn’t. Now, fraudsters are using deepfake technology to generate audio that sounds real, but isn’t, in an effort to get you to something you shouldn’t. And that’s exactly what scammers did to the CEO of a German energy company.
The days of a hacker sitting alone at their computer screen in a dark room probing for network vulnerabilities is a thing of the past. That’s too much work. To penetrate networks today, hackers almost always enlist the help of an inside accomplice: you.
What hackers have discovered over the years is that it’s much easier to get unsuspecting humans to help them in their endeavour. This was confirmed by research and published in Proofpoint’s Human Factors Report 2019. From the report, “Over 99% of emails distributing malware required human intervention—following links, opening documents, accepting security warnings, and other behaviors—for them to be effective.”
A lot of people use a web-based calendar to track all of their comings and goings. It makes sense. A web-based calendar is a smart way to make sure you have access to your calendar no matter where you are. And one of the most popular calendars in use today is Google Calendar. But, I’ll bet you didn’t realize that Google Calendar can be a giant repository for spam.
With email security, it’s a never ending cycle of attacks and counterattacks. Whenever the bad guys come up with some clever new way to scam people, the good guys eventually figure out a way to combat it. If only that were the end of the story.
Unfortunately, it really is a never ending cycle. So, whenever the good guys come up with a counter move, the bad guys immediately jump on it and figure out some way to use that counter move in their next scam. Such is the case with two factor authentication (2FA).
If you’ve been on the Internet, then you’ve run into a 404 error page. According to Lifewire, “a 404 error is an HTTP status code that means that the page you were trying to reach on a website couldn’t be found on their server. To be clear, the 404 error indicates that while the server itself is reachable, the specific page showing the error is not.” The server’s there but the page isn’t.
There used to be a time when the worst thing that could happen to you from a phishing attack was a financial loss. Maybe the hackers stole your credentials, got a credit card in your name and went on a shopping spree. Or, maybe they used ransomware to encrypt your hard drive and insisted on some Bitcoins before you could get your data back. At least there was no threat of bodily harm. Until now.
As we mentioned in Part 1, when it comes to dealing with ransomware, you basically have three choices: pay it, don’t pay it or avoid it in the first place by deploying anti-phishing software.
Naturally, here at Phish Protection we think you should be proactive and use our inexpensive and easy-to-deploy cloud-based phishing protection with Advanced Threat Defense to avoid it in the first place. But, what if it’s too late? What if you’ve already been hit by ransomware?
The rapid transformation of the cyberspace and digital technologies in recent times have necessitated changes in an enterprise’s digital architecture. Adversaries these days make use of highly sophisticated techniques and advanced digital platforms to attack enterprises and individuals. One of these techniques employed by cybercriminals is ‘Phishing.’
Phishing is a type of online fraud, which makes use of deceptive e-mails, website, or pop-up ads. It involves a technique known as social engineering which consists of throwing a bait towards the intended victim (usual employees of an organization) and luring them to reveal his private information or user credentials. This information can further be used to compromise the financial assets and data of the organization.
There’s much debate going on today about what to do if your organization gets hit by ransomware. There’s really only two choices: pay it or don’t. And which side you come down on says a lot about your big picture perspective.
Recently, U.S. Mayors, at their yearly conference, which represents over 1,400 mayors from U.S. cities with over 30,000 people, adopted a resolution not to give in to ransomware demands. Of course the mayors “admitted that ransomware attacks can result in the loss of millions of dollars and months of work to repair damage, but highlighted that paying the attackers only ‘encourages continued attacks on other government systems, as perpetrators financially benefit.'”
When the Internet first began, there were just a handful of top-level domains in use. Top-level domains (TLD) are the letters that come after the “dot” in the URL. Examples include .com, .org and .net.
One of the most-used phishing tactics is domain name spoofing. Domain name spoofing occurs when an attacker uses a domain, that at first glance, looks legitimate, but isn’t because the attacker substituted one or two letters in the domain.
I have to admit, what I’m about to share with you will save you a few bucks.
There are a lot of ways to protect yourself from phishing attacks. There’s awareness training, endpoint security and real-time, cloud-based link scanning, to name a few. The problem with all of these is that they cost money. Not a lot of money, but money nonetheless.
As the holiday season approaches and shoppers plan to spend more on online purchases buying toys, gifts, clothes, etc. for the loved ones, the Cyber criminals become more active during this time of the season trying to lure the online buyers into stealing their banking and credit card information. According to various reports published, October month is dangerous for organizations as attackers come out of their cave in search of prey. Email addresses, phone numbers, account numbers, and login credentials, are all akin to gold for the hackers. It has been proven by the reports that phishing is the top attack vector in multi-vector attacks.
Some people just refuse to put the seatbelt on when they get in their car. An act that takes about two seconds. It’s a lot of protection—perhaps lifesaving—for a little bit of time and effort. And it’s not like they’re unaware of seatbelts or the protection they provide. I guess they just assume that when it comes to getting into a wreck, it can’t happen to them.
Phishing is among the most common types of cyber-attacks that take place these days and is preferred by cyber-criminals for stealing sensitive and confidential user data. Such data may include valuable personal information such as login credentials, credit card details etc. which can cause severe personal or financial damage if it falls in the wrong hands.
Phishing prevention that primarily depends on awareness training is doomed to fail. That’s the implication of the latest research conducted at Ruhr University Bochum and Münster University of Applied Sciences
Cyber expert James Fisher discovered a new phishing method he calls the “inception bar.” He named it after the movie Inception, and just like the movie, the phishing method traps you in a fake reality. You can see an example of how it works on his website.
He discovered the exploit in Chrome for mobile, confirming what we already know: mobile is the number one threat target going forward.
Willie Sutton had a famous response when asked why he robbed banks: “Because that’s where the money is.” Hackers seem to be following Willie’s advice. When it comes to phishing attacks, hackers go where the people are. And as Instagram catches up in popularity to Facebook, it’s become the go-to destination for hackers looking to exploit victims via phishing attacks.