Just detecting a phishing attack on a bank isn’t an extraordinary event. There are dozens of phishing attacks per week targeted at the major international banks. As phishing targets go, banks are just too enticing for hackers to ignore. And banks, for the most part, understand the threat and are prepared to deal with most attacks. Most!
If it’s in the news, it’s a phishing attack waiting to happen. First, it was the popularity of the show Game of Thrones. Then it was the new Star Wars sequel. More recently it was the fear of COVID-19. And now, in response to all the recent protests over police brutality, it’s the Black Lives Matter movement. Apparently, hackers get their ideas for phishing attacks from the news.
In the 21st century, enterprises are facing a severe threat from people they have not met, and may never meet. Digitalization means the bad guys no longer have to be present at the site of their crimes. As a result, tight security at the office premises and money kept in the safe are not enough insurance against cyber thieves.
Hackers are always trying different ways to get you to let your guard down. In that endeavor, they try to leverage the current state of affairs to craft their phishing attack. For instance, today many people are working from home who normally wouldn’t be. Hackers use that information to launch their phishing attack, like the one supposedly delivering a new VPN configuration.
Workers suddenly finding themselves working remotely are extremely vulnerable to phishing attacks. This is due to a unique combination of two factors that amplify the problem: bigger target and poorer security behavior.
The first factor making remote workers move vulnerable is that hackers are going after them more vigorously now that they’re working remotely. This is especially true of hackers leveraging the Google brand. According to an article on National Cybersecurity News, “Remote workers are being ‘bombarded’ with Google-branded spear phishing attacks. This is according to a new report from Barracuda Networks, which claims that in the first four months of the year, almost two thirds of spear phishing attacks that impersonated big name brands were Google-themed.”
With the growing dependence on technology in today’s digital world, phishing attacks are also evolving by each passing the day. For those who refuse to accept this claim, we have broken down the 2019 version of the Phishing and Fraud statistics, to prove that, so far, phishing has been the most extensive cyber threat to every large or small enterprise.
COVID-19 has been a goldrush for hackers looking to exploit the epidemic. Almost every aspect of what’s unfolded has presented hackers with new and creative ways to phish you.
People are fearful, they’re working from home and under a lot of stress. That makes for a perfect target for hackers. Here are the top eight ways hackers are using the pandemic to phish you. It would be nice if these were the only eight. They’re not – there’s more.
As we’ve written about many times before, Microsoft Office 365’s native security does not do a very good job of protecting you from phishing attacks which makes Office 365 extremely vulnerable to them. Now comes news of a targeted email phishing attack specifically designed to bypass the already vulnerable Office 365 security.
“The attack is a variant of ‘PerSwaysion’, a recent spate of credential phishing attacks that utilize compromised accounts and leverage Microsoft file-sharing services to lull victims into a false sense of security.”
One of the challenges to stopping phishing attacks is that hackers used to be really nimble. They would use a new domain for each phishing attack, often keeping it active for only a few hours before retiring it forever. This fleet footedness enabled the hackers to do their dirty work before word got out about the malicious website. That situation seems to be changing.
You’ve seen reCAPTCHA. It’s the image verification software that asks you to click on the cars or the crosswalks to verify you’re a human being and not a bot. It’s a service now owned by Google.
Seeing reCAPTCHA software on a website probably gives most people a sense of security. Afterall, the website is protecting itself from malicious activity with the software. And that’s exactly why hackers have started using reCAPTCHA to launch phishing attacks. Because it gets you to let your guard down.
If you’ve been paying attention, you know that the Zoom video conferencing service has been in the news a lot recently as a prime target for phishing attacks. This is the result of more people working from home due to COVID-19. Thousands of potential phishing sites have been created to target Zoom users as its usage has soared.
With all the headlines, you might get the idea that Zoom is the only video conferencing service being targeted by hackers. Unfortunately, hackers are more ambitious than that. Other popular services, including WebEx and Skype, are also under attack.
According to an article on Help Net Security, “Not only are attackers using video conferencing brands as a lure for malware, but they’re using it for credential phishing, in particular to steal Zoom and WebEx credentials.”
In the case of WebEx (a Cisco company), “The fake emails purportedly coming from Cisco are a mishmash of unconnected visual elements and subject lines that command attention (e.g., “Critical Update!” or “Alert!”).”
Skype is in the same boat as WebEx. According to Threat Post, “Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look ‘eerily similar’ to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can be checked by clicking a Review button.”
While not in the headlines yet, it’s only a matter of time before other video conferencing services like GoToMeeting, Microsoft Teams and Google Hangouts are the target of phishing attacks. The bottom line is, employees working from home are outside the protective boundary of the company’s network and are therefore more vulnerable to these types of phishing attacks.
What’s needed now, more than ever, is the ability to protect employees from phishing attacks who are working from home. To do that requires cloud-based email security so that emails destined for employees at their home office can be screened before they ever hit the inbox. What’s needed is email security like that available from Phish Protection.
Phish Protection is cloud-based email security with real-time link click protection, which protects against the most sophisticated type of attack: time-delayed phishing attack. Phish Protection sets up in 10 minutes by making a simple change to a DNS entry. That means you can protect a thousand employees working in a thousand different homes in about 10 minutes. And Phish Protection only costs pennies per employee per month with no hardware or software to buy.
COVID-19 will eventually go away but hackers won’t. Protect your employees today. Try Phish Protection free for 60 days.
In business today we use software in almost everything we do. What’s proven to be especially useful is web-based software or software-as-a-service (SaaS). It would be almost impossible to find someone in business who isn’t using at least some SaaS tools. From email (Gmail) to communication (Skype) to file sharing (Dropbox), SaaS tools have become a staple of office productivity.
COVID-19 is certainly grabbing the majority share of the headlines today. And why not? Afterall, it is a worldwide pandemic.
If you’ve been paying attention, you’ll also notice COVID-19 is responsible for a majority of the phishing email headlines. And why not? Afterall, hackers tend to “follow the news,” so it’s not surprising the dramatic increase in coronavirus-themed phishing emails.
The world is starting to wake up to the onslaught of coronavirus-themed phishing emails. According to Check Point, “Since January 2020, there have been over 4,000 coronavirus-related domains registered globally. Coronavirus-related domains are 50% more likely to be malicious than other domains registered at the same period.”
One of the fastest-growing security threats today is coronavirus-based phishing scams. Here, scammers use people’s fear of the virus to get them to do something they shouldn’t.
According to an article on TechRepublic, “There has been a steady increase in the number of coronavirus COVID-19-related email attacks since January, according to security firm Barracuda Networks, but researchers have observed a recent spike in this type of attack, up a whopping 667% since the end of February. Skilled attackers are good at leveraging emotions to elicit response to their phishing attempts.”
By now, everyone has heard of COVID-19, the coronavirus rapidly spreading across the globe. In response to this fast-moving coronavirus, the international medical community has come up with a pretty simple, but effective way to stop it: quarantine. In other words, isolate yourself to keep from getting infected. And it seems to be working.
As hard as it may be to believe, there may actually be something spreading even faster than COVID-19. Coronavirus-themed scams and phishing attacks. And it’s only going to get worse because more people are working from home where they have even less protection from these threats than they do at work.
Whenever someone develops technology to help people, you can be sure that eventually, hackers will figure out some way to use that same technology to phish people. Such is the case now with customer service chatbots.
Customer service chatbots are software-driven instant messaging apps which are designed to convince you that you are having a conversation with a real person. They are frequently found on ecommerce websites as a first line of customer support.
It’s easy to assume that someone who is rich and famous is also tech savvy, but that’s not always the case. Take for example the news this week that Shark Tank star Barbara Corcoran lost almost $400,000 in a phishing scam.
According to an article in People Magazine, “The incident unfolded last week when Barbara’s bookkeeper received an email about an invoice ‘approving the payment for a real estate renovation.'”
When you think about phishing attacks, most people think the ultimate goal is to get the victim’s credentials and use them to possibly impersonate them or steal their money. And mostly, that’s true. We hardly ever think that the ultimate target of a phishing attack might be an inanimate object. But more and more it’s becoming the case. And it’s getting pretty frightening.
Since mobile devices are essentially computers, it didn’t take long to figure out they needed to be protected like computers. That’s especially true given how frequently users download apps from the app store onto their mobile devices.
One example of mobile protection is Google Play Protect. Google Play Protect is Google’s built-in malware protection for Android devices. When you download an app from the Google Playstore, Google Play Protect automatically scans your device and makes sure your apps and everything else are safe. Sounds pretty good.