Phishing


The Phishing Attack You Knew Was Bound to Happen

The Phishing Attack You Knew Was Bound to Happen

When it comes to preventing phishing attacks, companies are often torn between how to spend their security dollars. The choice they make is usually between two options: employee awareness training and email security hardware/software. The first choice assumes your employees can protect you from phishing attacks if only they can be taught to spot them. The second choice assumes there’s not enough training in the world for you employees to stop every phishing attack—it’s better to leave that to technology.

Continue reading “The Phishing Attack You Knew Was Bound to Happen” »

Here Come the Election-Related Phishing Attacks

Here Come the Election-Related Phishing Attacks

If it’s time for a big election, you can be sure the scammers will take advantage of that in the next round of phishing attacks. But, election-related phishing attacks may not target who you think. Rather than go after voters, who aren’t accustomed to having to provide credentials in response to an election-related email, the hackers “target political parties and campaigns, think tanks, civic organizations, and associated individuals,” according to CISA (Cybersecurity & Infrastructure Security Agency), a U.S. federal agency responsible for the nation’s cyber infrastructure and readiness, which issued the warning.

Continue reading “Here Come the Election-Related Phishing Attacks” »

The Surprising Facts Behind Brand Impersonation Attacks

The Surprising Facts Behind Brand Impersonation Attacks

As far as phishing attacks go, brand impersonation is the go-to tactic for attackers. This is especially true for credential phishing and business email compromise attacks (BEC). And according to a recent analysis, there are some pretty surprising discoveries regarding brand impersonation.

For starters, is the top 10 list of most phished brands. Many are recognizable like Microsoft, Google, PayPal and NetFlix. But there were also some lower profile organizations that surprisingly made the top 10 list including Maersk, DHL and WeTransfer. Not exactly household names.

Continue reading “The Surprising Facts Behind Brand Impersonation Attacks” »

Phishing Attacks are no Longer Just Malicious Links in Emails

Phishing Attacks are no Longer Just Malicious Links in Emails

Combating phishing attacks used to be just a matter of not clicking on malicious links in an email. If you could spot the suspect link in an email, and didn’t click it, you were pretty much guaranteed to be safe. Not anymore. Oh sure, hackers still want you to click on a malicious link, but their techniques for disguising them is nothing short of remarkable.

Continue reading “Phishing Attacks are no Longer Just Malicious Links in Emails” »

Is There Something Worse Than Getting a Layoff Notice?

Is There Something Worse Than Getting a Layoff Notice?

There are two really scary aspects to getting a layoff notice. First, of course, is that you’re being laid off, which stinks. The other is that it almost always comes without warning and catches you off guard. When you get the notice, your heart starts racing, you may even panic a little. The last thing you’re prepared to do is to identify the email as a phishing scam. And that’s exactly what the scammers are counting on.

Continue reading “Is There Something Worse Than Getting a Layoff Notice?” »

If These Guys Can Get Phished Anyone Can

If These Guys Can Get Phished Anyone Can

Who would you expect to be the last organization taken in by a phishing attack? How about the “largest source for information security training and security certification in the world?” That’s right. The SANS Institute, around since 1989, training more than 165,000 security professionals around the world, was just breached as the result of a phishing attack.

Continue reading “If These Guys Can Get Phished Anyone Can” »

It Doesn’t Take Long for a Phishing Attack to do its Damage

It Doesn’t Take Long for a Phishing Attack to do its Damage

Given how widespread phishing attacks are, you might think that not only are there a lot of phishing attacks, but that each one lasts a long time. While it’s true that there are a lot of phishing attacks, most phishing attacks do their damage in a really short time.

Research conducted by USENIX recently examined 4.8 million victims who visited phishing pages in a one-year period. And what was the average time of an attack measured by the researchers? “[F]rom the time they first come online, to email distribution, to visitor traffic, to ecosystem detection, and finally to account compromise, we find the average campaign from start to the last victim takes just 21 hours.” Twenty-one hours! It’s over in less than a day.

Continue reading “It Doesn’t Take Long for a Phishing Attack to do its Damage” »

You’ll Never Guess What was Behind the Great Twitter Hack: Phishing

You’ll Never Guess What was Behind the Great Twitter Hack: Phishing

If you haven’t already heard, Twitter was hacked recently and some pretty high-profile people like Barack Obama and Elon Musk had their accounts compromised. When such a powerful tech company as Twitter gets taken like that, the first impulse is to assume it’s some band of sophisticated hackers or a rogue nation employing some leading-edge network penetration technology that does the damage. But in the case of Twitter, as with most high-profile attacks, nothing could be further from the truth.

Continue reading “You’ll Never Guess What was Behind the Great Twitter Hack: Phishing” »

When it Comes to Phishing You Can no Longer Trust Trusted Services

When it Comes to Phishing You Can no Longer Trust Trusted Services

At this point, it’s probably impossible to find a company that doesn’t rely on some cloud-based trusted services. Trusted services are services offered by companies so well recognized and respected, that we never give it another thought whether to trust them or not. Companies like Google, Microsoft and Dropbox. We all use them and we all trust them. And that’s exactly what hackers are counting on.

Continue reading “When it Comes to Phishing You Can no Longer Trust Trusted Services” »

The Numbers are in: You Can’t Stop Email Impersonation Without Help

The Numbers are in: You Can’t Stop Email Impersonation Without Help

Email impersonation is one of the most prevalent and effective types of phishing attacks. Why is that? Because this type of phishing email supposedly comes from someone or some company you know, so you let your guard down. “As the professional community continues to work in a remote environment, email impersonations present the perfect way for opportunistic fraudsters to take advantage of human vulnerabilities.”

Continue reading “The Numbers are in: You Can’t Stop Email Impersonation Without Help” »

Biggest Heist In Twitter’s History: How Cyber Adversaries Used Coordinated Social Engineering Attack To Target Verified Twitter Accounts Of Celebrities

Biggest Heist In Twitter’s History: How Cyber Adversaries Used Coordinated Social Engineering Attack To Target Verified Twitter Accounts Of Celebrities

On the 15th of July, 2020, the adversaries could successfully barge into some of the most popular accounts of the San Francisco-based social networking platform Twitter. The attackers infiltrated despite Twitter’s phishing attack prevention measures and used this access to Twitter’s database to hack celebrity Twitter Accounts. This attack has taken the internet by storm as many renowned faces have become its victims. Although Twitter is adopting the phishing prevention best practices, it is unsure whether they will be able to combat the long term effects of this historic breach- A high time organizations must adopt innovative anti-phishing solutions.

Continue reading “Biggest Heist In Twitter’s History: How Cyber Adversaries Used Coordinated Social Engineering Attack To Target Verified Twitter Accounts Of Celebrities” »

Something New: The Dual Impersonation Business Email Compromise Scam

Something New: The Dual Impersonation Business Email Compromise Scam

As far as phishing emails go, business email compromise (BEC) are amongst the most sophisticated. In BEC, “typically an attack targets specific employee roles within an organization by sending a spoof email which fraudulently represents a senior colleague (CEO or similar) or a trusted customer.”

BEC attacks take time and planning and patience. After all, the attackers are attempting to impersonate a real person, so they have to be very convincing. Now word comes from ZDNet of a sophisticated new group of Russian hackers targeting big companies around the world with BEC phishing emails. Their clever new twist? They’re attempting to impersonate two people.

Continue reading “Something New: The Dual Impersonation Business Email Compromise Scam” »

Will Office 365 Email Ever Be Safe?

Will Office 365 Email Ever Be Safe?

Probably not. Office 365 has two things going against it when it comes to safe email. First, it’s the most targeted platform, so it’s always getting the hackers’ best shot. Second, it doesn’t have a particularly good traffic record of producing effective email defense.

An example of the first issue is the recent phishing attack on Office 365 remote workers as reported by Malwaretips. According to the article, “Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home. These phishing messages are a lot more dangerous because of the huge influx of employees working remotely and using VPNs to connect to company resources from home for sharing documents with their colleagues and accessing their orgs’ servers.”

Continue reading “Will Office 365 Email Ever Be Safe?” »

When it Comes to Phishing Attacks Hackers Get You Coming and Going

When it Comes to Phishing Attacks Hackers Get You Coming and Going

Before COVID-19, pretty much everyone worked in an office so that’s where hackers aimed their phishing attacks. They used spear phishing and business email compromise (BEC) techniques to steal credentials and to steal money. And then something strange happened: everyone started working from home.

Once everyone started working remotely due to the coronavirus, that’s where the hackers went after them because remote workers are even more vulnerable working from home (WFH). COVID-19 themed emails targeting WFH employees with promises of face masks or investments in fake companies claiming to be developing vaccines were very common. And then something strange happened: employees started returning to the office.

Continue reading “When it Comes to Phishing Attacks Hackers Get You Coming and Going” »

What Follows COVID Phishing Attacks? Black Lives Matter Phishing Attacks!

What Follows COVID Phishing Attacks? Black Lives Matter Phishing Attacks!

If it’s in the news, it’s a phishing attack waiting to happen. First, it was the popularity of the show Game of Thrones. Then it was the new Star Wars sequel. More recently it was the fear of COVID-19.  And now, in response to all the recent protests over police brutality, it’s the Black Lives Matter movement. Apparently, hackers get their ideas for phishing attacks from the news.

Continue reading “What Follows COVID Phishing Attacks? Black Lives Matter Phishing Attacks!” »

How To Protect Your SMBs (Small Medium Businesses) From Phishing

How To Protect Your SMBs (Small Medium Businesses) From Phishing

In the 21st century, enterprises are facing a severe threat from people they have not met, and may never meet. Digitalization means the bad guys no longer have to be present at the site of their crimes. As a result, tight security at the office premises and money kept in the safe are not enough insurance against cyber thieves.

Continue reading “How To Protect Your SMBs (Small Medium Businesses) From Phishing” »

The Perfect Phishing Setup: A VPN Configuration from the IT Department

The Perfect Phishing Setup: A VPN Configuration from the IT Department

Hackers are always trying different ways to get you to let your guard down. In that endeavor, they try to leverage the current state of affairs to craft their phishing attack. For instance, today many people are working from home who normally wouldn’t be. Hackers use that information to launch their phishing attack, like the one supposedly delivering a new VPN configuration.

Continue reading “The Perfect Phishing Setup: A VPN Configuration from the IT Department” »

Why Remote Workers are so Vulnerable to Phishing Attacks

Why Remote Workers are so Vulnerable to Phishing Attacks

Workers suddenly finding themselves working remotely are extremely vulnerable to phishing attacks. This is due to a unique combination of two factors that amplify the problem: bigger target and poorer security behavior.

The first factor making remote workers move vulnerable is that hackers are going after them more vigorously now that they’re working remotely. This is especially true of hackers leveraging the Google brand. According to an article on National Cybersecurity News, “Remote workers are being ‘bombarded’ with Google-branded spear phishing attacks. This is according to a new report from Barracuda Networks, which claims that in the first four months of the year, almost two thirds of spear phishing attacks that impersonated big name brands were Google-themed.”

Continue reading “Why Remote Workers are so Vulnerable to Phishing Attacks” »

Phishing: A Threat To Your Business And Employees

Phishing: A Threat To Your Business And Employees

With the growing dependence on technology in today’s digital world, phishing attacks are also evolving by each passing the day. For those who refuse to accept this claim, we have broken down the 2019 version of the Phishing and Fraud statistics, to prove that, so far, phishing has been the most extensive cyber threat to every large or small enterprise

Continue reading “Phishing: A Threat To Your Business And Employees” »

Please Enter Your Business Email Below to Continue

Get Free Access to Phishing Protection Best Practices

  • Learn why hosted solutions like Office 365 are vulnerable to phishing.
  • Discover why you must protect both your employees AND your customers.
  • Read why checking reputation databases once a day is a waste of time.
  • Learn what real-time website scanning should look for.
  • Get strategies for saving time and money on email protection.

Sign Up Below... and Get Instant Access to the Report