Phishing


Phishing Prevention: Email Providers Aren’t Helping Any

Phishing Prevention: Email Providers Aren’t Helping Any

How many employees have to get phished before they take action? How much ransomware has to be paid before they take action? How many personal records have to be stolen before they take action? What will it take for email security service providers to install phishing protection technology and protect their customers? Apparently they haven’t hit the limit yet because the one thing we know for sure is that they aren’t doing a very good job of it.

Continue reading “Phishing Prevention: Email Providers Aren’t Helping Any” »

The Homograph Phishing Attack: The Antidote to Awareness Training

The Homograph Phishing Attack: The Antidote to Awareness Training

If you’ve ever taken phishing awareness training, you’ve most likely been taught to identify domain name spoofing. Domain name spoofing is a phishing tactic where an attacker sends you an email from one domain, the attacker’s domain, that looks almost identical to another domain, a domain you trust.

The idea is that if the recipient of the email looks at the email address quickly, they may not notice the slight difference. Here’s an example of an email from a lady named Beth at Google: beth@gooogle.com. Or is it? No, it’s a domain name spoof spelling Google with three Os.

Continue reading “The Homograph Phishing Attack: The Antidote to Awareness Training” »

One Phishing Filter is Not Enough Which is Why You Need Six

One Phishing Filter is Not Enough Which is Why You Need Six

A recent article on the Help Net Security website discussed the results of research into the effectiveness of phishing filters. Phishing filters are used in email security to scan emails for malicious links or attachments.

Phishing filter technology is becoming widely adopted and it’s generally thought to be pretty effective at preventing phishing attacks. That’s not what the research found.

Continue reading “One Phishing Filter is Not Enough Which is Why You Need Six” »

13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization

13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization

Spear Phishing is a type of phishing attack which generally targets “Whales” or “high-level organizational actors” such as C-suite executives (e.g., CEO, CFO, CIO, etc.) or upper management to steal financial and sensitive or confidential information from unsuspecting top-level management. Spear phishing data breaches account for more than half of the phishing scams worldwide, which occur every year. Verizon reports elucidate that a high proportion of these data breaches begin with a directed phishing campaign targeted against an enterprise. Although corporations deploy sophisticated phishing prevention software to safeguard their data, they remain vulnerable because of human error, which allows adversaries to bypass such security measures, including anti-phishing solutions.

Continue reading “13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization” »

Office 365: Almost Any Amount You Spend to Avoid a Phishing Attack is Worth it

Office 365: Almost Any Amount You Spend to Avoid a Phishing Attack is Worth it

Osterman Research came out with their Office 365 Email Security 2019 Benchmarking Survey and the results are scary for organizations using Office 365 for email. The results are based on 318 in-depth surveys with IT and security managers of enterprises using Office 365 in the United States and the United Kingdom. According to Osterman, the purpose of the survey was to gain a better understanding of the security management issues faced by organizations using Office 365.

Continue reading “Office 365: Almost Any Amount You Spend to Avoid a Phishing Attack is Worth it” »

Spear Phishing: The Greatest Threat to Democracy

Spear Phishing: The Greatest Threat to Democracy

What’s the greatest threat to democracy today? How about election results that can’t be trusted because the election was manipulated by hackers. Hackers who began their attack with a spear phishing campaign. It’s happened before. It will almost certainly happen again.

Manipulating campaigns is now part of the election process. And the number of ways it can be manipulated is scary to think about. It could be as simple as hijacking a social media account to post fake election results. Or, it could be a sinister as hijacking a county website and posting fake voting instructions about where, when and how to vote. And no matter what form it takes, it will almost certainly start with a spear phishing attack.

Continue reading “Spear Phishing: The Greatest Threat to Democracy” »

Reeling in a Different Kind of Phish at Sea

Reeling in a Different Kind of Phish at Sea

Fishing can be a very profitable enterprise. Many commercial fishing fleets head out to sea each day hoping to land a big catch. Now these same boat owners have to be careful the big catch doesn’t land them. 

According to an article on the Hot for Security website, “An alert released on Monday cautions that hackers have actively been targeting the networks of commercial vessels with phishing attacks. A similar alert had been issued in May when cybercriminals resorted to phishing to steal sensitive information about the ships and their itineraries.” 

Continue reading “Reeling in a Different Kind of Phish at Sea” »

What to do If You’re Hit by Ransomware

What to do If You’re Hit by Ransomware

There’s much debate going on today about what to do if your organization gets hit by ransomware. There’s really only two choices: pay it or don’t. And which side you come down on says a lot about your big picture perspective.

Recently, U.S. Mayors, at their yearly conference, which represents over 1,400 mayors from U.S. cities with over 30,000 people, adopted a resolution not to give in to ransomware demands. Of course the mayors “admitted that ransomware attacks can result in the loss of millions of dollars and months of work to repair damage, but highlighted that paying the attackers only ‘encourages continued attacks on other government systems, as perpetrators financially benefit.'”

Continue reading “What to do If You’re Hit by Ransomware” »

Is Paying Ransom Being Considered As The Best Way Out For Dealing With Ransomware Attacks

Is Paying Ransom Being Considered As The Best Way Out For Dealing With Ransomware Attacks

Phishing has been on the rise in form or the other, ever since users have started to use emails, messages, phones, etc. Every other month, around 1.5 million new phishing sites are created by cyber-criminals and add to the growing cybercrime world. Several of these sites employ ransomware as a tactic in order to extort money from unsuspecting users who accidentally click on a fraudulent link in an email or text message sent to them.

Continue reading “Is Paying Ransom Being Considered As The Best Way Out For Dealing With Ransomware Attacks” »

Death, Taxes and the Evolution of Phishing Attacks

Death, Taxes and the Evolution of Phishing Attacks

They say nothing is certain in life except for death and taxes. You can add one more to that list: phishing attacks. Hackers continue to do their homework and innovate as the number one cybersecurity threat refuses to be contained.

According to an article on the Dark Reading website, “Email continues to be an extremely effective vector for delivering malicious content because of how adept attackers have become at tricking users over the years.”

Continue reading “Death, Taxes and the Evolution of Phishing Attacks” »

When the Department of Homeland Security isn’t so Secure

When the Department of Homeland Security isn’t so Secure

From its website, the Department of Homeland Security’s (DHS) mission is “to secure the nation from the many threats we face.” In essence, the DHS’s job is to create trust, for Americans, in their own security. So, it shouldn’t come as any surprise that hackers would try to exploit that trust by launching an email phishing scam that impersonates email alerts from the DHS.

Continue reading “When the Department of Homeland Security isn’t so Secure” »

Five Phishing Tactics Sure to Trick You Into Clicking

Five Phishing Tactics Sure to Trick You Into Clicking

By now, most people know that 91% of cyberattacks start with a phishing email. In recognition of this, companies are now beginning to offer security awareness training. According to an article on the website Dark Reading, “45% of organizations provide employees mandatory, formal cybersecurity training; another 10% give optional training.”

The objective is simple: teach employees not to click on the links in suspicious emails. Given the sophisticated nature of some phishing exploits today, that’s easier said than done. With that in mind, we present five

Continue reading “Five Phishing Tactics Sure to Trick You Into Clicking” »

Everyone Loves PDFs Including Hackers

Everyone Loves PDFs Including Hackers

If you’re doing business, then you’re sending, receiving and reading PDFs.

PDFs have become ubiquitous in business as a way of sending documents over the web. And why not? There are a lot of advantages to using PDFs. For starters, it’s ubiquitous—everyone has a PDF reader. The files can include embedded links and images. The files tend to be small compared to other formats. They can be password protected. They can work on any operating system. And they’re not likely to go away any time soon.

Continue reading “Everyone Loves PDFs Including Hackers” »

The Problems With Paying a Phishing Ransom

The Problems With Paying a Phishing Ransom

If you haven’t been paying attention, a lot of organizations have been hit by ransomware lately, almost all of which are triggered by a phishing email. Hackers use all types of exploits to extract money from their victims too. Their favorite, by far, is to encrypt the victim’s hard drive with a promise to decrypt it if the ransom is paid, usually in something untraceable like Bitcoin.

Continue reading “The Problems With Paying a Phishing Ransom” »

Phishing Prevention: If Users are the Weakest Link, Why is Training the Only Solution?

Phishing Prevention: If Users are the Weakest Link, Why is Training the Only Solution?

In cybersecurity, there’s a best practice called Defense in Depth. The idea behind Defense in Depth is very simple. Put up a bunch of different types of barriers instead of just relying on one. This way, no matter what attack vector the enemy chooses, you’re covered.

Defense in depth is a pretty sound cybersecurity strategy, one which many companies employ, except for when it comes to phishing protection.

Continue reading “Phishing Prevention: If Users are the Weakest Link, Why is Training the Only Solution?” »

Phishing Awareness Training is Getting Some Large Investments

Phishing Awareness Training is Getting Some Large Investments

It sure is a good time to be in the phishing awareness training business, especially if you’re looking for investors to invest in your company. A couple of multimillion dollar deals were announced just last week.

First, “start-up security awareness firm CybeReady has expanded into the U.S. market with an initial funding round of $5 million led by Baseline Ventures,” according to an article on Security Week website.

Continue reading “Phishing Awareness Training is Getting Some Large Investments” »

Phishing: The Good, the Bad and the Ugly of Google

Phishing: The Good, the Bad and the Ugly of Google

Google is great. It offers a lot of useful services for free. And those services are tightly integrated so they work well together.

Google services are also used by a lot of people. According to an article on Forbes.com, “Google’s Gmail email service is used by upwards of 1.5 billion people. The Google Calendar app, meanwhile, has been downloaded more than a billion times from the Play Store”

Continue reading “Phishing: The Good, the Bad and the Ugly of Google” »

Some Truly Startling Phishing Statistics

Some Truly Startling Phishing Statistics

Which phishing statistic is scarier? That 94% of organizations say they were hit with a phishing attack in 2018 or that the attacks themselves may be underreported, even when it’s required by law?

How about 42% of public sector organizations had been hit with a disruptive ransomware attack in the last month? LAST MONTH!

What about the cost of these attacks? The city of Baltimore, which was hit with a ransomware attack but refused to pay the $80,000 ransom, has spent $18 million trying to recover. And it’s not just money.

Continue reading “Some Truly Startling Phishing Statistics” »

SaaS Makes Business Easier and More Vulnerable

SaaS Makes Business Easier and More Vulnerable

Software-as-a-service (SaaS) is being used more and more to deliver mission critical services to business of all sizes. SaaS provides tremendous benefits to businesses, including eliminating the need for a software development team and eliminating expensive patching and upgrades. Examples of SaaS services include customer relationship management (CRM), eCommerce, storage and email delivery.

Continue reading “SaaS Makes Business Easier and More Vulnerable” »

Get Free Access to Phishing Protection Best Practices

  • Learn why hosted solutions like Office 365 are vulnerable to phishing.
  • Discover why you must protect both your employees AND your customers.
  • Read why checking reputation databases once a day is a waste of time.
  • Learn what real-time website scanning should look for.
  • Get strategies for saving time and money on email protection.

Sign Up Below... and Get Instant Access to the Report