Scammers are taking advantage of the allure of new cryptocurrencies to trick people who want to get in early on the next Bitcoin, according to Naked Security. Criminals set up Initial Coin Offerings (the cryptocurrency version of an Initial Public Offering, or IPO) and invite people to invest in their new currency while it’s still […]
Google Sent 12K Nation-State Phishing Warnings In Three Months
Google’s Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported. TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog […]
The Top Lesson From The Recent Louisiana 2,000-server Ransomware Infection: “User Education, User Education, User Education”
Louisiana suffered a ransomware attack last week that took down more than two thousand of the state’s computers and servers. The ransomware apparently entered the network after a user downloaded an unauthorized file. This is how most malware attacks occur, because only one user needs to fall for a phishing attempt in order for the […]
The Bank of Hawaii early alert of scam phone calls spoofing caller ID
In an early-alert sign, The Bank of Hawaii is warning of a spate of scam phone calls that are spoofing the caller ID of the bank’s real call center, the Honolulu Star-Advertiser reports. The bad guys are likely to repeat scams like this nationwide or even worldwide, so it pays off to watch for this. […]
Click Confessions of a Security Expert
As a “human security” expert, I used to take a lot of pride in my well-honed security hygiene. Yeah… that all ended back in early 2017 when I joined KnowBe4. You see, up until that time, I’d received a number of simulated phishing, attempted real phish, and I’d even run my own simulated phishing programs […]
110 Nursing Homes Cut Off from Health Records in Ransomware Attack
Brian Krebs reported: “A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this […]
Waterloo Brewing loses $2.1 million in social engineering cyberattack
Waterloo Brewing Ltd. says it has lost $2.1 million in what it calls a social engineering cyberattack. The Ontario brewery says the incident occurred in early November and involved the impersonation of a creditor employee and fraudulent wire transfer requests. Waterloo Brewing says it initiated an analysis of all other transaction activity across all of […]
U.S. Utilities Face Phishing Attacks Intent on Gaining Remote Access
Last month saw a number of utility sector businesses targeted with spear phishing attacks that utilize a new remote access Trojan (RAT) that provides attackers with admin access. We’ve seen a wave of attacks that appear to be focused on infrastructure-related organizations in the U.S. The recent seemingly coordinated attacks on local governments and municipalities […]
Even ‘Unsubscribe’ Emails Can Put the Organization at Risk
Social Engineering tactics seek to use any means that’s familiar to the intended victim – and unsubscribing is perceived as being so benign, it may just be the perfect way to fool your users. While I can’t think of a single website I’ve visited in the last year that sends me an email after I’ve […]
Gift Cards Are Now the #1 Business Email Compromise Cash-Out Mechanism for Fraudsters
Overtaking wire transfers and payroll diversion, gift cards have taken a material lead as one of the easiest and least recoverable ways to cash out of a fraud scam. The CEO gift card scam has been around for a while. It’s a malware-free, purely socially-engineered scam that takes little more than a reasonable email address […]