Another Tax Season, Another Opportunity for Scams
It’s the start of tax season. This is the time of year when we collect our receipts and tax forms and hope for a nice big refund from the U.S. government. Unfortunately, cybercriminals are also looking for a nice big score as well. This year is going to be worse than ever, as many people […]
Posted: April 14, 2021 | View More »Researchers Have Their Eye on Malicious Clones of Android Apps That Put Devices at Risk
Researchers at Check Point have found malicious apps in the Google Play Store that will download Trojans to infected devices. “Check Point Research (CPR) recently discovered a new Dropper spreading via the official Google Play store, which downloads and installs the AlienBot Banker and MRAT,” the researchers write. “This Dropper, dubbed Clast82, utilizes a series […]
Posted: April 14, 2021 | View More »A Can of Phishbait: from Surveys to Rule Changes to Your Boss’s Boss
Employees need to continue being wary of phishing scams as they begin to return to the office, according to Roger Kay at INKY. Kay describes several phishing templates that INKY has intercepted in recent months, including one that informed recipients that they needed to fill out a compliance form related to COVID-19 risks. “Reasonably well […]
Posted: April 14, 2021 | View More »Vaccine Research Companies are the Target of New Ransomware Attacks
The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns financial organizations to be aware of campaigns actively targeting vaccine companies If you’re a ransomware gang and you want to maximize your ransom, who do you attack? An organization working feverishly to potentially make billions of dollars via a desperately needed vaccine, of course! Take […]
Posted: February 4, 2021 | View More »[HEADS UP] Allowing Site Notifications Can be Very Costly
Krebs on Security reported that there have been an increasing number of websites asking visitors to approve ‘notifications’. In most cases these notifications are not malicious, but several firms are paying site owners to install notification scripts to sell to scammers. Normally, a website will ask permission to send notifications (as long as you approve […]
Posted: February 4, 2021 | View More »New “Back to Work” HR-Themed Phishing Scam Works to Steal Internal User Credentials
Using a fake internal memo from HR, per-user custom-named email attachments, SharePoint Online, and a realistic-looking HR form, this phishing attack has all the ingredients to trick your users. This far into the pandemic, there are groups of users within your organization begging to come back to the office, as well as those that never […]
Posted: February 4, 2021 | View More »BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries
Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up. In the midst of adjusting to working-while-COVID, ransomware seemed to be at the forefront of attacks. But new data from Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise has recently grown in interest […]
Posted: December 3, 2020 | View More »Thinking Skeptically About Smishing
Organizations need to train their employees to be on the lookout for SMS phishing (smishing), according to Jennifer Bosavage at Dark Reading. Bosavage explains that attackers exploit normal human behavior to gain access or information from employees. “Cyberattackers leverage the way people typically respond to certain social situations to trick them into disclosing sensitive information about themselves, […]
Posted: December 3, 2020 | View More »20 Ways to Build Your Security Fortress From Anywhere
At Home Have separate devices for work and personal use Connect to Ethernet (wired) or at least WPA2 (Wi-Fi Protected Access 2) for a secure wireless connection Use a VPN (Virtual Private Network) whenever possible to access employer systems/data Keep router and modem firmware up-to-date Secure IoT devices (smart speakers, appliances, etc.) – use strong, […]
Posted: November 2, 2020 | View More »National Security Awareness Podcasts
Tune into our podcasts each week! Week 1: October 9Introduction to IT360 & Cybersecurity in 2020 Week 2: October 16Cybersecurity Training for Employees Week 3: October 23Cyber Insurance Week 4: October 30Remote Working
Posted: October 8, 2020 | View More »