Agari: Business Email Compromise the Most Lucrative Form of Email Attack
May23

Agari: Business Email Compromise the Most Lucrative Form of Email Attack

A report from the email security vendor Agari provides new insights into the tactics used by cybercriminal groups to conduct email attacks and the extent of global email fraud. While many email-based attack methods are used, business email compromise (BEC) is the most lucrative for criminals and BEC attacks are the costliest for companies. The Agari report was released days after the FBI published figures on the cost of Internet crime...

Read More
$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit
May18

$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit

A class-action lawsuit stemming from a W-2 phishing scam that saw an employee of the respiratory therapy supplier Lincare Inc., send the W-2 Forms of employees to a scammer has been settled for $875,000. As is typical with these types of Business Email Compromise (BEC) attacks, the scammer pretended to be a senior executive and sent an email to an employee of the HR department requesting W-2 information for the company’s employees....

Read More
GDPR Phishing Scam Targets Airbnb Customers
May16

GDPR Phishing Scam Targets Airbnb Customers

A GDPR phishing scam has been detected targeting Airbnb customers. The GDPR-themed scam requests customers of the home-sharing website must re-enter their contact information and credit card details in order to comply with the EU’s General Data Protection Regulation that comes into force on May 25, 2018. The scammers are taking advantage of the high volume of emails currently being sent by companies as part of their GDPR compliance...

Read More
Does Two-Factor Authentication Protect Businesses from Phishing Attacks?
May08

Does Two-Factor Authentication Protect Businesses from Phishing Attacks?

Two-factor – or multi-factor – authentication is a simple control that makes it harder for unauthorized individuals to gain access to accounts and sensitive data. Rather than just use a single factor for authentication such as a password, an additional factor is required, usually something an individual has. This could be a card reader, which is often used by banks for verifying the identify of an individual who wants to make a...

Read More
2018 Phishing Trends & Intelligence Report
May06

2018 Phishing Trends & Intelligence Report

Security awareness and anti-phishing vendor PhishLabs has released its 2018 Phishing Trends & Intelligence Report. The report shows there has been a marked change in attacks, with enterprises now being targeted rather than individuals. This comes as no surprise as the potential rewards for a successful attack on an enterprise are considerably higher than attacks on individuals. Enterprises are more likely to pay ransom demands...

Read More
Wombat Security Releases 2018 Beyond the Phish Report
May03

Wombat Security Releases 2018 Beyond the Phish Report

The Beyond the Phish Report from Wombat Security provides valuable insights into the state of security awareness across different industry sectors. For the report, Wombat Security analyzed the responses to almost 85 million questions and answers collected from employees of its customers across 16 industry sectors. The questions covered 12 different categories including protecting confidential information, safe use of passwords,...

Read More
What are the Most Clicked Phishing Emails?
May02

What are the Most Clicked Phishing Emails?

KnowBe4 has released a quarterly report that reveals the most clicked phishing emails in Q1, 2018 – The emails that are proving to be the most effective at fooling employees into clicking hyperlinks and opening potentially malicious email attachments. The data from the report came from responses to phishing simulation emails delivered through its training platform. The simulated phishing emails mirror messages observed in real world...

Read More
KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails
Apr20

KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails

The recent shootings at schools in the United States have shocked the nation, with educational institutions now on high alert for any recurrences. The news of an active shooter on campus requires an immediate response and is likely to result in panic. It is therefore no surprise that scammers have taken advantage and have been sending fake active shooter alerts via email to schools and colleges. KnowBe4 has recently identified one...

Read More
Human Factor Cybersecurity Report Released by Proofpoint
Apr18

Human Factor Cybersecurity Report Released by Proofpoint

The human factor continues to be extensively exploited by cybercriminals according to the annual human factor cybersecurity report from Proofpoint. While hacks are still commonplace, cybercriminals are mostly relying on some interaction from employees to steal funds from bank accounts, obtain login credentials and sensitive data, and infect end points and networks with malware and ransomware. The data for the latest report come from...

Read More
Barracuda PhishLine Levelized Programs Offers New Method of Measuring Susceptibility to Phishing Attacks
Apr18

Barracuda PhishLine Levelized Programs Offers New Method of Measuring Susceptibility to Phishing Attacks

Yesterday saw the launch of Barracuda PhishLine Levelized Programs – A new approach developed by Barracuda and PhishLine to determine and improve user resistance to phishing attacks. Most anti-phishing training solutions use click rate metrics to determine resistance and susceptibility to phishing attacks. While this method of testing employees has proven effective, Barracuda Networks points out that there are limits to this approach....

Read More
Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack
Apr17

Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack

It has been discovered that the email accounts of several employees of UnityPoint Health hhave been compromised and accessed by unauthorized people. Access to the staff email accounts was first obtained on November 1, 2017 and went on for a period of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised email accounts was turned off. When the phishing attack was first noticed,...

Read More
Proofpoint Study Shows Impact of Email Fraud on Businesses
Apr10

Proofpoint Study Shows Impact of Email Fraud on Businesses

Proofpoint has published the findings of a recent study investigating the impact of email fraud on businesses. The study reveals the extent to which businesses are affected by email fraud, the typical impact of email fraud on businesses, which individuals are targeted, and the steps that are being taken to reduce risk. There has been an increase in email fraud in recent years, with last year seeing a further surge in attacks. The...

Read More
Warning Over Possible MyFitnessPal Phishing Attacks
Apr09

Warning Over Possible MyFitnessPal Phishing Attacks

A recently discovered cyberattack on Under Armour has raised fears about a wave of MyFitnessPal phishing attacks. On March 25, 2018, Under Armour discovered an unauthorized individual had gained access to the data of 150 million users of MyFitnessPal – including users with website accounts and those who use the MyFitnessPal app. The Under Armour data breach is the largest to be discovered this year in terms of the number of...

Read More
Lazio Football Club Phishing Scam Sees €2 Million Sent to Attackers
Apr06

Lazio Football Club Phishing Scam Sees €2 Million Sent to Attackers

Phishing scams can prove expensive for businesses, as the Italian Serie A football team Lazio is now knows all too well. A recent phishing scam could have cost the club €2 million Euros ($2,461,990). Lazio Football Club transferred in defender Stefan de Vrij from the Dutch club Feyenoord in the summer of 2014 for around €8 million Euros. Not all of that transfer fee was paid in one lump sum. There was one outstanding payment left of...

Read More
Phishing Attack on CareFirst BCBS Impacts 6,800 Plan Members
Apr03

Phishing Attack on CareFirst BCBS Impacts 6,800 Plan Members

CareFirst Blue Cross Blue Shield is alerting 6,800 of its plan members that some of their protected health information has potentially been accessed by unauthorized individuals as a result of a successful phishing attack on one of its employees. Phishing attacks are conducted to gain access to sensitive information such as email credentials. Those credentials are then used to access to sensitive data or conduct further attacks on an...

Read More
European Phishing Response Trends Report Shows EU Firms Unprepared for Phishing Attacks
Mar27

European Phishing Response Trends Report Shows EU Firms Unprepared for Phishing Attacks

A new report from Cofense (formerly PhishMe) has revealed the majority of EU firms do not feel they are well prepared to deal with phishing attacks. Phishing is a major threat to businesses of all sizes. Enterprises and SMBs must deal with spray and pray campaigns as well as targeted phishing attacks on their organization and highly targeted spear phishing attacks on specific groups of employees. The data for the European Phishing...

Read More
Cofense Report Reveals Latest Malware Delivery and Attack Trends
Mar23

Cofense Report Reveals Latest Malware Delivery and Attack Trends

The 2018 Malware Review from security awareness and anti-phishing solution provider Cofense (Formerly PhishMe) looks at malware trends over the past 12 months and makes predictions about malware delivery and attack trends in 2018. The 2018 Cofense Malware Review, titled A Look Back and a Look Forward, was compiled after analyzing millions of phishing and spam emails gathered from multiple sources over the past year. The report has a...

Read More
1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach
Mar20

1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach

1,049 patients of Beverly Hills, CA-based RoxSan Pharmacy have been warned that some of their protected health information has been shared with a business associate through an unencrypted email. The notification letters were sent to affected people during February, although the incident happened on January 20, 2015. Commenting in a recent press release, RoxSan stated that affected individuals are being contatced in “as timely a manner...

Read More
Primary Health Care Experiences Multiple Email Hacks
Mar20

Primary Health Care Experiences Multiple Email Hacks

A non-profit network of community health centers in Des Moines, Marshalltown and Ames, IA, Primary Health Care Inc. has reported that hackers gained access to the email accounts of four workers and may have viewed or downloaded patients’ PHI. A press release issued by Primary Health Care and published a substitute breach notice to its website on March 16, 2018 outlining that the breach occurred on February 28, 2017. The breach was...

Read More
77% of Businesses Expect to Be Victims of Email Fraud in 2018
Mar20

77% of Businesses Expect to Be Victims of Email Fraud in 2018

A new report from Proofpoint has revealed 82% of boards are concerned about email fraud with six out of 10 businesses considering email fraud to be a major security risk and with good reason. Email fraud is now commonplace and poses a major threat to businesses of all sizes, from mom and pop stores to the largest enterprises. The data for the report came from Proofpoint’s 2018 global ‘Understanding Email Fraud’ survey, which was...

Read More
Increase in W-2 Phishing Campaigns Leads to FBI Warning Issued
Mar01

Increase in W-2 Phishing Campaigns Leads to FBI Warning Issued

The Federal Bureau of Investigation (FBI) has issued a new alert for businesses due to a major rise in phishing attacks attacking payroll worker. The target of the phishing attacks is to download copies of the W-2 forms of workers. Information on the forms is used to carry out identity theft and tax fraud. 2017 saw record numbers of phishing campaigns targeting businesses, educational institutions, and healthcare groups. In some...

Read More
Phishing Attack on Sutter Health Business Associate Impacts Patients
Feb26

Phishing Attack on Sutter Health Business Associate Impacts Patients

Sutter Health is contacting certain patients to advise them that their protected health information may have been exposed in a phishing attack on the legal firm Salem and Green, one of its business associates. It is thought that the attack took place on or around October 11, 2017, a phishing email was received by a worker at Salem and Green. The worker responded and, in doing so, allowed the attackers access to their email account....

Read More
PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS
Feb23

PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS

The Q3 2017 phishing Activity Trends Report from the Anti Phishing Working Group has revealed the extent to which cybercriminals are abusing the Hypertext Transfer Protocol Secure (HTTPS) protocol in phishing campaigns. Websites using HTTPS encrypt the connection between the website and browser to prevent man-in-the-middle attacks. There has been a major transition from HTTP to HTTPS by online retailers and other businesses to provide...

Read More
Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts
Feb13

Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts

San Diego, CA-based Ron’s Pharmacy Services has found that an employee’s email account containing limited protected health information has been logged onto by an unknown individual. Unusual activity was noticed on the employee’s email account during October 3, 2017 resulting in an investigation; however, it was not until December 21, 2017 that it was revealed that an unauthorized individual had obtained messages in the email...

Read More
Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud
Feb12

Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud

A joint research study conducted by Agari and Farsight Security has been published this month that shows almost every domain is vulnerable to phishing and domain name spoofing due to the failure to adopt the Domain Message Authentication Reporting & Conformance (DMARC) email authentication standard. Globally, fewer than 1% of domains are protected by DMARC, which helps domain owners prevent abuse of their brands. An analysis of...

Read More
FBI Issues Warning About Internet Crime Complaint Center Phishing Scams
Feb06

FBI Issues Warning About Internet Crime Complaint Center Phishing Scams

The FBI has spent the past few months investigating reports of Internet Crime Complaint Center phishing scams. IC3 has been impersonated in several campaigns that attempt to convince people to reveal sensitive information that can be used to drain bank accounts and steal identities. The FBI has identified three email templates that are being used by scammers to obtain sensitive information from victims. In some cases, victims have...

Read More
Forrest General Hospital Phishing Attack  Exposes Patients’ PHI
Feb05

Forrest General Hospital Phishing Attack Exposes Patients’ PHI

The PHI has of patients of Forrest Health’s Forrest General Hospital has potentially been obtained by a third party after access was gained to the email account of one of the employees of a business associate, Horne LLP. HORNE LLP is a provider of certain Medicare reimbursement procedures to Forrest General Hospital and due to this needs requires access to patients’ private health information. HORNE found email account breach on...

Read More
Poor DMARC Adoption in Retail Industry Placing Customers at Risk
Feb01

Poor DMARC Adoption in Retail Industry Placing Customers at Risk

A recent study conducted by the email analytics firm 250ok has revealed DMARC adoption in retail is particularly poor and the lack of email validation is placing consumers at risk. SPF – or Sender Policy Framework to give it its full name – is an email validation system that helps businesses to detect attempts to spoof their domains. Domain spoofing is a common tactic used by cybercriminals to fool email recipients into thinking an...

Read More
Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails
Jan30

Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails

Google security checkup emails have been hitting inboxes over the past few days. The purpose of the emails is to get Google email account holders to check their security settings as potential vulnerabilities have been discovered – Vulnerabilities that could potentially be exploited by malicious actors to take control of users’ email accounts and view potentially sensitive information contained therein. The Google security emails may...

Read More
53,000 Pharmacy Patients have PHI Exposed in Email Hack
Jan25

53,000 Pharmacy Patients have PHI Exposed in Email Hack

Patients of Onco360 and CareMed Specialty Pharmacy have been notified that the PHI of 53,173 patients has been compromised due to a phishing attack. A security breach was discovered on November 14, 2017, when suspicious activity involving an member of staff’s email account was uncovered. Following the discovery third party computer forensics experts conducted an investigation to determine the manner and extent of the breach. It...

Read More
Knowbe4 Identifies Industry Most Susceptible to Phishing Attacks
Jan25

Knowbe4 Identifies Industry Most Susceptible to Phishing Attacks

Security awareness and phishing training firm Knowbe4 has published a new report that identifies the industry most susceptible to phishing attacks. For the report, Knowbe4 analyzed data from more than 6 million users and 11,000 organizations using its phishing email simulation service. Figures include a baseline taken prior to the provision of security awareness training, 90 days following training and phishing email simulations, and...

Read More
New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan
Jan24

New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan

The operators of the Necurs botnet have launched several phishing campaigns in the past few days that are being used to spread the Dridex banking Trojan. Malware and cryptocurrency miners are also being sent in large scale campaigns. New tactics are being used to ensure infection and avoid detection. The latest Dridex malware campaign was launched in the past few days and targets customers of major US and European banks. When users...

Read More
Beware of W2 Phishing Scams This Tax Season
Jan23

Beware of W2 Phishing Scams This Tax Season

Employers are being warned to be wary of W2 phishing scams this tax season. The past two years have seen hundreds of employers scammed into disclosing the W2 forms of their employees. The credentials on the forms were subsequently used to file false tax returns. This year is likely to be no different. Last year, accounts department and payroll staff were targeted with W2 phishing scams, using an attack method termed business email...

Read More
Threat from Phishing at an All Time HIgh
Jan22

Threat from Phishing at an All Time HIgh

The 2018 State of the Phish Report from Wombat Security Technologies confirms the threat from phishing is at an all-time high. Fortunately, employees do appear to be getting better at recognizing phishing emails. The data for the latest State of the Phish Report comes from an analysis of millions of phishing email simulations using the Wombat platform, along with quarterly surveys on more than 10,000 information security professionals...

Read More
Phishing Attack Sees School District Network Crippled by Emotet Malware
Jan21

Phishing Attack Sees School District Network Crippled by Emotet Malware

Employees of the Rockingham County Schools District in North Carolina have inadvertently disabled their entire network after falling for phishing emails. Several employees opened malicious Microsoft Word documents that resulted in multiple copies of Emotet malware being installed. Emotet malware is a computer Trojan that steals financial information first by injecting code into the networking stack, then installing itself in software...

Read More
Phishing Emails Pushing Fake Meltdown and Spectre Patches
Jan18

Phishing Emails Pushing Fake Meltdown and Spectre Patches

The recently disclosed microprocessor vulnerabilities – Meltdown and Spectre – have had software and hardware firms working hard to develop patches. Cybercriminals have also been busy developing phishing campaigns that push fake Meltdown and Spectre patches. It should not come as a surprise that cybercriminals are capitalizing on the rush to secure computers and patch the vulnerabilities. The vulnerabilities can potentially be...

Read More
PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails
Jan17

PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails

A recent online poll conducted by the anti-phishing solution provider PhishLabs has revealed a considerable cybersecurity gap exists at many organizations. While most companies now have solutions in place to block spam and malicious emails, those solutions rarely block every unwanted email. Many spam emails are still delivered. Some of those emails will contain malware and links to phishing websites. It is for this reason that it is...

Read More
DMARC Adoption by Federal Agencies Increases 38% in 30 Days
Jan16

DMARC Adoption by Federal Agencies Increases 38% in 30 Days

A new report from Agari suggests the decision made by the Department of Homeland Security (DHS) to make DHS adoption by federal agencies mandatory is having a positive impact. However, the deadline for compliance is fast approaching and the majority of federal agencies have still not implemented DMARC. Prior to the DHS directive (BOD 18-01), relatively few government agencies were using DMARC to secure their domains. The DHS directive...

Read More
PhishMe Publishes South Africa Phishing Response Trends Report
Jan15

PhishMe Publishes South Africa Phishing Response Trends Report

A new South Africa phishing response trends report from PhishMe includes worrying statistics for CISOs and CIOs in South Africa. The threat from phishing is greater in South Africa than many other countries, but companies are struggling to deal with the threat. For the report, PhishMe looked at the technologies and strategies used by IT security decision makers in South Africa to deal with phishing attacks. The report reveals 90% of...

Read More
Florida Agency for Health Care Administration Hit by Phishing Attack
Jan11

Florida Agency for Health Care Administration Hit by Phishing Attack

An unauthorized individual has gained access to a single email account of a staff member at the Agency for Health Care Administration in Florida using a phishing scam. The staff member was sent, and responded to, a malicious phishing email on November 15, 2017 and shared login details that permitted the attacker to remotely access his/her email account and, potentially, the protected health information of up to 30,000 Medicaid...

Read More
Half of Users Click Links Sent by Unknown Senders
Jan08

Half of Users Click Links Sent by Unknown Senders

A new report from Komodo security suggests that until at least 2020, phishing will remain the most commonly used tactic of conducting advanced attacks on businesses, for a very good reason. 50% of the time those attacks are successful. The worrying statistic comes from research conducted at Friedrich Alexander University in Germany in 2016, which suggests one in two computer users routinely click hyperlinks in emails from unknown...

Read More
Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients
Jan06

Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients

A recent Bronson Healthcare Group phishing attack has resulted in a hacker gaining access to the protected health information (PHI) of 8,256 patients. The attack allowed the hacker to gain access to the health system’s email system, which contained the names, medications, and treatment information of patients. No Social Security numbers or patients’ financial information was compromised, and its electronic medical record system was...

Read More
PhishMe’s Phishing Incident Response Platform Update Improves Usability for SOCs and IRs
Dec27

PhishMe’s Phishing Incident Response Platform Update Improves Usability for SOCs and IRs

PhishMe has made several updates to its phishing incident response platform, PhishMe Triage. PhishMe Triage is a phishing incident response management solution for security operations and incident responders that automates the identification, remediation, and sharing of new phishing threats. The solution provides visibility into email-based phishing attacks in near real-time, and analyzes and prioritizes threats reported by employees...

Read More
IRS Phishing Scam Targets Hotmail Users
Dec16

IRS Phishing Scam Targets Hotmail Users

A new IRS phishing scam has been detected that targets tax professionals and taxpayers who hold Hotmail email accounts. The scam has prompted the Internal Revenue Service to issue a warning to Hotmail users to be wary of emails that request personal and financial information. Each year, cybercriminals target tax payers and attempt to get them to reveal their personal information and Social Security numbers, which are used to file...

Read More
18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised
Dec14

18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised

The Detroit-based Henry Ford Health System has issued notifications to almost 18,500 patients that some of their PHI has potentially been seen by an unauthorized person. The PHI breach was discovered on October 3, 2017 when unauthorized access to the email accounts of several members of staff was detected. While protected health information was possible accessed or stolen, the health system’s EHR system was not accessed at any point....

Read More
DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors
Dec03

DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors

A recent DMARC adoption study by Agari has revealed the healthcare industry lags behind most other industry sectors on email authentication. Most of the top healthcare firms in the United States are failing to protect their customers and partners from phishing threats. Domain-based message authentication, reporting and conformance (DMARC) protects domains and stops domain abuse by phishers. While DMARC is highly effective at...

Read More
Most Successful Phishing Scams Revealed by PhishMe
Dec02

Most Successful Phishing Scams Revealed by PhishMe

What are the most successful phishing scams? Warnings about undelivered parcels? Security alerts that require users’ immediate attention? Documents that has been shared by contacts? According to a recent analysis by anti-phishing solution provider PhishMe, the most successful phishing scams, which have almost a 20% success rate, involve the use of entertainment-based triggers to get users to take the desired action. For its analysis,...

Read More
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
Nov29

Medical College of Wisconsin Phishing Attack Affects 9,500 Patients

The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth,...

Read More
Warning Issued by IRS About Christmas Phishing Scams
Nov28

Warning Issued by IRS About Christmas Phishing Scams

Each year there is a wave of Christmas phishing scams during the holiday season, as cybercriminals attempt to steal sensitive information to enable them to file fraudulent tax returns. This year is likely to be no different. Last year saw a major increase in Christmas phishing scams, and the prospect of another barrage of phishing emails has prompted the IRS to issue a warning to consumers to be alert to new, sophisticated email scams...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...

Read More
Phishing is the Biggest Security Threat in Australia
Nov22

Phishing is the Biggest Security Threat in Australia

The biggest security threat in Australia for businesses is phishing, according to a recent survey of IT professionals by anti-phishing solution provider PhishMe. The survey was conducted on IT professionals from a wide range of industry sectors including healthcare, finance, retail, manufacturing, high-tech, services, transportation, telecoms, and consumer services. The survey revealed that 89% of IT professionals that took part in...

Read More
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
Nov17

Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan

The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm...

Read More
PhishLabs Launches New Phishing Threat Monitoring and Forensics Service
Nov10

PhishLabs Launches New Phishing Threat Monitoring and Forensics Service

The Charleston, South Carolina-based anti-phishing solution provider PhishLabs has launched a new Phishing Threat Monitoring & Forensics Service, which helps to identify phishing emails that have evaded spam filtering technologies. Even with a wide range of technologies in place to catch and quarantine phishing emails, some messages evade detection and are delivered to inboxes. This is why security awareness training for...

Read More
InfoSec Institute Launches New Phishing Defense Tool
Nov10

InfoSec Institute Launches New Phishing Defense Tool

The security awareness training company, the InfoSec Institute, has launched a new phishing defense tool called PhishDefender, which the firm claims can reduce phishing susceptibility to 0%. PhishDefender allows administrators to automatically set security controls based on real-time learner data, adjusting controls automatically based on the level of risk. PhishDefenser has been added to the firms SecurityIQ security awareness...

Read More
New Gibon Ransomware Campaign Detected
Nov09

New Gibon Ransomware Campaign Detected

A new ransomware campaign has been detected that is using spam email to deliver Gibon ransomware. The malware has been named Gibon due to the inclusion of the word in the user-agent string of its code. The ransomware variant was detected by Proofpoint security researcher Matthew Mesa, who notes that as with many other ransomware variants, it is being sold on darknet marketplaces for cybercriminals to use in their own ransom campaigns....

Read More
Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account
Nov07

Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account

A breach of HIPPA has occurred at the Texas Children’s Health Plan after it has been found that the protected health information (PHI) of 932 clients has been emailed to the personal private email account of a former member of staff. The violation of privacy was incident was first seen on September 21, 2017, although it was discovered that the former member of staff emailed the private data in November and December 2016. The emails...

Read More
New MyEtherWallet Phishing Campaign Detected
Oct29

New MyEtherWallet Phishing Campaign Detected

A new MyEtherWallet phishing campaign has been detected that uses a convincing domain and MyEtherWallet branding to fool MyEtherWallet users into revealing their credentials and providing criminals with access to their MyEtherWallet accounts. In the first few hours of the campaign, the criminals behind the scam had obtained more than $15,000 of MyEtherWallet funds, including $13,000 from one MyEtherWallet user. The individuals behind...

Read More
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Oct16

51,000 Plan Subscribers Hit by Network Health Phishing Attack

Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email...

Read More
Most Effective Phishing Emails Revealed
Oct13

Most Effective Phishing Emails Revealed

Phishing is an effective method of obtaining login credentials and installing malware and ransomware, and email is the most common vector used for these scams, but what are the most effective phishing emails? What types of emails are most likely to fool your employees into installing malware or disclosing their login credentials? This week, security awareness training company KnowBe4 has released its Q3 phishing report, detailing the...

Read More
3 Billion Accounts Compromised in 2013 Yahoo Data Breach
Oct05

3 Billion Accounts Compromised in 2013 Yahoo Data Breach

While the 2013 Yahoo data breach was soon known to involve many of the company’s customers, it became apparent in December 2016 that 1 billion accounts had been compromised. Before that in September 2016, a separate breach was discovered that involved around half a billion email accounts. Now Verizon, which finalized the purchase of Yahoo this summer, has discovered the 2013 Yahoo date breach was far worse than initially thought....

Read More
Ransomware and Phishing Rated Top Threats by IT Professionals
Oct03

Ransomware and Phishing Rated Top Threats by IT Professionals

A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It...

Read More
More than 1 Million New Phishing Websites are Created Each Month
Sep27

More than 1 Million New Phishing Websites are Created Each Month

The Quarterly Threat Trends Report published by WebRoot this month shows there has been a significant increase in the number of new phishing websites being launched each month. May 2017 saw a record number of new phishing websites created, with more than 2.3 million new websites detected in the month of May alone. Figures for the quarter show there are now well over 1 million new phishing websites created each month, which equates to...

Read More
Three Quarters of UK Businesses Have Experienced Email Security Incidents
Sep15

Three Quarters of UK Businesses Have Experienced Email Security Incidents

Phishing is the number one cybersecurity threat in the UK, and UK businesses are increasingly coming under attack. A new report from the leading provider of security awareness computer-based training, PhishMe, shows just how serious the threat from phishing has become. 75% of UK businesses have had to deal with an email-based security incident, while almost a quarter are having to deal with more than 500 phishing emails a week. Even...

Read More
Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the...

Read More
LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information
Sep12

LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information

A new LinkedIn Phishing scam has been detected that uses compromised LinkedIn Premium accounts to send InMail messages and private messages to other LinkedIn users. The messages appear genuine as first glance, but are being used to obtain email login credentials. Those email accounts will undoubtedly be used in more extensive phishing scams. Phishers have been gaining access to genuine LinkedIn accounts and using them to send InMail...

Read More
90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling
Sep07

90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling

Phishing, spear phishing, and whaling attacks are the leading cause of concern for IT professionals in the United States, according to the latest Phishing Response Trends Survey from the leading provider of human phishing defense solutions, PhishMe. The survey was conducted on two hundred IT executives in the United States, and came from a wide range of industry sectors, including business, healthcare, the financial services, retail,...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers,...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not...

Read More
Free Phishing Simulator for Small Businesses Launched by PhishMe
Aug12

Free Phishing Simulator for Small Businesses Launched by PhishMe

A free phishing simulator for small businesses has been developed and released by the leading provider of human phishing defense solutions, PhishMe. The phishing simulator allows small businesses – companies with under 500 employees – to develop and run dummy phishing email campaigns to test the effectiveness of their security awareness training programs. Research by PhishMe shows that phishing email simulations are invaluable for...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one...

Read More
Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing
Jul20

Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing

Over the past few months there have been several cases of criminals impersonating government departments in phishing campaigns, prompting Sen. Ron Wyden (D-OR) to write to the Department of Homeland Security calling for the use of DMARC to prevent phishing attacks using federal email domains. Phishers are gaining access to real domains used by federal agencies and are sending out phishing emails. The official domains add authenticity...

Read More
Securing Your Email Training Module Released by Wombat Security
Jul19

Securing Your Email Training Module Released by Wombat Security

The security awareness training company Wombat Security Technologies has announced the release of a new series of training modules that can be used by businesses to teach their employees about the threat from phishing. The Securing Your Email – Fundamental training series has now been added to the company’s anti-phishing training library and is available to customers who have signed up to ThreatSim® – The firm’s phishing simulation...

Read More
KnowBe4 Phishing Report Shows Most Clicked Phishing Links
Jul13

KnowBe4 Phishing Report Shows Most Clicked Phishing Links

A good place to start with phishing awareness training is the phishing emails most likely to fool employees, but what are the most clicked phishing links? What are the types of emails that are resulting in ransomware and malware infections and compromised email accounts? The Q2 2017 phishing report from KnowBe4 reveals all. Most Clicked Phishing Links Q2, 2017 KnowBe4 is a leading anti-phishing solution provide that offers a platform...

Read More
Healthcare Data Breach Report Shows Breaches Are Taking Years to Detect
Jun24

Healthcare Data Breach Report Shows Breaches Are Taking Years to Detect

The latest healthcare data breach report issued by Protenus, in conjunction with databreaches.net, shows healthcare data breaches increased in May, with 37 breaches reported compared to 34 the previous month.  The numbers of records exposed in those breaches was 255,108, although not all breach figures are known. That still represents a jump from last month when 232,060 healthcare records were known to have been exposed or stolen. One...

Read More
PhishLine Releases Updated Security Awareness Guidebook
Jun24

PhishLine Releases Updated Security Awareness Guidebook

PhishLine, a leading anti-phishing and security awareness training provider, has released a new and improved version of its popular security awareness guidebook – Advanced Persistent Training. The purpose of the guidebook is to help security professionals to take their training programs to the next level and develop a security culture throughout their organizations. Cyberattacks are growing in frequency and severity, with the recent...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise...

Read More
Q2 Saw a 400% Increase in Phishing Attacks on Businesses
Jun13

Q2 Saw a 400% Increase in Phishing Attacks on Businesses

The threat from phishing has been growing steadily over the past few years, but a new report from Mimecast shows the threat is greater than ever before with more phishing attacks on businesses than any other time in history. The report shows there has been a 400% increase in phishing attacks on businesses in Q2, 2017. For the study, Mimecast analyzed the inbound emails of 44,000 business users. That analysis showed cybercriminals are...

Read More
Phishing Trends and Intelligence Report Published by PhishLabs
Jun12

Phishing Trends and Intelligence Report Published by PhishLabs

PhishLabs, a leading provider of phishing defense solutions, has published its Phishing Trends and Intelligence Report for Q1, 2017. The report shows that cybercriminals have changing tactics and targets in the first quarter of 2017, attacking different industries with different methods compared to the previous quarter. PhishLabs CEO Tony Price said, “The first quarter of 2017 shows just how quickly the phishing threat landscape...

Read More
OCR Issues Guidance on the Correct Response After a Cyberattack
Jun09

OCR Issues Guidance on the Correct Response After a Cyberattack

The increase in hacking incidents in 2017 and major worldwide cyber incidents such has Wannacry ransomware attacks have prompted the Department of Health and Human Services’ Office for Civil Rights (OCR) to issue new guidance on the correct response after a cyberattack. Yesterday, OCR sent a Quick Response Cyber Attack Checklist to its security and privacy list subscribers explaining the correct procedures to follow after a...

Read More
PhishMe Releases Q1 2017 Malware Trends Analysis Report
Jun07

PhishMe Releases Q1 2017 Malware Trends Analysis Report

PhishMe has released its Malware Trends Analysis Report for Q1 2017. The Malware Trends Analysis Report shows there has been a reduction in ransomware activity in the first three months of 2017. While this is certainly good news, PhishMe believes it is just the quiet before the storm. PhishMe suspects threat actors are planning further WannaCry-style attacks, which the firm refers to as ‘the atom bomb of ransomware’. Ransomware...

Read More
New Ironscales Report Delves into Current Phishing Trends
May30

New Ironscales Report Delves into Current Phishing Trends

Ironscales, a leading vendor of anti-phishing solutions, has published a new report on the latest phishing trends. The report shows how phishing tactics have changed, the effectiveness of phishing campaigns and how traditional anti-spam technologies are failing to block spear phishing attacks. The report – titled ‘How Modern Email Phishing Attacks Have Organizations on the Hook’ – was the result of a study of 8,500 verified...

Read More
Purple Increases Security Following Recent Ransomware Attacks
May25

Purple Increases Security Following Recent Ransomware Attacks

The global WiFi analytics and WiFi marketing service provider Purple has taken the decision to improve security for its customers with a new WiFi content filtering service. The decision to improve security was taken at an appropriate time. The recent WannaCry attacks, which affected more than 300,000 computers around the world, shows just how important it is for WiFi companies to take steps to improve security to protect their...

Read More
Dept. of Health Sends Out Waring Regarding Ransomware
May21

Dept. of Health Sends Out Waring Regarding Ransomware

Following the recent WannaCry ransomware attacks, the Department of Health and Human Services has been issuing cybersecurity alerts and warnings to healthcare organizations on the threat of attack and steps that can be taken to reduce risk. The email alerts were sent soon after the news of the attacks on the UK’s NHS first started to emerge on Friday May 12, and continued over the course of the week. The alerts provided timely and...

Read More
Employee Security Awareness is the Biggest Healthcare Data Security Threat
Apr20

Employee Security Awareness is the Biggest Healthcare Data Security Threat

Hackers continue to target healthcare organizations, malware is a constant threat, and ransomware continues to pose many problems, but when it comes to the biggest healthcare data security threats, employee security awareness has topped the table. HIMSS Analytics recently asked 125 healthcare IT leaders and IT professionals about their biggest concerns, and top spot when it came to data security threats was a lack of employee security...

Read More
Suspected Ransomware Attack Impacts Erie County Medical Center Patients
Apr12

Suspected Ransomware Attack Impacts Erie County Medical Center Patients

It has been a bad month for healthcare industry ransomware attacks and malware infections. A ransomware attack on Ashland Women’s Health was confirmed this week which impacted 19,272 patients and last week an ABCD pediatrics ransomware attack impacted 55,447 patients. On Sunday, another healthcare organization discovered a ‘virus’ had arrived via email and made its way onto the network. Erie County Medical Center in Buffalo, New York...

Read More
Philadelphia Ransomware Used in Targeted Attacks on US Hospitals
Apr11

Philadelphia Ransomware Used in Targeted Attacks on US Hospitals

Cybercriminals are conducting targeted attacks on U.S. healthcare organizations using Philadelphia ransomware; a relatively new ransomware variant developed from Stampedo ransomware. Philadelphia ransomware was first seen in September 2016, although recently, a new campaign has been detected that has already seen two U.S hospitals have sensitive files encrypted. The actors behind the latest attacks are targeting physicians using spear...

Read More
Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI
Apr06

Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI

Many businesses have had no alternative but to improve cybersecurity defenses to deal with the increased threat of cyberattacks. With attacks coming from all angles and a large attack surface to defend, organizations need to purchase multiple products to keep their networks and data well defended. It is therefore important to ensure money diverted to cybersecurity is well spent. Organizations need to ensure they get the best possible...

Read More
Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats
Mar28

Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats

Ironscales has announced it has partnered with Check Point Software Technologies Ltd and will be integrating its innovative IronTraps™ anti-phishing solution with Check Points’ Sand Blast Zero-Day Protection – a threat emulation solution that tests suspicious email attachments in a safe and secure sandbox. At present, Ironscales is the only company to offer an anti-phishing solution that combines human intelligence with machine...

Read More
PetrWrap Used for Targeted Ransomware Attacks on Businesses
Mar16

PetrWrap Used for Targeted Ransomware Attacks on Businesses

Petya ransomware has been hijacked and is being used in ransomware attacks on businesses without the ransomware authors’ knowledge. The criminals behind the new PetrWrap campaign have added a new module to Petya ransomware that modifies the ransomware ‘on the fly’, controlling the encryption process so that even the ransomware authors would not be able to unlock the encryption. Petya ransomware first appeared in May last year. The...

Read More
Agari Wins Security PG 2017 Global Excellence Award for Best Security Software
Mar03

Agari Wins Security PG 2017 Global Excellence Award for Best Security Software

The cybersecurity firm Agari has been crowed winner of the Best Security Software category at this year’s Security Product Guide 2017 Global Excellence Awards. The Security Products Guide is used by decision makers to determine the best IT security products to deploy to protect digital assets. The reviews in the guide are invaluable for helping narrow down products to those that are best suited for each individual organization. The...

Read More
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
Feb23

Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted

The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to...

Read More
Windows Devices Used to Increase Size of Mirai Botnet
Feb14

Windows Devices Used to Increase Size of Mirai Botnet

The Mirai Botnet was used to launch devastating distributed denial of service (DDoS) attacks late last year, some of which took down large sections of the Internet including some of the most popular websites  – Twitter and Netflix for example. One Mirai attack on the hosting company OVH registered 1.1 Tbps. It has been predicted that attacks on that scale are likely to become much more common in 2017. The Botnet is comprised of...

Read More
MacOS Malware Spread by Malicious Word Macros
Feb13

MacOS Malware Spread by Malicious Word Macros

Security researchers have discovered that MacOS malware is being spread by malicious Word macros. This is the first time that MacOS malware has been discovered to be spread using this attack vector. Windows users can expect to be attacked with malware, but Mac users have remained relatively safe. The vast majority of malware targets Windows users, with malware attacks on Mac users still relatively rare. However, MacOS malware does...

Read More
Phishing Attacks on Cloud Storage Providers Causing Concern
Feb09

Phishing Attacks on Cloud Storage Providers Causing Concern

Phishing is one of the most common ways that cybercriminals gain access to sensitive data. While logins for online banking services are still a major prize, cybercriminals are now increasingly conducting phishing attacks on cloud storage providers. Software-as-a-service (SaaS) attacks have also soared. A recent report from PhishLabs shows the extent to which cloud storage providers are being targeted. In 2013, cloud storage and...

Read More
Beware of LNK Attachments and Malicious SVG Files
Feb08

Beware of LNK Attachments and Malicious SVG Files

JavaScript attachments are still used to infect computers with malware and ransomware, but a new trend has emerged that is seeing cybercriminals switch to malicious SVG files. Malicious LNK files are also growing in popularity. The reasoning behind the switch in file types is clear. They are much less likely to arouse suspicion; therefore, they are more likely to be opened. JavaScript has been extensively used over the past 12 months...

Read More
IRS Issues W2 Phishing Scam Warning
Feb07

IRS Issues W2 Phishing Scam Warning

Cybercriminals have been sending huge numbers of W2 phishing scam emails over the past few weeks. Tax season usually sees an increase in scam emails being sent, although this year cybercriminals have started their scamming campaigns even earlier. The victim count is also growing rapidly. The W2 phishing scam in question is an email request for copies of employees’ W-2 forms. The scammers impersonate the CEO, CFO or another executive...

Read More
Spam Email Volume has Increased: 65% of Emails are Spam
Feb02

Spam Email Volume has Increased: 65% of Emails are Spam

Cisco Systems has released its annual Cybersecurity Report which shows that spam email volume has increased once again. 65% of all emails sent are now spam, and Cisco reports that one fifth of those emails are malicious and contain malware-infected attachments or links to websites containing exploit kits and adware. The report shows there was a massive spike in spam email volume in 2016, with many of those emails sent using the Necurs...

Read More
Beazley Report Details Biggest Security Threats in 2016
Jan31

Beazley Report Details Biggest Security Threats in 2016

Beazley, a provider of cybersecurity insurance for businesses, has released a new report detailing the biggest security threats in 2016. For the report, Beazley analyzed almost 2,000 data breaches experienced by its clients in 2016. The report shows the extent to which ransomware was used to attack U.S. businesses last year. Ransomware attacks on businesses in the United States increased fourfold in 2016. In 2016, Beazley’s clients...

Read More
Increased Security Spending Does Not Equate to Better Cybersecurity Defenses
Jan30

Increased Security Spending Does Not Equate to Better Cybersecurity Defenses

Increasing spending on cybersecurity solutions will not necessarily mean organizations are better equipped to deal with cyber threats. While many organizations choose to increase spending on defenses to counter the increased threat, it is essential that the money is spent on solutions that are able to keep sensitive data secured. There is a tendency to keep on investing in similar technologies, even though they have been shown to be...

Read More
Kroll Publishes Global Fraud and Risk Report for 2016/2017
Jan27

Kroll Publishes Global Fraud and Risk Report for 2016/2017

The 2016/2017 Kroll Annual Global Fraud and Risk Report has just been released, highlighting just how frequently cybersecurity incidents are experienced by businesses. According to Kroll’s Global Fraud and Risk Report, 85% of surveyed company executives have experienced a cybersecurity incident in the past 12 months. 68% reported at least one security incident, while 82% of executives said their company had experienced at least one...

Read More