Rise in HTTPS Phishing Websites Detected
Dec07

Rise in HTTPS Phishing Websites Detected

The past few years have seen many businesses transition from HTTP to HTTPS websites, but HTTPS phishing websites have similarly increased. A green padlock next to the URL indicates the website is secure and traffic between the browser and website is encrypted, but it does not mean the website is legitimate. All HTTPS means is the connection between the user and the website is secure and any data transferred between the two cannot be intercepted and read.  A survey conducted by PhishLabs last month suggested 80% of consumers believe that if a website has a green padlock and starts with HTTPS it is secure and/or legitimate. PhishLabs also notes that cybercriminals are embracing HTTPS. A recent PhishLabs report showed HTTPS phishing websites are increasing faster than legitimate HTTPS...

Read More
IronScales Raises $6.5 Million in Series A Funding
Dec06

IronScales Raises $6.5 Million in Series A Funding

Tel Aviv-based anti-phishing company IronScales has raised $6.5 million in Series A funding, bringing total equity funding to more than $8 million. IronScales has enjoyed continued double-digit growth over the past three years and has invested heavily in its threat detection, incident response, and threat intelligence sharing technologies. The company has recently been rated as one of the top ten companies to watch by Momentum Partners and is currently expanding its operations and boosting global sales of its anti-phishing solutions. The latest funding round will help to fuel that expansion further. The latest funding round was led by K1 Investment Management LLC, a private equity firm based in Los Angeles. Elron Electronic Industries Ltd., and Rafael Advanced Defense Systems Ltd., also...

Read More
DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors
Dec03

DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors

A recent DMARC adoption study by Agari has revealed the healthcare industry lags behind most other industry sectors on email authentication. Most of the top healthcare firms in the United States are failing to protect their customers and partners from phishing threats. Domain-based message authentication, reporting and conformance (DMARC) protects domains and stops domain abuse by phishers. While DMARC is highly effective at authenticating messages and preventing spoofing, 98% of top healthcare operators have not yet implemented DMARC. In the UK, virtually none of the domains used by NHS Trusts are protected by DMARC, leaving them exposed to phishing attacks. 99% of NHS Trust domains are not protected by DMARC. For the study, Agari analyzed domains used by 549 large healthcare and...

Read More
Most Successful Phishing Scams Revealed by PhishMe
Dec02

Most Successful Phishing Scams Revealed by PhishMe

What are the most successful phishing scams? Warnings about undelivered parcels? Security alerts that require users’ immediate attention? Documents that has been shared by contacts? According to a recent analysis by anti-phishing solution provider PhishMe, the most successful phishing scams, which have almost a 20% success rate, involve the use of entertainment-based triggers to get users to take the desired action. For its analysis, the PhishMe team analyzed the results of more than 52 million phishing simulation exercises conducted using PhishMe Simulator – The company’s phishing simulation platform. The platform allows organizations to conduct simulated phishing campaigns to test the effectiveness of their security awareness training programs, to give employees practice at identifying...

Read More
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
Nov29

Medical College of Wisconsin Phishing Attack Affects 9,500 Patients

The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth, health insurance details, medical diagnoses, treatment details, surgical information, and dates of service. A very small number of people also had their Social Security numbers and bank account information accessed. The incident happened over the space of a week in the summer between July 21 and July 28 when spear phishing emails were transmitted to specific...

Read More
MediaPro Launches New Travel Security Awareness Training Course
Nov28

MediaPro Launches New Travel Security Awareness Training Course

Organizations can train their employees to be more security aware in the office, but when it comes to business trips, employees face additional security risks. Training employees to be more security aware when travelling can help them to avoid risky behaviors that could potentially lead to malware infections or the accidental disclosure of sensitive information. To help businesses deal with the added risks that come from business travel, MediaPro has developed a new travel security awareness training course, which has now been added to its extensive library of security awareness training courses. Training courses can be dull and boring, and If employees are not engaged, they fail to learn and knowledge retention is poor. MediaPro appreciates that training can be a chore for employees,...

Read More
Warning Issued by IRS About Christmas Phishing Scams
Nov28

Warning Issued by IRS About Christmas Phishing Scams

Each year there is a wave of Christmas phishing scams during the holiday season, as cybercriminals attempt to steal sensitive information to enable them to file fraudulent tax returns. This year is likely to be no different. Last year saw a major increase in Christmas phishing scams, and the prospect of another barrage of phishing emails has prompted the IRS to issue a warning to consumers to be alert to new, sophisticated email scams during holiday season. The IRS warns that falling for such a scam could endanger both personal information and next year’s tax return. As the IRS points out in its warning, cybercriminals take a direct route when it comes to obtaining Social Security numbers, bank account information, credit card numbers, and personal information. They simply ask for the...

Read More

Sophos Helps Consumers Avoid Phishing Scams When Shopping Online

Holiday season is a busy time for cybercriminals just as it is for online shoppers, so how can you avoid phishing scams when shopping online this festive season? Sophos has recently offers tips for consumers to help them avoid phishing scams when shopping online, highlighting some of the common tactics used by scammers, and how to recognize phishing websites and scam emails. One of the most common ways that scammers fool victims is with amazing offers.  Sure, there are legitimate Black Friday and Cyber Monday deals to be had, but retailers will only go so far with discounts. If a website is offering an amazing deal that sounds too good to be true, it is probably a scam. Receive such an offer by email and it almost certainly is. Visit the vendors website to check, but don’t use the link...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna says it found the breach on September 21, when a worker reported suspicious activity on their computer. An inquiry was begun which revealed unauthorized people had gained access to that person’s computer. They have not yet discovered whether the attacker viewed, stole or misused any patient data, but the possibility of data access and misuse could not be ruled...

Read More
Phishing is the Biggest Security Threat in Australia
Nov22

Phishing is the Biggest Security Threat in Australia

The biggest security threat in Australia for businesses is phishing, according to a recent survey of IT professionals by anti-phishing solution provider PhishMe. The survey was conducted on IT professionals from a wide range of industry sectors including healthcare, finance, retail, manufacturing, high-tech, services, transportation, telecoms, and consumer services. The survey revealed that 89% of IT professionals that took part in the survey have had to deal with security incidents related to deceptive emails, and more than 60% of respondents have had to deal with more than one phishing-related security incident. The extent that businesses are being plagued by phishing emails was clear. More than one third of respondents said their company has to deal with more than 500 phishing emails...

Read More
KnowBe4 Highlights Six Cybersecurity Trends for 2018 to be Aware Of
Nov17

KnowBe4 Highlights Six Cybersecurity Trends for 2018 to be Aware Of

Security awareness training and anti-phishing vendor KnowBe4 has identified six cybersecurity trends for 2018 that all organizations need to be aware of. The cybersecurity predictions have been made by security experts who have been monitoring the rise in cyberattacks and phishing incidents over the past 12 months. There have been several growing threats throughout 2017 which are likely to continue to cause problems for unprepared businesses in 2018. While it would be nice to believe that we have turned the corner and will see a reduction in cyberattacks in 2018, businesses need to be realistic. As KnowBe4 Founder and CEO Stu Sjouwerman explained, “I’d love to say that 2018 is going to be a lighter year in terms of cyberattacks and threats, but no one can afford to be that naïve.” The...

Read More
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
Nov17

Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan

The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm Barkly. The malware was sent in a phishing email that seemed to have been sent in response to a message sent to another group. The spear phishing email included the message thread from previous conversations, suggesting the email information of the recipient had been accessed. The email contained a Word document as an attachment with the message “Morning, Please...

Read More
Wombat Security Technologies Ranks #135 on Deloitte Technology Fast 500 List
Nov16

Wombat Security Technologies Ranks #135 on Deloitte Technology Fast 500 List

Deloitte has released its latest Technology Fast 500 List – A list of the fastest growing companies in the technology, life sciences, and telecommunications sectors in North America. For the third straight year, the anti-phishing vendor Wombat Security Technologies has been included in the list and has ranked in the top 150 companies in the United States. This year, the impressive 840% growth has seen Wombat Security Technologies rank #135, marking an improvement on last year’s position. Wombat Security Technologies’ Security Education Platform – a training program that helps organizations improve the security awareness of the workforce – has now been adopted by more than 2,000 enterprises around the world who rely on the platform to train employees, change risky behaviors, and reduce...

Read More
PhishMe Included in 2017 Deloitte Technology Fast 500 List
Nov12

PhishMe Included in 2017 Deloitte Technology Fast 500 List

The 2017 Deloitte’s Technology Fast 500 has been published – a list of the top 500 fastest growing companies in the United States in the media, tech, telecoms, energy tech, and life sciences industries. For the third consecutive year, anti-phishing solution provider PhishMe has been included in the Deloitte Technology Fast 500 list. This year, in the overall rankings, PhishMe was ranked 200, and achieved position 114 in the software category. In order to be included in the Deloitte Technology Fast 500 list, companies must have base-year operating revenues in excess of $50,000, current operating year revenues in excess of $5 million, and must own proprietary technology or intellectual property that is sold to customers in products that contribute to a majority of the company’s operating...

Read More
PhishLabs Launches New Phishing Threat Monitoring and Forensics Service
Nov10

PhishLabs Launches New Phishing Threat Monitoring and Forensics Service

The Charleston, South Carolina-based anti-phishing solution provider PhishLabs has launched a new Phishing Threat Monitoring & Forensics Service, which helps to identify phishing emails that have evaded spam filtering technologies. Even with a wide range of technologies in place to catch and quarantine phishing emails, some messages evade detection and are delivered to inboxes. This is why security awareness training for employees is essential. Training employees how to recognize phishing emails will reduce an organization’s susceptibility to cyberattacks. Employees should be trained to report potentially suspicious emails to security teams, so action can be taken to mitigate the threats. However, that places a considerable burden on busy security teams, which is where the new...

Read More
InfoSec Institute Launches New Phishing Defense Tool
Nov10

InfoSec Institute Launches New Phishing Defense Tool

The security awareness training company, the InfoSec Institute, has launched a new phishing defense tool called PhishDefender, which the firm claims can reduce phishing susceptibility to 0%. PhishDefender allows administrators to automatically set security controls based on real-time learner data, adjusting controls automatically based on the level of risk. PhishDefenser has been added to the firms SecurityIQ security awareness training platform, which can be used by all InfoSec Institute customers. Employees that have not completed key training modules, or those that have performed poorly, will automatically have the highest security controls applied. All links sent via email will be disabled and other restrictions are placed on their accounts. When the user completes more training...

Read More
MediaPro Included in 2017 Gartner Magic Quadrant for Security Awareness
Nov09

MediaPro Included in 2017 Gartner Magic Quadrant for Security Awareness

Bothell, WA-based learning services company MediaPro has been named one of the leaders in the 2017 Gartner Magic Quadrant for Security Awareness Computer-Based Training. The company has been recognized for completeness of vision and ability to execute. This is the fourth consecutive year that the firm has earned the accolade and has made the Leaders Quadrant. Gartner explained that the company offers “one of the most flexible integrated content solutions within this market.” The firm’s CBT courses help employers train their staff to become security assets and recognize and respond appropriately to cyber threats. MediaPro’s platform was praised for its high level of interactivity, which helps with knowledge retention, the easy-to-use interface which allows easy customization of training...

Read More
PhishLine Partners with Pipeline Security and Moves into the Japanese Market
Nov06

PhishLine Partners with Pipeline Security and Moves into the Japanese Market

Milwaukee-based security awareness training and anti-phishing vendor PhishLine has announced a new partnership with the Tokyo-based firm Pipeline Security. It is hoped that this new partnership will help PhishLine improve its footprint in east Asia and fortify its presence in the Japanese security market. Pipeline Security is a well-respected security firm that serves many top-tier businesses in Japan, offering a range of security solutions to help Japanese businesses improve their information security controls. Along with technical solutions that can reduce susceptibility to cyberattacks, Pipeline Security will now be offering PhishLine’s security awareness training platform and anti-phishing solution. Businesses can implement a range of security controls, but those solutions often fail...

Read More
Study Reveals Extent to Which Combosquatting is Used by Hackers
Nov02

Study Reveals Extent to Which Combosquatting is Used by Hackers

The use of combosquatting is on the rise, although until recently, the extent to which combosquatting was being used by cybercriminals was not known. However, a new study that examined more than 468 billion DNS records has revealed the practice is far more common than typosquatting. More than 100 times as common in fact. What is Combosquatting? Combosquatting is the use of a trademark in combination with another word in a domain. For example, take the brand Google. A cybercriminal wishing to fool users into thinking a malicious domain was legitimate and owned by Google, could try to register the domain Google-security or Google-updates. Provided those domains had not already been registered and parked by Google, or another combosquatter, those domains could be used in phishing attacks or...

Read More
Inky Awarded Cyber Start-Up Company of the Year Award
Nov01

Inky Awarded Cyber Start-Up Company of the Year Award

A new player in the anti-phishing arena, Inky, has received a Cyber Start-up Company of the Year Award at the inaugural Infosecurity North America conference in Boston. Inky was one of four start-ups pitching a panel of four venture capitalist judges for the award. The company and its innovative anti-phishing solution won over the judges. Inky has developed a new phishing defense solution called Phish Fence. Phish Fence is a platform that provides protection against a new form of phishing, which Inky calls ‘deep sea phishing.’ Deep sea phishing is an attack where threat actors masquerade as a trusted brand and attempt to fool end users and anti-phishing defenses. Since the attackers are aware that companies are likely to be using a range of software to detect phishing threats, techniques...

Read More
PhishMe Recognized as Leader by Gartner: Added to Magic Quadrant for Security Awareness CBT
Oct31

PhishMe Recognized as Leader by Gartner: Added to Magic Quadrant for Security Awareness CBT

For the second consecutive year, PhishMe has been included in the Leader’s Magic Quadrant for Security Awareness CBT by Gartner, recognizing the commitment and capabilities of the company and the excellence of its anti-phishing solution and security awareness training program. 12 vendors were assessed for the 2017 Magic Quadrant for Security Awareness CBT for the ability to execute and for completeness of vision. PhishMe was ranked highest for ability to execute out of the 12 companies assessed for the October 2017 Magic Quadrant for Security Awareness CBT.   Image Source: Gartner’s Security Awareness CBT Magic Quadrant. October 2017. PhishMe’s research has shown that more than 90% of data breaches occur as a result of employees falling for phishing emails, highlighting the...

Read More
KnowBe4 Secures $30 Million Investment in Series B Funding Round
Oct31

KnowBe4 Secures $30 Million Investment in Series B Funding Round

Anti-phishing solution provider KnowBe4 has secured $30 million of growth capital in its latest series B funding round, bringing its total financing up to $44 million. The latest round of funding was led by a new investor – Goldman Sachs Growth Equity. The additional capital will primarily be used to fuel growth in international markets, with some funds used for product development. The new investment comes after impressive third quarter sales, which were 2.63 times higher than the previous quarter. Q3, 2017 was the 18th consecutive quarter of continued growth for the Clearwater, Florida-based firm. The continued growth is due to high demand for anti-phishing solutions that improve the security awareness of employees. Phishing is now the number one threat to organizations; an attack...

Read More
New Matrix Ransomware Malvertising Campaign Detected
Oct30

New Matrix Ransomware Malvertising Campaign Detected

A new Matrix ransomware malvertising campaign has been detected. The campaign uses malicious adverts to direct users to a site hosting the Rig exploit kit. Flash and IE vulnerabilities are exploited to download the malicious file-encrypting payload. The new Matrix ransomware malvertising campaign was detected by security researcher Jérôme Segura. Matrix ransomware is not a new threat, having first been detected in late 2016. The ransomware variant was used in campaigns at the start of the year, although as the year progressed, use of Matrix ransomware has been limited. However, the threat is back with a new malvertising campaign that uses the Rig exploit kit to probe for two unaddressed vulnerabilities: one in Internet Explorer – CVE-2016-0189 – and one in Flash Player –...

Read More
New MyEtherWallet Phishing Campaign Detected
Oct29

New MyEtherWallet Phishing Campaign Detected

A new MyEtherWallet phishing campaign has been detected that uses a convincing domain and MyEtherWallet branding to fool MyEtherWallet users into revealing their credentials and providing criminals with access to their MyEtherWallet accounts. In the first few hours of the campaign, the criminals behind the scam had obtained more than $15,000 of MyEtherWallet funds, including $13,000 from one MyEtherWallet user. The individuals behind this campaign have registered a domain name that closely resembles the legitimate MyEtherWallet website. The domain is almost identical to the real site, and a casual glance at the URL would not reveal anything untoward. The domain uses the same design, logos, and color schemes as the genuine website. Links to the spoofed site are being distributed in...

Read More
Data Breaches Drop For Second Consecutive Month
Oct26

Data Breaches Drop For Second Consecutive Month

The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month of the year so for in terms of the number of reported incidents, it was the third worst in terms of the number of individuals impacted. 575,142 people were impacted by healthcare data breaches in July, with the figure rising to 673,934 individuals in August. That figure will rise even more as two incidents were not included in that total since it is not yet...

Read More
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Oct16

51,000 Plan Subscribers Hit by Network Health Phishing Attack

Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email accounts. The compromised email accounts stored a range of sensitive information including names, phone numbers, addresses, dates of birth, ID numbers, and provider data. No financial data or Social Security numbers were included in the compromised accounts, although certain peoples’ health insurance claim numbers and claim details were potentially accessed. The...

Read More
Department of Education Issues Advisory to Hacking and Extortion Threats
Oct15

Department of Education Issues Advisory to Hacking and Extortion Threats

Recently, the hacking group TheDarkOverlord has been targeting K12 schools; gaining access to networks, stealing data and attempting to extort money. In response to the hacking and extortion threats, the U.S. Department of Education has issued an advisory to K12 schools and has provided advice to help educational institutions mitigate risk and protect their networks from attack. The attacks on schools by TheDarkOverlord in recent weeks have seen the threats escalate. Previous attacks have seen organizations threatened with the publication of sensitive data. The latest attacks have included more serious threats, not just against the hacked entity, but also threats to parents of students whose data has been stolen. Some parents have also received threats of violence against their children...

Read More
Most Effective Phishing Emails Revealed
Oct13

Most Effective Phishing Emails Revealed

Phishing is an effective method of obtaining login credentials and installing malware and ransomware, and email is the most common vector used for these scams, but what are the most effective phishing emails? What types of emails are most likely to fool your employees into installing malware or disclosing their login credentials? This week, security awareness training company KnowBe4 has released its Q3 phishing report, detailing the top ten most effective phishing emails – emails that are most likely to result in employees clicking through and revealing their credentials. KnowBe4’s Top Ten List of the Most Effective Phishing Emails For its Q3 report, KnowBe4 included phishing email subject lines that are used in attacks on consumers and businesses.  Listed below are the most effective...

Read More
Phishing Has Been the Leading Vector for Cyberattacks in 2017
Oct08

Phishing Has Been the Leading Vector for Cyberattacks in 2017

A recent email security report from anti-phishing vendor IronScales shows that throughout 2017, the leading cyberattack vector is phishing emails, which account for almost 95% of successful cyberattacks. For the report, IronScales surveyed 500 cybersecurity professionals and asked questions about recent cyberattacks, their causes, mitigating those attacks, and cybersecurity defenses deployed to block attacks. Even though many of the organizations represented in this survey had implemented defenses to prevent phishing emails from being delivered, emails were still reaching end users’ inboxes. Emails were found to be bypassing spam filters, firewalls, and gateway solutions. Busy and distracted employees were responding to those emails and installing malware or disclosing their login...

Read More
Ransomware and Phishing Rated Top Threats by IT Professionals
Oct03

Ransomware and Phishing Rated Top Threats by IT Professionals

A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It is unsurprising that confidence in the ability to prevent data breaches and cyberattacks is so low, as 68% of SMBs surveyed had experienced at least one serious security breach in the past 12 months. 29% said they had experienced a successful phishing attack, while 18% had ransomware installed that encrypted files. 63% of SMBs said they have increased their...

Read More
More than 1 Million New Phishing Websites are Created Each Month
Sep27

More than 1 Million New Phishing Websites are Created Each Month

The Quarterly Threat Trends Report published by WebRoot this month shows there has been a significant increase in the number of new phishing websites being launched each month. May 2017 saw a record number of new phishing websites created, with more than 2.3 million new websites detected in the month of May alone. Figures for the quarter show there are now well over 1 million new phishing websites created each month, which equates to more than 46,000 new phishing websites every single day. The monthly average number of new phishing websites is 1,385,000. One of the main problems is the short lifespan of phishing websites. Typically, a phishing website is created and only used for 4-8 hours on average. During that time, the site may be visited by many thousands of individuals, but the...

Read More
2017 Has Seen Major Improvements in Phishing Awareness
Sep22

2017 Has Seen Major Improvements in Phishing Awareness

The latest Beyond the Phish Report from Wombat Security Technologies has shown employees are getting better at identifying phishing emails, and investment in security awareness training is paying off. Last year’s report included an analysis of responses to a Q&A conducted on employees which assessed security awareness and susceptibility to phishing attacks. In 2016, more than 20 million answers were analyzed, with this year’s sample increasing to more than 70 million Q&As. In 2016, 28% of employees failed to recognize phishing emails. This year’s analysis saw the number of employees that failed to identify phishing emails fall to 24%. While it is certainly good news that security awareness is improving, there is clearly still a long way to go. All it takes is for one employee to...

Read More
Three Quarters of UK Businesses Have Experienced Email Security Incidents
Sep15

Three Quarters of UK Businesses Have Experienced Email Security Incidents

Phishing is the number one cybersecurity threat in the UK, and UK businesses are increasingly coming under attack. A new report from the leading provider of security awareness computer-based training, PhishMe, shows just how serious the threat from phishing has become. 75% of UK businesses have had to deal with an email-based security incident, while almost a quarter are having to deal with more than 500 phishing emails a week. Even though the threat from phishing is greater than ever, and despite increased investment in security defenses, 48% of surveyed UK businesses felt their response strategies to phishing emails were between ineffective and somewhat effective. One of the biggest problems in the UK is the lack of integration of phishing defenses into other security solutions – a...

Read More
Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the breach, which potentially exposed their names, dates of birth, email addresses, phone numbers, home addresses, Social Security numbers and driver’s license numbers. 209,000 Americans also had their credit card numbers stolen. As is common following any data breach, victims have to be alert to the risk of identity theft and fraud. Criminals are quick to use credit...

Read More
LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information
Sep12

LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information

A new LinkedIn Phishing scam has been detected that uses compromised LinkedIn Premium accounts to send InMail messages and private messages to other LinkedIn users. The messages appear genuine as first glance, but are being used to obtain email login credentials. Those email accounts will undoubtedly be used in more extensive phishing scams. Phishers have been gaining access to genuine LinkedIn accounts and using them to send InMail messages to the account holders’ contacts. Since the messages appear to come from a contact, they are more likely to be trusted. MalwareBytes reports that one of the compromised accounts had 500 contacts, each of whom would have received a message. At the time of writing, 256 individuals clicked on the link, showing just how effective this type of LinkedIn...

Read More
90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling
Sep07

90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling

Phishing, spear phishing, and whaling attacks are the leading cause of concern for IT professionals in the United States, according to the latest Phishing Response Trends Survey from the leading provider of human phishing defense solutions, PhishMe. The survey was conducted on two hundred IT executives in the United States, and came from a wide range of industry sectors, including business, healthcare, the financial services, retail, transportation, telecoms, manufacturing, and consumer services. IT professionals were asked questions about the defenses their organization has in place to mitigate phishing attacks, the biggest concerns about cybersecurity, and how they rated their cybersecurity defenses. The US Phishing Response Trends Report shows that email-based attacks – phishing,...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers, diagnoses, treatment information, and other clinical data. Some patients Social Security numbers were also exposed. Patients affected by the phishing attack were notified of the privacy breach on August 25. Even though their information may not have been accessed or obtained, credit monitoring services have been offered out of an abundance of caution. Kaleida...

Read More
Webroot Acquires Securecast and Starts Offering Anti-Phishing Training
Aug21

Webroot Acquires Securecast and Starts Offering Anti-Phishing Training

Webroot, a leading provider of endpoint security systems, has announced it has acquired Securecast – A provider of a fully automated security awareness training platform. The Securecast security-awareness-as-a-service platform has been renamed Webroot Security Awareness Training, and a beta version of the platform has now been made available. Webroot will be offering the new platform to its customers to help them train their employees to be more security aware and identify and respond correctly to phishing attacks. The Webroot Security Awareness Training Platform will include a comprehensive library of training resources covering the most common attack vectors and tactics used by cybercriminals to gain access to networks and data. Training modules can be used to teach employees how...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not believe the attack was conducted in order to steal data, rather to use the email accounts for further phishing and spam campaigns. That determination was based on an analysis of the actions of the attackers once access to the accounts was gained. However, while data theft was not believed to be the primary goal, it remains a possibility. The investigation...

Read More
Free Phishing Simulator for Small Businesses Launched by PhishMe
Aug12

Free Phishing Simulator for Small Businesses Launched by PhishMe

A free phishing simulator for small businesses has been developed and released by the leading provider of human phishing defense solutions, PhishMe. The phishing simulator allows small businesses – companies with under 500 employees – to develop and run dummy phishing email campaigns to test the effectiveness of their security awareness training programs. Research by PhishMe shows that phishing email simulations are invaluable for improving security awareness, identifying employees that require further training, and for improving resilience against phishing attacks. With practice at dealing with phishing emails in a safe environment, employees learn the tell-tale signs of phishing emails and can be trained how to respond when a real phishing email arrives in their inbox. When an employee...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one email account. That account contained patients’ names, medical record numbers, diagnoses, dates of birth, treatment information, and other clinical data. The investigation did not confirm that ePHI had been accessed, although the possibility of a PHI compromise could not be ruled out. Patients have now been notified of the incident by mail in accordance with...

Read More
Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing
Jul20

Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing

Over the past few months there have been several cases of criminals impersonating government departments in phishing campaigns, prompting Sen. Ron Wyden (D-OR) to write to the Department of Homeland Security calling for the use of DMARC to prevent phishing attacks using federal email domains. Phishers are gaining access to real domains used by federal agencies and are sending out phishing emails. The official domains add authenticity to the phishing attacks, increasingly the likelihood that email recipients will open the emails and take whatever action the attackers suggest. DMARC can be used to prevent spoofing of domains. DMARC uses two validation systems: Domain Keys Identified Mail and the Sender Policy Framework to verify the sender of the email and determine if the domain is being...

Read More
Google Makes It Harder to Install Malicious Apps
Jul18

Google Makes It Harder to Install Malicious Apps

In May, a phishing campaign took advantage of users of Google Docs. Emails were sent containing a link to Google Docs that appeared to be an invitation to collaborate on a document. The emails contained all the typical branding one would expect from a legitimate request. However, the request was not sent via Google Docs. It was sent via a third-party app that had been named Google Docs. Clicking the link to accept the request to collaborate on the document actually installed a malicious app. If a recipient followed the instructions in the email they would grant the app certain permissions. Doing so would see the same request sent to all of their contacts. While the attacks were limited to approximately 0.1% of Gmail users, that is still a considerable number of people – 0.1% equates to...

Read More
PhishMe CEO Royht Belani Receives EY Entrepreneur of the Year Award
Jun20

PhishMe CEO Royht Belani Receives EY Entrepreneur of the Year Award

The winners of the 2017 EY Entrepreneur of the Year Awards for the Mid-Atlantic region have been announced, with PhishMe CEO and co-founder Royht Belani named as 2017 CEO of the Year for the Mid-Atlantic region in the security category. Each year, EY recognizes entrepreneurs that have gone the extra mile and have shown exceptional personal commitment to their business and communities and been inspirational leaders. EY first started the award program in 1986, with the awards now in their 31st year. Previous award winners include Pierre Omidyar of eBay, Inc., James Park of Fitbit, Reid Hoffman and Jeff Weiner of LinkedIn, and Howard Schultz of Starbucks Coffee Company. Winners of the prestigious awards have ensured their companies have been highly innovative, with the CEO’s drive and...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise or BEC. It involves a criminal impersonating a legitimate organization and fooling an employee into making a bank transfer to the criminals’ account. BEC attacks often result in transfers of hundreds of thousands of dollars being made. Those funds can rarely be recovered. By the time the scam is uncovered, the money has been withdrawn from the criminals’...

Read More
PhishMe Lands Prestigious 2017 SC Europe Award for its Anti-Phishing Solutions
Jun14

PhishMe Lands Prestigious 2017 SC Europe Award for its Anti-Phishing Solutions

Each year, SC Media hosts a prestigious awards ceremony where the best companies and information security products are recognized and celebrated. The SC Awards are widely regarded as some of the most prestigious awards for companies in the field of information security. Each company and product is scrutinized by two panels of judges which score the companies and products on a wide range of criteria. To be selected as a finalist in one of the 29 categories shows a company can truly claim to be one of the best of the best. Being named as a category winner is a tremendous honor. The awards are highly coveted and clearly show companies have gone the extra mile and developed a truly outstanding product. This year, the human phishing defense solution provider PhishMe was nominated as a...

Read More
Q2 Saw a 400% Increase in Phishing Attacks on Businesses
Jun13

Q2 Saw a 400% Increase in Phishing Attacks on Businesses

The threat from phishing has been growing steadily over the past few years, but a new report from Mimecast shows the threat is greater than ever before with more phishing attacks on businesses than any other time in history. The report shows there has been a 400% increase in phishing attacks on businesses in Q2, 2017. For the study, Mimecast analyzed the inbound emails of 44,000 business users. That analysis showed cybercriminals are increasingly targeting employees using highly sophisticated methods to get them to reveal their login credentials or install malware. It is now increasingly common for threat actors to impersonate C-level executives, business partners or employees to add more authenticity to their requests. When an email appears to have been sent by a c-level executive, many...

Read More
Phishing Trends and Intelligence Report Published by PhishLabs
Jun12

Phishing Trends and Intelligence Report Published by PhishLabs

PhishLabs, a leading provider of phishing defense solutions, has published its Phishing Trends and Intelligence Report for Q1, 2017. The report shows that cybercriminals have changing tactics and targets in the first quarter of 2017, attacking different industries with different methods compared to the previous quarter. PhishLabs CEO Tony Price said, “The first quarter of 2017 shows just how quickly the phishing threat landscape can change as threat actors shift who they target and how.” While the healthcare sector has been a major target in 2016, in Q1, 2017 the majority of phishing attacks were conducted on five other industry sectors. PhishLabs reports that 88% of phishing attacks were conducted on financial institutions, e-commerce companies, cloud storage/file hosting...

Read More
PhishMe Offers Assistance with GDPR Compliance
Jun10

PhishMe Offers Assistance with GDPR Compliance

The General Data Protection Regulation (GDPR) will be written into EU law next year, although companies need to start their GDPR compliance programs now if they are to ensure they are fully compliant before the May 25, 2018 deadline. Any company that is discovered not to be in compliance with the new regulation after that date faces a stiff financial penalty. The maximum fine for non-compliance with GDPR is $20 million Euros or 4% of the company’s global annual turnover, whichever is the greater. GDPR compliance is not optional. Any company doing business in any of the 28 EU member states is required to comply with the new regulation. The main aim of GDPR is to strengthen data protection rights of individuals and facilitate the free flow of personal data in the digital single market....

Read More
Farm Bureau Bank Chooses Agari to Protect Against Phishing Attacks
Jun08

Farm Bureau Bank Chooses Agari to Protect Against Phishing Attacks

San Antonio, TX-based Farm Bureau Bank has signed up with Agari and is now using the company’s Email Trust Platform™ to protect its customers and employees from phishing attacks. The Agari Customer Protect™ solution has been adopted to protect customers from phishing attacks that abuse its brand, while employees are protected from business email compromise and spear phishing attacks by the Agari Enterprise Protect™ solution. In contrast to many email spam solution providers that analyze the content of emails looking for common spam signatures, Agari conducts an in-depth analysis of the senders of emails. The DMARC-based system uses a global email telemetry network with the company’s proprietary technology to distinguish between trusted and untrusted senders and blocks malicious emails....

Read More
New Ironscales Report Delves into Current Phishing Trends
May30

New Ironscales Report Delves into Current Phishing Trends

Ironscales, a leading vendor of anti-phishing solutions, has published a new report on the latest phishing trends. The report shows how phishing tactics have changed, the effectiveness of phishing campaigns and how traditional anti-spam technologies are failing to block spear phishing attacks. The report – titled ‘How Modern Email Phishing Attacks Have Organizations on the Hook’ – was the result of a study of 8,500 verified phishing attacks on 100 organizations affecting 500,000 mailboxes. Those organizations were spread across many industry sectors including healthcare, finance, energy and Insurance in North America, Europe, Africa and the Middle East. Phishing emails used to be fairly easy to identify and block; however, the tactics used by cybercriminals today result in more...

Read More
Purple Increases Security Following Recent Ransomware Attacks
May25

Purple Increases Security Following Recent Ransomware Attacks

The global WiFi analytics and WiFi marketing service provider Purple has taken the decision to improve security for its customers with a new WiFi content filtering service. The decision to improve security was taken at an appropriate time. The recent WannaCry attacks, which affected more than 300,000 computers around the world, shows just how important it is for WiFi companies to take steps to improve security to protect their customers. Ransomware attacks are now one of the biggest cybersecurity threats, with figures from Trend Micro showing a 752% increase in ransomware attacks in 2016. Malware developers have also stepped up their efforts, with record numbers of new malware variants now being released. Phishing attacks are similarly rising. The Anti-Phishing Working Group (APWG) says...

Read More
Healthcare Data Breach Reporting Improves; IT Security Incidents Rise
May23

Healthcare Data Breach Reporting Improves; IT Security Incidents Rise

The monthly Breach Barometer Report from Protenus shows healthcare data breach reporting is improving, data breaches are down, and there was a significant reduction in healthcare data breach victims in April, 2017. The Health Insurance Portability and Accountability Act (HIPAA) places a time limit on reporting healthcare data breaches to the HHS’ Office for Civil Rights (OCR) and sending breach notifications to patients. That time limit is 60 days from the discovery of the breach. Healthcare organizations face fines for late breach notifications, with this year seeing the first settlement with a covered entity based solely on delayed breach notifications. OCR sent a message to healthcare organizations with that settlement. Delaying breach notifications is a serious HIPAA violation and...

Read More
KnowBe4 CEO Stu Sjouwerman Finalist in 2017 EY Entrepreneur of the Year Awards
May04

KnowBe4 CEO Stu Sjouwerman Finalist in 2017 EY Entrepreneur of the Year Awards

KnowBe4 CEO Stu Sjouwerman has been selected as a finalist for the 2017 EY Entrepreneur of the Year Awards. KnowBe4 is a leading provider of anti-phishing solutions that concentrate on the human element of security. KnowBe4’s products help to train end users about the threat from phishing, social engineering, CEO fraud and malware and ransomware attacks. The 2017 EY Entrepreneur of the Year Awards are now in their 31st year. The program has proved incredibly popular and has now been extended to more than 145 cities in 60 countries around the world. The 2017 EY Entrepreneur of the Year Awards are the first, and only, global award program of its kind. The award program recognizes entrepreneurs who have shown incredible commitment to their business and their communities and have fostered...

Read More
Weak Password Test Tool Released by KnowBe4
May03

Weak Password Test Tool Released by KnowBe4

Anti-phishing solution provider KnowBe4 has released a weak password test tool that can be used by organizations to assess threats related to the use of weak passwords. Weak passwords are often cited as one of the main ways cybercriminals gain access to business networks. Weak passwords can be easily guessed and provide little resistance to brute force attacks. A recent study conducted by Verizon showed that 81% of hacking related data breaches were made possible by the use of weak passwords. KnowBe4 CEO Stu Sjouwerman explained that “Using a weak password is an open-door invitation to cybercriminals.” While it is common knowledge that strong passwords should be used to secure accounts, end users often ignore advice and choose easy to remember passwords. IT security professionals are...

Read More
PhishMe CEO Rohyt Belani Announced as Finalist in EY Entrepreneur of the Year Awards
Apr26

PhishMe CEO Rohyt Belani Announced as Finalist in EY Entrepreneur of the Year Awards

Rohyt Belani, CEO and co-founder of PhishMe, the leading provider of anti-phishing solutions for enterprises, has been named as a finalist for Entrepreneur of the Year (mid-Atlantic) at the annual EY awards. This is the second year in a row that Belani has been recognized at the annual award ceremony. This is the 31st year of the EY Awards program, which recognize the excellence of entrepreneurs for innovation, commitment to the business and communities, leadership and the financial performance of their companies. PhishMe enjoyed record growth in 2016 with the firm continuing to go from strength to strength. The firm now employs more than 300 individuals and serves more than 1,200 enterprise customers around the world. The company now has an Annual Run Rate (ARR) of almost $50 million. A...

Read More
Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled
Apr25

Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled

Webroot antivirus update problems are mounting with many thousands of the company’s customers experiencing severe issues after installing an April 24 update. Customers who had their computers running between 7PM and 9PM UTC on April 24 and had their AV set to update automatically had the update applied. While the update should have simply loaded the latest malware signatures, hundreds of critical files were accidentally marked as malicious. The AV solution then started moving those files to the quarantine folder, causing servers and PCs to become unstable and crash. The reason for the crashes and system instability was due to Windows system files being mistakenly marked as infected with W32.Trojan.Gen. However, the Webroot antivirus update problems didn’t end there. In addition to system...

Read More
Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement
Apr13

Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement

Yesterday, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that a $400,000 settlement had been agreed with Metro Community Provider Network (MCPN) to resolve potential security management process HIPAA violations. The Denver, CO-based federally-qualified health center (FQHC) experienced a phishing attack in December 2011 that resulted in unauthorized access to the email accounts of employees. The incident was reported to OCR as access to the email accounts allowed the attacker to view the protected health information of patients. In total, 3,200 patients were impacted by the incident and had their sensitive information exposed. OCR conducted an investigation into the breach which revealed a number of security management process HIPAA violations had...

Read More
Philadelphia Ransomware Used in Targeted Attacks on US Hospitals
Apr11

Philadelphia Ransomware Used in Targeted Attacks on US Hospitals

Cybercriminals are conducting targeted attacks on U.S. healthcare organizations using Philadelphia ransomware; a relatively new ransomware variant developed from Stampedo ransomware. Philadelphia ransomware was first seen in September 2016, although recently, a new campaign has been detected that has already seen two U.S hospitals have sensitive files encrypted. The actors behind the latest attacks are targeting physicians using spear phishing emails. Information about targets can be easily found on social media accounts with a little research. Information is gathered on an organization and campaigns crafted to maximize the chance of infection. In this case, the attackers use logos and names of physicians who work at the targeted hospital to add credibility to documents and increase the...

Read More
Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI
Apr06

Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI

Many businesses have had no alternative but to improve cybersecurity defenses to deal with the increased threat of cyberattacks. With attacks coming from all angles and a large attack surface to defend, organizations need to purchase multiple products to keep their networks and data well defended. It is therefore important to ensure money diverted to cybersecurity is well spent. Organizations need to ensure they get the best possible protection for their investment. One area that is seeing an increasing level of investment is anti-phishing technology – Solutions that improve the last line of defense – employees. PhishMe has developed a comprehensive suite of anti-phishing solutions to keep organizations protected from the growing threat of phishing attacks. The suite consists of PhishMe...

Read More
Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats
Mar28

Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats

Ironscales has announced it has partnered with Check Point Software Technologies Ltd and will be integrating its innovative IronTraps™ anti-phishing solution with Check Points’ Sand Blast Zero-Day Protection – a threat emulation solution that tests suspicious email attachments in a safe and secure sandbox. At present, Ironscales is the only company to offer an anti-phishing solution that combines human intelligence with machine learning. The company has developed a solution capable of identifying phishing emails and automatically remediating attacks, without any input required from security teams. The IronTraps™ automatic phishing defense solution reduces the time taken to remediate phishing attacks to a matter of seconds. Phishing is now a major network security threat and the risk of...

Read More
Cybersecurity Tips for Healthcare Providers Offered by WEDI
Mar24

Cybersecurity Tips for Healthcare Providers Offered by WEDI

The Workgroup for Electronic Data Interchange (WEDI) has published a white paper offering cybersecurity tips for healthcare providers to help them ensure the sensitive protected health information of patients remains confidential and resilience against healthcare cyberattacks is improved. The white paper – The Rampant Growth of Cybercrime – explains the scale of the current problem. The healthcare industry has been extensively targeted by cybercriminals over the past few years and the attacks are showing no sign of abating. The sheer number of data security incidents reported to the Department of Health and Human Services’ Office for Civil Rights shows just how frequently cyberattacks result in access to ePHI being gained. In 2016, more than 315 major data security breaches were reported...

Read More
Perry Carpenter Appointed as KnowBe4’s Chief Evangelist and Strategy Officer
Mar22

Perry Carpenter Appointed as KnowBe4’s Chief Evangelist and Strategy Officer

KnowBe4 has appointed Perry Carpenter as its new Chief Evangelist and Strategy Officer. Carpenter’s role will be to help guide innovation and oversee the continued evolution of KnowBe4’s range of phishing defense solutions that target the human element of security. KnowBe4 has developed a ‘new school’ approach to security awareness training, being aware that simply providing training to end users is no longer sufficient to protect against increasingly sophisticated attackers. In addition to providing end user training on a wide range of email and web-based threats, KnowBe4 has developed a phishing simulation platform to put end users’ knowledge to the test. The platform gives employees practice at identifying phishing emails in a safe environment and greatly reduces user susceptibility...

Read More
Expanded Awareness Video Campaigns to be Showcased by Wombat Security at the SXSW Conference
Mar10

Expanded Awareness Video Campaigns to be Showcased by Wombat Security at the SXSW Conference

Wombat Security Technologies will be showcasing a new addition to its Awareness Video Campaigns at this month’s South by Southwest (SXSW) Conference. The Awareness Video Campaigns are a new addition to the Security Awareness Materials produced by Wombat, the purpose of which is to remind employees of the need to be security aware and how simple changes to behavior can have a major impact on their organizations. Cybersecurity concepts are introduced in Wombat’s training modules, with the awareness materials reinforcing those concepts, emphasizing best practices and helping to improve knowledge retention. Wombat’s Security Awareness Materials include posters for organizations to display in the workplace and images and articles to distribute via email. The Awareness Video Campaigns are a...

Read More
Wombat Security Included in Gartner 2016 Magic Quadrant for Security Awareness Computer-Based Training
Mar10

Wombat Security Included in Gartner 2016 Magic Quadrant for Security Awareness Computer-Based Training

Gartner Inc., has included Wombat Security Technologies in its 2016 Magic Quadrant for Security Awareness Computer-Based Training. This is the third consecutive year than the cyber security awareness training provider has been included in the Magic Quadrant. Gartner rates companies on two main criteria: The ability to execute and completeness of vision. Each vendor is assessed and given a score in each area. Based on the score for each component, companies will be placed in one of four quadrants. To be placed in the leader’s quadrant, companies must excel in both areas. Companies positioned in the leader’s quadrant have the highest composite scores for ability to execute and completeness of vision. Companies are also rated for their product and overall viability, sales execution and...

Read More
Guidance on Cyber Threats Issued to Healthcare Organizations by OCR
Mar08

Guidance on Cyber Threats Issued to Healthcare Organizations by OCR

The U.S. Department of Health and Human Services’ Office of Civil Rights has issued new guidance on cyber threats, advising HIPAA-covered entities to obtain the latest intelligence on new cyber threats that could potentially allow cybercriminals to gain access to the protected health information of patients and health plan members. Threat intelligence is issued by many organizations, although OCR recommends in its guidance on cyber threats to regularly check the website the United States Computer Emergency Readiness Team (US-CERT) and to sign up for email updates. US-CERT is part of the Department of Homeland Security, and has access to intelligence from many sources. US-CERT is responsible for analyzing all the gathered threat intelligence and issuing updates to businesses and the...

Read More
Agari Wins Security PG 2017 Global Excellence Award for Best Security Software
Mar03

Agari Wins Security PG 2017 Global Excellence Award for Best Security Software

The cybersecurity firm Agari has been crowed winner of the Best Security Software category at this year’s Security Product Guide 2017 Global Excellence Awards. The Security Products Guide is used by decision makers to determine the best IT security products to deploy to protect digital assets. The reviews in the guide are invaluable for helping narrow down products to those that are best suited for each individual organization. The awards are an annual event in which the best cybersecurity companies are honored and the top security products are recognized. Agari picked up the award for its Enterprise Protect™ solution – the only email security solution that counters the threat from spear phishing emails, business email compromise (BEC) attacks and sophisticated low-volume social...

Read More
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
Feb23

Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted

The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to rise over the coming weeks. Schools have been extensively targeted this year, although there have been at least 9 healthcare organizations that have fallen for the phishing scam this year. Campbell County Health, Pointe Coupe Hospital, Adventist Health (Tehachapi Valley), SouthEast Alaska Regional Health Consortium, eHealthinsurance, Citizens Memorial...

Read More
Ironscales Wins Best Messaging Security Solution Award
Feb15

Ironscales Wins Best Messaging Security Solution Award

Cyber Defense Magazine has announced the winners of its 2017 Awards, with Ironscales winning an Editor’s Choice Award in the Best Messaging Security Solution category for its automated phishing defense platform IronTraps™. The Cyber Defense Magazine Awards are decided by a panel of independent information security experts, with nominated products assessed on a wide range of criteria over a period on months. The prestigious awards recognize innovative cybersecurity products that are highly effective at blocking cyber threats. Pierluigi Paganini, Editor-in-Chief of Cyber Defense Magazine, said “We’re thrilled to recognize next-generation innovation in the information security marketplace and that’s why Ironscales has earned this award from Cyber Defense Magazine. IronTraps™ is the first,...

Read More
Healthcare Data Breach Report for January 2017 Highlights Insider Risk
Feb14

Healthcare Data Breach Report for January 2017 Highlights Insider Risk

The healthcare data breach report for January 2017 published by Protenus this week highlights the danger of insider data breaches. Insider data breaches accounted for the largest percentage of healthcare data breaches disclosed in January 2017, considerably more than those caused by hackers. Summary of the Protenus Healthcare Data Breach Report for January 2017 In January 2017, 31 healthcare data breaches were disclosed publicly. While the causes for all of those breaches are not yet known – details of 26 breaches have yet to be disclosed – 58.4% were due to insiders. Those breaches accounted for 59.2% of the 388,307 records known to have been exposed in those 31 healthcare data breaches in January 2017. The insider threat is perhaps the hardest to mitigate, yet the risk posed by...

Read More
Phishing Attacks on Cloud Storage Providers Causing Concern
Feb09

Phishing Attacks on Cloud Storage Providers Causing Concern

Phishing is one of the most common ways that cybercriminals gain access to sensitive data. While logins for online banking services are still a major prize, cybercriminals are now increasingly conducting phishing attacks on cloud storage providers. Software-as-a-service (SaaS) attacks have also soared. A recent report from PhishLabs shows the extent to which cloud storage providers are being targeted. In 2013, cloud storage and hosting services accounted for 9% of attacks. By 2016, the percentage had risen to 23% of attacks. Attacks on SaaS providers barely registered in 2013. Now attacks account for 2% of the overall total. In 2016, phishing attacks on cloud storage providers increased by 5%, while attacks on SaaS providers increased by a staggering 182%. According to PhishLabs, the...

Read More
KnowBe4 Launches New Social Engineering Indicators Training Method
Feb08

KnowBe4 Launches New Social Engineering Indicators Training Method

KnowBe4 has developed a new social engineering indicators training method to help IT security professionals manage the risk of social engineering attacks on employees more effectively. Social engineering techniques are used by cybercriminals to increase the likelihood of end users clicking on malicious links, opening infected email attachments and divulging sensitive information. While phishing emails were once fairly easy to identify, today’s threats are clever, sophisticated and much harder to distinguish from genuine emails. In addition to a recent surge in phishing email volume, security awareness is also lacking at many organizations. KnowBe4 reports that ‘end user security is in serious decline.’ KnowBe4 is tackling the problem through training and phishing simulations. The new...

Read More
IRS Issues W2 Phishing Scam Warning
Feb07

IRS Issues W2 Phishing Scam Warning

Cybercriminals have been sending huge numbers of W2 phishing scam emails over the past few weeks. Tax season usually sees an increase in scam emails being sent, although this year cybercriminals have started their scamming campaigns even earlier. The victim count is also growing rapidly. The W2 phishing scam in question is an email request for copies of employees’ W-2 forms. The scammers impersonate the CEO, CFO or another executive in the organization that is likely to have a legitimate need for the data. Cybercriminals are using a variety of techniques to spoof company email addresses. A casual glance at the email address of the sender will not reveal any clues that the email is not genuine. Since the email appears to have been sent from an authority figure, employees are less likely...

Read More
Kroll Publishes Global Fraud and Risk Report for 2016/2017
Jan27

Kroll Publishes Global Fraud and Risk Report for 2016/2017

The 2016/2017 Kroll Annual Global Fraud and Risk Report has just been released, highlighting just how frequently cybersecurity incidents are experienced by businesses. According to Kroll’s Global Fraud and Risk Report, 85% of surveyed company executives have experienced a cybersecurity incident in the past 12 months. 68% reported at least one security incident, while 82% of executives said their company had experienced at least one instance of fraud. Out of the companies that had been attacked, 33% said they have experienced virus or worm infections and 26% of respondents said their employees had been targeted with phishing attacks. Data deletion or loss due to system issues was reported by 24% of executives, 23% had experienced a data breach involving employee or customer data, and 22%...

Read More
PhishMe Honored in 2017 Info Security PG’s Global Excellence Awards
Jan25

PhishMe Honored in 2017 Info Security PG’s Global Excellence Awards

The Info Security PG’s Global Excellence Awards recognize security companies that have developed outstanding products that allow organizations to secure their digital resources. The awards, which are now in their 13th year, cover a wide range of information security companies and InfoSec products, including awards for management, customer service, and naturally, the effectiveness and usability of the products. The annual awards recognize excellence in the field of information security and showcase organizations that have developed ground-breaking products that raise the bar for others. To be selected as a finalist, organizations must have gone the extra mile and ensured their products and services are truly first class. The PhishMe phishing solution was first released in 2008 with the...

Read More
Ironscales Announces 302% Growth of Annual Revenue
Jan20

Ironscales Announces 302% Growth of Annual Revenue

Israeli cybersecurity firm Ironscales has announced it has recorded an increase in annual revenue of 302% in 2016. Ironscales provides services that help organizations deal with the threat from phishing. Phishing is now the biggest cyberthreat that must be mitigated by organizations. More than 9 out of 10 data breaches occur as a result of employees clicking on phishing emails, with attacks becoming increasingly sophisticated. Ironscales has developed a range of products to help organizations reduce risk and improve resilience against phishing attacks, including the world’s first automated phishing defense solution. The IronTraps™ employee-based intrusion detection system allows employees to report phishing emails with a single click, with the system removing all instances of the email...

Read More
Agari Reports 6-Month Revenue Growth of 95%
Jan12

Agari Reports 6-Month Revenue Growth of 95%

Over the past 6 months, the anti-phishing solution provider Agari has enjoyed 95% revenue growth, helped by uptake of its new Enterprise Protect™ platform – an innovative solution developed to tackle the problem of spear phishing. The solution effectively blocks spear phishing, business email compromise and social engineering-based email attacks by analysing and verifying the senders of emails. Email-based attacks have grown in popularity in recent years. It is no longer a case of if an attack will occur, but when and how often. The increase in email-based cyberattacks and the rising cost of mitigating those attacks has forced organizations to rethink their email security strategies. While there are many email security solutions that can block phishing emails, spear phishing emails that...

Read More
2017 Global Application and Network Security Report Published by Radware
Jan12

2017 Global Application and Network Security Report Published by Radware

A recent survey conducted by Radware, and published in its 2016-2017 Global Application and Network Security report, shows that almost half of companies have been subjected to a cyber-extortion attempt in 2016, mostly with ransomware. 49% of polled businesses said they had been issued with a ransom demand after a cyberattack in the past 12 month showing the threat of ransom-related attacks has risen considerably. Ransomware and data theft with a ransom charged for its safe return, is a highly profitable strategy for cybercriminals. More actors are now getting involved and are extorting huge sums out of businesses that are not prepared for these types of attacks. The 2016-2017 Global Application and Network Security report confirms what many other surveys and studies have suggested –...

Read More
ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles
Jan09

ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles

E-Sports Entertainment Association (ESEA) has announced it has been the victim of an extortion attempt after a hacker infiltrated one of its game servers. The ESEA hacking incident resulted in the theft of 1.5 million player profiles and other user data. The hack occurred on December 27, 2016. Access was gained to an ESEA game server, data were exfiltrated, and a $100,000 ransom demand was issued by the attacker. The hacker said that if the ransom was paid, no mention of this incident would be made and the data would not be sold on or published. Failure to pay the ransom would result in the data being published online. Contact was made with ESEA through its bug bounty program. ESEA obtained the attacker’s email address and requested proof of data theft. ESEA was able to rapidly confirm...

Read More
KnowBe4 Records 298% Increase in Sales in Q4, 2016
Jan07

KnowBe4 Records 298% Increase in Sales in Q4, 2016

2016 has seen a massive increase in ransomware attacks, phishing email volume has soared and CEO fraud is now rife. As the number of threats increases, companies are realizing that security defenses need to be improved. While budgets are being diverted to security products to prevent cybercriminals from breaching the security perimeter, employees remain a weak link in the security chain. All too often, cybercriminals are able to bypass technological defenses by targeting employees with phishing emails. Many companies have realized that far from being a liability, employees can be turned into a strong last line of defense. Training employees to be more security aware can block phishing and social engineering attacks; however training alone is not particularly effective. KnowBe4 has...

Read More
Twitter Credit Card Phishing Scam Offers Quick Account Verification
Jan04

Twitter Credit Card Phishing Scam Offers Quick Account Verification

A new Twitter credit card phishing scam has been detected by cybersecurity firm Proofpoint. Twitter users are offered verified account status via native Twitter ads; however, signing up involves providing credit card details, which will be handed directly to the attackers. Achieving verified account status can be a long-winded process. Users of public interest accounts are required to complete multiple steps to verify the identity of the account holder. The ads offer a quick method of bypassing all of those steps. The scam has been developed to appeal to brand managers, influencers, and small businesses, many of whom not be able to achieve verified status easily as they do not have immediate access to all of the necessary identification documents required by Twitter. The advertisements...

Read More
Yahoo Breach the Work of Cybercriminals with Nation-State Connections
Dec20

Yahoo Breach the Work of Cybercriminals with Nation-State Connections

Data from the Yahoo breach of 1 billion user accounts has already been sold on the black market on multiple occasions, according to InfoArmor. While Yahoo maintains that the attack was performed by a nation-state sponsored hacking group, InfoArmor’s research suggests otherwise and many security experts agree. Instead of a nation-state sponsored hacking group, it has been suggested that it was a criminal organization behind the attack, with those actors believed to reside in Russia and/or Ukraine. InfoArmor’s chief intelligence officer Andrew Komarov claims the attack was performed by a hacking group operating under the name “Group E.” The group comprises of four hackers of Eastern European and Russian origin. The group is involved in hacking organizations to obtain data which are then...

Read More
Over 400,000 New Phishing Webpages are Created Every Day
Dec20

Over 400,000 New Phishing Webpages are Created Every Day

Cybercriminals are now creating record numbers of phishing sites and are using those sites to steal login and email credentials and credit card information. The malicious websites can be convincing. Images are taken from legitimate websites to make the webpages appear genuine. Sites perform complementary – but fake – virus and malware scans and convince visitors that their computers have been infected, and new scams are constantly being created to convince visitors to part with sensitive information or download malware. Antivirus companies and web filtering service providers are quick to identify new phishing sites. New malicious sites are rapidly added to blacklists enabling the sites to be blocked. Individuals and companies protected by solutions to neutralize web-borne threats remain...

Read More
Agari’s Chief Scientist Helps Organizations Understand Social Engineering Based Scams
Dec16

Agari’s Chief Scientist Helps Organizations Understand Social Engineering Based Scams

Criminals have been using social engineering techniques for centuries to con victims into handing over their hard-earned money. However, cybercriminals are now using advanced social engineering techniques to commit digital crimes. Use of social engineering is growing, especially in email attacks on organizations. These phishing, spear phishing (targeted phishing) and Business Email Compromise (BEC) attacks – also known as CEO Fraud – are highly varied, although they have one thing in common. They rely on human interaction and the manipulation of behavior to steal sensitive information such as login credentials, money or fool individuals into installing malware or ransomware. There is some confusion about what social engineering based scams are, how cybercriminals use social...

Read More
Dailymotion Cyberattack Impacts 85 Million Users
Dec06

Dailymotion Cyberattack Impacts 85 Million Users

According to LeakedSource, a recent Dailymotion cyberattack has resulted in email addresses, usernames, and passwords being obtained by hackers. Dailymotion is one of the leading web video platforms and is rated by Alexa as the 113th most popular website. In April 2015, the site attracted 148 million visitors. The Dailymotion cyberattack is understood to have occurred on or around October 20, 2016, which means account credentials may have already been used for phishing attacks or sold on to multiple individuals. The Dailymotion cyberattack is believed to have impacted approximately 85.2 million of the site’s users. Individuals affected by the breach have had their unique username and email address compromised, although the individual behind the attack is only believed to have obtained...

Read More
Ironscales Named Finalist at 2017 SC Awards
Dec06

Ironscales Named Finalist at 2017 SC Awards

The Israeli cybersecurity firm Ironscales has been named a finalist in the 2017 SC Awards in the Best Email Security Solution category and will be competing to win top spot in the category at the upcoming annual awards event in February 2017. This is now the 20th year that SC Media has been honoring the top cybersecurity vendors, with the awards highly coveted. The awards program is highly respected within the industry, with only the best of the best winning their respective category. However, the high quality of the competition makes being selected as a finalist a highly prestigious accolade. To be named as a finalist, a company must have outstanding leadership and an exceptional cybersecurity product that has been proven to be highly effective at preventing cyberattacks and mitigating...

Read More
Wombat Security Technologies Named as Finalist for a 2017 SC Media Award
Nov23

Wombat Security Technologies Named as Finalist for a 2017 SC Media Award

Wombat Security Technologies has been named as a finalist for a prestigious 2017 SC Media Award, in recognition for the quality of the company’s product and its ability to help businesses safeguard their networks and data. This is the 20th year that SC Magazine has run its awards program, which recognize the best of the best in the field of information security. The awards are highly coveted and winning an award is a major accomplishment for any company. Even being named as a finalist is a major achievement, demonstrating the high quality of a product or service. Each product or service is subjected to an in-depth analysis by two panels of independent judges, including current and former CISOs and analysts and educators from academic institutions. Each product or service is given a score...

Read More
PhishMe Finalist in Best IT Security-Related Training Category at 2016 SC Magazine Awards
Nov23

PhishMe Finalist in Best IT Security-Related Training Category at 2016 SC Magazine Awards

The 2016 SC Magazine Awards are a highlight in the calendar for companies in the field of information security. The awards honor the achievements of companies and individuals working in the field of information security and recognize and honor the best and brightest talent. Information security products and services nominated for awards are assessed by two panels of judges, comprising analysts, educators, vendor-neutral consultants and current and former CISOs. Each competitor is thoroughly assessed with average scores tallied before the finalists in each category – and the category winners – are decided. To become a finalist or to win a prestigious award, competitors must display excellence in their respective field. In 2016 there are 29 awards covering a wide range of security...

Read More
Antivirus Software No Longer Sufficient to Protect Against Internet Threats
Nov18

Antivirus Software No Longer Sufficient to Protect Against Internet Threats

According to Darren Bilby, a senior security researcher at Google, antivirus software is no longer good enough to protect against Internet threats. Antivirus software still has its place, but the software will not protect organizations against all malware, ransomware, and other Internet threats. The use of anti-virus products also introduces a false sense of security. People think they are protected because they use antivirus software and set it to update automatically. They also conduct regular scans to ensure nothing has slipped through the net. However, antivirus software cannot detect and protect against all malware. Access to systems can be gained without detection. The software is simply no longer effective enough. Bilby said antivirus software is worse than a canary in a coal...

Read More
Study Shows Fall in Organizational Resilience Against Cyberattacks
Nov18

Study Shows Fall in Organizational Resilience Against Cyberattacks

This week, the Ponemon Institute published the results of its 2016 Cyber Resilient Organization study which showed that organizational resilience against cyberattacks is has fallen over the last 12 months. The Ponemon Institute describes organizational resilience against cyberattacks as the ability of an organization to “maintain its core purpose and integrity in the face of cyberattacks.” The IBM’s Resilient-sponsored study showed that only 32% of IT security professionals rated their resilience against cyberattacks as high. Last year, 35% of IT security professionals rated their resilience as high. When asked about how well their organization would be able to respond to a cyberattack, 66% said they did not think their organization would be able to recover. 68% of respondents said...

Read More
Deloitte Ranks Wombat Security Technologies 144 in 2016 Technology Fast 500 List
Nov18

Deloitte Ranks Wombat Security Technologies 144 in 2016 Technology Fast 500 List

Wombat Security Technologies has been included in the 2016 Deloitte Technology Fast 500 list, securing position 144. Each year, Deloitte produces its Fast 500 lists which recognize the fastest growing technology, telecoms, media, life sciences and energy companies in North America. To be included in the list, firms must have enjoyed exceptional growth. Not all companies qualify for inclusion. Companies must have developed proprietary intellectual property or technology that is sold to their customers that contributes to operating revenues, while base year operating revenues of at least $50,000 are required with a minimum current operating year turnover of $5 million. This year’s list includes firms with growth ranging from 121% to 66,661% over the period from 2012 to 2015, with the...

Read More
PhishMe Reports 97% of Phishing Emails Used to Deliver Ransomware
Nov18

PhishMe Reports 97% of Phishing Emails Used to Deliver Ransomware

PhishMe has released its Q3 Malware Review which indicates the ransomware epidemic is growing, with the malicious file-encrypting malware now used in record numbers of attacks on businesses. Ransomware is malicious code that locks files with powerful encryption, preventing companies from accessing their data. The attackers hold the only keys to unlock the encryption, which must be bought by companies in the form of a ransom payment. There has been an explosion in the number of ransomware variants this year, with many ransomware families now being used to extort money from businesses. However, the leading variant that has been used in the majority of attacks is Locky. Locky is constantly being updated with the attackers using a variety of techniques to avoid detection. The ransomware...

Read More
Facebook’s Darknet Password Buying Practice Revealed
Nov17

Facebook’s Darknet Password Buying Practice Revealed

The data obtained from cyberattacks is often listed for sale on Darknet marketplaces for cybercriminals to purchase, yet who actually buys these data? Passwords are bought by cybercriminals to gain access to users’ online accounts for a wide variety of nefarious activities, but it is not only criminals that are interested in these data. It has recently emerged that Facebook also buys stolen passwords. Facebook CSO Alex Stamos revealed last week that the social media giant buys stolen passwords on the black market and uses them to better protect users’ accounts. Facebook can use the stolen passwords and their associated email addresses to scan its users’ accounts to check for a match. If password recycling is discovered, Facebook can then force users to reset the passwords on their...

Read More
Locky Ransomware Campaign Targets OPM Data Breach Victims
Nov11

Locky Ransomware Campaign Targets OPM Data Breach Victims

The actors behind Locky ransomware have started using data from the OPM data breaches of 2014 and 2015 as part of a new campaign to spread cryptoransomware. It is unclear how much of the data has been obtained, although in total, 22 million user records were stolen in the OPM data breach. The mass spam emails contain a malicious JavaScript file which downloads Locky onto computers. Once installed the ransomware can encrypt files on the infected machine and network drives. At present there is no way of decrypting files locked by the ransomware. Files must either be recovered from backups or the ransom must be paid to obtain decryption keys. Individuals whose email addresses were obtained in the OPM data breach are being sent a fake notification that appears to have come from OPM account...

Read More
New LinkedIn Social Engineering Scam Uncovered
Nov10

New LinkedIn Social Engineering Scam Uncovered

Researchers at Heimdal Security have uncovered a new LinkedIn social engineering scam that attempts to get the LinkedIn account holders to reveal their personal information. The attackers are trying to gain access to users’ financial data as well as identity documents such as passport and driver’s license numbers that can be used to commit identity theft. The attackers are using a common social engineering technique designed to scare potential victims into responding. The emails claim that there is a security issue with users’ accounts that must be rectified promptly. Common to other scams of this nature, a sense of urgency is injected by telling users that they must respond within 24 hours to ensure their account is not blocked. While many scams are sophisticated, this LinkedIn social...

Read More
Google Takes Action Against Websites that Repeatedly Serve Malware
Nov09

Google Takes Action Against Websites that Repeatedly Serve Malware

Google is to take action against websites that are repeatedly used to serve malware, unwanted software, or are used to phish for information. Once a website has been identified as a repeat offender, visitors to the website that use the Chrome browser will be served a warning alerting them that the site is being used to distribute malware. Site owners will be given the opportunity to clean their sites and have the warning removed, but the warning message will not be removed for 30 days. There will be no exceptions. Once branded as a repeat offender, webmasters will be required to wait 30 days before the warning will be removed. Google will notify site owners by email if their sites have been deemed to be repeat offenders. Webmasters will be able to submit a request to Google to have the...

Read More
BEC Attack on El Paso Resulted in Theft of $3.2 Million
Nov04

BEC Attack on El Paso Resulted in Theft of $3.2 Million

The threat from business email compromise attacks has been clearly highlighted by the recently discovered BEC attack on El Paso, TX. According to the Mayor of El Paso, Oscar Leeser, city officials notified law enforcement in October that employees had fallen for phishing scams. Those scams resulted in the attackers stealing $3.2 million in funds from the city. The BEC attack on El Paso was similar to numerous attacks that have taken place in the United States in recent years. The attacker posed as a vendor and informed the city that payment had not been received. A payment of $300,000 was sent, followed by a further payment of $2.9 million from the Camino Real Regional Mobility Authority. The first payment was identified by the CFO after it was noticed that the money had been misdirected...

Read More
Windows Flaw Already Being Exploited by Hackers
Nov03

Windows Flaw Already Being Exploited by Hackers

Russian hackers have been actively exploiting two zero-day vulnerabilities prior to Google’s announcement of the flaws. Google’s Threat Analysis Group announced the flaws, including how they could be exploited, earlier this week. Microsoft had been informed of a new zero-day vulnerability on October 21, although Google only waited 10 days before making the announcement and crucially, did before Microsoft had issued a patch. While Google usually waits up to three months before making flaws public to give organizations time to develop a patch, in this case the decision was made to publish details of the flaws early as they were being actively exploited in the wild. In cases when flaws are actively being exploited, Google only provides vendors with 7 days to issue an advisory or patch the...

Read More
NetSkope Performs Analysis of CloudFanta Malware
Oct27

NetSkope Performs Analysis of CloudFanta Malware

A new report published by NetSkope Threat Research Labs casts some light on CloudFanta malware, which is currently being spread via spearphishing campaigns. CloudFanta malware was first identified in July 2016 and is known to have been used in upwards of 26,000 credential-stealing attacks. The purpose of the malware is to steal email credentials and monitor online banking activities. Once email credentials have been obtained, messages are sent from the compromised account, while stolen banking credentials are used to make fraudulent transfers. Attacks have been concentrated in Brazil, although the use of CloudFanta malware is likely to spread further afield. As with many malware campaigns, infection begins with an email attachment or malicious link. The emails use social engineering...

Read More
Phishing Scam Fools Baystate Health Employees and Exposes PHI
Oct24

Phishing Scam Fools Baystate Health Employees and Exposes PHI

Phishing is a technique commonly used by cybercriminals as an easy way of gaining access to healthcare data. The aim of the scam is to convince individuals into revealing login credentials or infecting their computers with malware. Even when robust cybersecurity defenses are employed to prevent networks and databases from attack, those protections can easily be undone by employees. If employees can be convinced to click malicious links, open infected email attachments, or disclose their login credentials, the attackers can gain a foothold in the network. Phishing scams can be speculative, although increasingly cybercriminals are using highly targeted campaigns. Well-crafted and highly convincing emails are sent that appear to be genuine requests from colleagues to divulge information....

Read More