We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find out how various social engineering mitigations work for themselves and their environments.
My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem. If you only read one report each year to give you an idea of what’s going on with cyber attacks, it’s Verizon’s Data Breach Investigations Report (DBIR). Each year, analysts sort through tens of thousands of data breach incidents (some successful, some not) and identify the attack patterns.
A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call “PostalFurious,” impersonated a toll operator and a postal service in the Middle East.
The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting “individuals employed by research centers and think tanks, academic institutions, and news media organizations.”
Enhancements to network security within organizations have made it harder for threat actors to penetrate networks and systems. As a result, people have become the primary target for cyberattacks, with email providing the most effective mechanism for launching these attacks. This leads to all employees within an organization being frequently targeted by phishing attacks.
A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls. “Obfuscation is a gift to hackers,” Fuchs says. “It allows them to pull off a magic trick. It works by hiding the true intent of their message. In this case, it’s a picture. The picture is meant to entice the user to click.
Today, the FBI alerted warned against a new even more disgusting type of sextortion. Previously, these schemes involved coerced or stolen digital material, but now some criminals are using technology to create explicit content from innocent images or videos found online. This information comes from today's alert by the FBI's Internet Crime Complaint Center (IC3).
If a scammer knows your email address, you should be extra-vigilant about phishing, and secure all your accounts with strong passwords and Multi-Factor Authentication (MFA). If you suspect a scammer has gained access to your email account, you should take steps with your email provider to secure your account and let all your contacts know you have been hacked. Read on to learn more details about what a scammer can do with your email address and how to protect your account.
Cybercrime continues to rise — the 2022 Internet Crime Report produced by the FBI's Internet Crime Complaint Center (IC3) revealed that the number of complaints it receives annually has more than doubled since 2018. The potential loss from cybercrime has also grown significantly – between 2021 and 2022, it rose from $6.9bn to $10.2bn.
According to independent research conducted for the Egress Data Loss Prevention Report, 85% of employees are sending more emails than ever before and 80% of are using email to share sensitive data with clients and colleagues. To ensure users can be productive, Microsoft has continued to evolve Outlook to provide a richer and more integrated email experience for end users, adding functionality like autocomplete, clutter, and message access via the reading pane.
