An Amazon phishing campaign is accidentally sending out links that lead straight to the attacker’s remote access console, according to Paul Ducklin at Naked Security. Ducklin explains that Sophos came across a generic Amazon Prime phishing email which informed recipients that their Amazon account had been suspended. The email contained a link for the user […]
Bogus Singapore Police Site Serves as a Watering Hole
The Singapore Police Force (SPF) released an advisory warning about a phishing site that’s spoofing the Force’s website, Channel News Asia reports. The bogus website informs the user that their computer has been locked “due to viewing and dissemination of materials forbidden by law of Singapore,” for the most part pornographic content of an extreme […]
Ransomware Attack On Wool Industry Halted Sales Across Australia Last Week
It is yet to be seen how a cyber attack which shut down wool sales last week will affect growers in Tasmania. Last Tuesday Talman Software, which is used by the majority of wool industry across Australia and New Zealand, was the victim of a ransomware attack. The attack prevented brokers from being able to […]
Experts: Expect Summer Olympics-Themed Cyberattacks in the Coming Months
The business of the games will provide cybercriminals with countless options to scam participants, sponsors, and spectators using contextual details and social engineering. So, you’re all set to go to the games this summer and then get an email about your hotel booking: the credit card came back invalid and you need to re-enter in […]
WSJ: “Losing $450,000 in Three Days: Hackers Trick Victims Into Big Wire Transfers”
Rachel Louise Ensign wrote a great story for the WSJ about CEO Fraud, also known by the FBI as Business Email Compromise. I’m quoting an extract and I strongly recommend sending a link to the original WSJ article to your C-levels as it’s excellent ammo to get budget for new-school security awareness training. “In 2018, […]
Most Organizations Stick to Legacy Password Security Practices Despite Experiencing Cyberattacks
In a surprising twist, new data sheds light on the lack of proper security around passwords and authentication by IT at a time when cyberattacks are all but an absolute given. Passwords sit firmly at the center of nearly every security model and cyberattack. Whether being used to grant appropriate access for an employee or […]
Emotet Malware Shows Up in SMiShing Attacks Disguised as Bank Notifications
A newly discovered attack looks to try to make a victim of mobile device holders using a two-pronged attack that uses Emotet and, perhaps, Trickbot. Security researchers at IBM X-Force have uncovered a new SMiShing attack in which mobile phones are sent a text purporting to be the victim’s bank with a message indicating the […]
Here Is A Real-life Bank Phone Scam Blocked By A Security Awareness Trained Employee
Brad Mathis at our partner Keller Schroeder sent me the following real-life story from Matt, a KnowBe4 Security Awareness Training client… “I just wanted to share a story with you. Yesterday I sent a text message to a friend at church at 5:03pm. At 5:04pm I received a called from “No Caller ID” and assumed […]
The Real-life Email You Never Want To Get From Your CEO Because The Feds Called…
From The Desk Of Mark *********, CEO, ********* Corporation To all of our valued clients: On February 19th at approximately 3:00 pm Department of Homeland Security contacted me to inform me there was a person or persons on the dark web trying to sell “access” to the our client databases. As company President and Owner […]
New DoppelPaymer Ransomware Makes Money Off of You Whether You Pay the Ransom or Not
Taking a page from the Maze ransomware playbook, the creators of DoppelPaymer don’t just encrypt your data; they have found channels to sell if it you don’t pay up. Back in November, Maze ransomware became the first to publish a victim’s data if they didn’t pay the ransom, effectively turning a private ransomware attack into […]