An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), according to the Cybersecurity and Infrastructure Security Agency, in a warning posted on the official US-CERT web site this past Tuesday. “The email campaign uses a spoofed email address to […]
“File Deletion” Alert Becomes the Latest Scam to Compromise Office 365 Credentials
Attackers use simple cause for concern as the basis of a scam intent on tricking victims into offering up their Office 365 credentials. A very official-looking email is making the rounds, taking advantage of the approximately 50% of companies today using Office 365. And it’s not surprising, as Microsoft is the most impersonated brand in […]
Extortion Threatens Reputational Damage
Scammers are sending emails threatening to damage the reputation of websites unless the sites’ owners hand over 0.3 bitcoin, or around $2,400, according to BleepingComputer. The attackers say that they’ll send out billions of spam emails to millions of email addresses and websites. All of these emails will be spoofed to appear as though they’re […]
Phishing Canadian Targets
We have recently blogged about KrebsOnSecurity’s story on compromised Canadian business email addresses. Here is some updated background on threats to Canadian organizations. Since January 2019, nearly one hundred phishing campaigns have been tailored specifically for Canadian targets, according to researchers at Proofpoint. Attackers are spoofing a number of well-known Canadian companies and organizations, and […]
![Q1 2019 Top-Clicked Phishing Email Subjects from KnowBe4 [INFOGRAPHIC]](https://i0.wp.com/www.optricsinsider.com/wp-content/uploads/2019/05/Q1-2019-Social-Image.png?fit=400%2C225&ssl=1)
Q1 2019 Top-Clicked Phishing Email Subjects from KnowBe4 [INFOGRAPHIC]
Every quarter, KnowBe4 reports on the top-clicked phishing emails by subject lines in three categories: Social, General, and ‘In the Wild’. The latter category results come from the millions of users that click on our Phish Alert Button to report real phishing emails and allow our team to analyze the results. Social Media Is Now […]
![[Heads-up] Scary New MegaCortex Ransomware Strain Discovered That Targets Your Business Network](https://i0.wp.com/www.optricsinsider.com/wp-content/uploads/2019/05/megacortex-ransomware.png?fit=302%2C203&ssl=1)
[Heads-up] Scary New MegaCortex Ransomware Strain Discovered That Targets Your Business Network
Sophos has discovered a scary new strain of very sophisticated ransomware called MegaCortex. It was purpose-built to target corporate networks, and once penetrated, the attackers infect your entire network by rolling out the ransomware to all servers and workstations, using your own Windows domain controllers. Sophos have detected infections in the United States, Italy, Canada, […]
![[Heads up] Ransomware V2.0 Is Set to Resurge As Your Insurance Now Pays Off The Ransom](https://i0.wp.com/www.optricsinsider.com/wp-content/uploads/2019/03/ransomware-2321665_1920.png?fit=600%2C450&ssl=1)
[Heads up] Ransomware V2.0 Is Set to Resurge As Your Insurance Now Pays Off The Ransom
Holy Smokes! Ransomware may be poised to return as a top scourge for companies, as more and more of them pay up—it’s actually their insurance company that makes the payment—after an attack in an effort to minimize the cost of recovery. In this new RSA Conference 2019 Threatpost video, Josh Zelonis, senior analyst at Forrester […]
Scam Of The Week: CEO Fraud bad guys are now bribing your users
Today saw the arrival of yet another interesting variant of the gift card phishing campaigns that have grown into a deluge over the past few months (see below). Today’s email demonstrates that bad guys are actively adapting and evolving their pitch. There are couple interesting things going in this new gift card phish: 1. The […]
Reminder: That Padlock Doesn’t Mean It’s Secure
We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that […]
Shadow IT is Alive and Well: One-Third of Employees Deploy Their Own Software
Employees see IT as an “inconvenience” and look for ways to get around security measures, putting the organization at risk, according to SailPoint’s 2018 Market Pulse Survey. IT can’t make the organization secure if the user is working in the exact opposite direction. IT puts security controls on file sharing, and users open a personal […]