A new report published by the software company Egress this month, Phishing Threat Trends Report, is a must-read. It outlines the proliferation of phishing toolkits on the dark web (that basically allows any Tom, Dick, and Harry Hacker) to launch successful phishing campaigns, how “commodity phishing attacks are overwhelming security teams,” the anatomy of
phishing
Privacy Tip #393 – Phishing, Smishing, Vishing and Qrishing Schemes Continue to Dupe Users
The recent increase in smishing and vishing schemes is prompting me to remind readers of schemes designed to trick users into providing credentials to perpetrate fraud. We have previously written on phishing, smishing, vishing, and QRishing schemes to increase awareness about these methods of intrusion.
HC3 recently warned the health care sector about vishing schemes…
Privacy Tip #388 – Understanding the Risk of Multifactor Authentication Fatigue
Most organizations and online platforms use multifactor authentication (MFA) (also called two-factor authentication) to confirm that the user is an authorized individual and not a scammer or fraudster. We have all been trained to use MFA through our workplaces to gain access to our work emails; tech companies offering free email services are suggesting that…
Privacy Tip #382 – Beware of Fake Package Delivery Scams During Holiday Season
There are lots of package deliveries this time of year. When shopping online, companies are great about telling you when to expect the delivery of your purchase. Fraudsters know this and prey on unsuspecting victims especially during this time of year.
Scammers send smishing texts (smishing is just like phishing, but through a text), that…
NYAG Settles with Personal Touch for $350,000 over Phishing Incident
According to a press release, Personal Touch, a home health company located on Long Island, has reached a settlement with New York Attorney General Letitia James for $350,000 for a data breach that occurred in January of 2021 when a Personal Touch employee “opened a malware-infected file attached to a phishing email that allowed…
AI Phishing Attacks Illustrate the Importance of Employee Awareness
Retool, a software development firm offering modular code for customizable enterprise software, recently notified 27 customers that a threat actor had accessed their accounts. The attacker was able to navigate through multiple layers of security controls after taking advantage of an employee through an SMS-based phishing attack. The attacker then used this access to target…
CISA Issues Three Advisories for Industrial Control Systems
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.
The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary…
Threat Groups Using Translation Tools in Phishing Attacks
It used to be that one of the sure ways to identify a phishing email was to notice grammatical errors or broken English in the text of the communication. Thanks to new translation tools like Google Translate, which are available worldwide, threat actors can translate a phishing email into any language, so it sounds authentic…
Beware of Luna Moth Callback Phishing Scam
Palo Alto’s Unit 42 recently issued a threat assessment alert outlining a new, unique phishing scam that has been successful. The scam is believed to have been carried out by the Luna Moth/Silent Ransom Group and is targeting businesses in the legal and retail sectors. Unit 42 predicts that the scam is “expanding in scope.”…
Acronis Reports Ransomware Damages Will Exceed $30B by 2023
In its Mid-Year Cyberthreat Report published on August 24, 2022, cybersecurity firm Acronis reports that ransomware continues to plague businesses and governmental agencies, primarily through phishing campaigns.
According to the report over 600 malicious email campaigns were launched in the first half of 2022, with the goal of stealing credentials to launch ransomware attacks. Other…