Leveraging Knowledge to Manage Your Data Risks
According to Security.org, “every 4.9 seconds, someone becomes a victim of identity theft in the United States” and the Federal Trade Commission receives over 6.4 million reports of identity theft and fraud every year.
Identity theft incidents continue to climb, with the average amount lost reaching $400 per person. The highest number of cases are…
Sophisticated vishing (voice phishing) attacks continue to target and victimize company call centers and help desks. Recently, a large ad tech company reported that customer information had been compromised as a result of a vishing attack. The company warns that the information obtained in the incident can be used by threat actors to conduct phishing…
A recent white paper issued by SocRadar, entitled “Operation DoppelBrand: Weaponizing Fortune 500 Brands for Credential Theft and Remote Access,” provides a stark outline of how a threat actor known as GS7 has been “targeting banking institutions, technology companies, payment platforms, and other entities” with creating fake “highly similar” web portals to harvest customer…
Security professionals rely on the implementation of multifactor authentication (MFA) to defend against phishing attacks and intrusions. Unfortunately, we can’t completely rely on MFA to protect us as threat actors (more specifically, ShinyHunters) are now targeting companies in technology, financial services, real estate, energy, healthcare, logistics, and retail with synchronized vishing-phishing attacks.
The newest attacks…
We continue to alert our readers to the uptick and successful use of vishing attacks against companies. Threat actors continue to be creative in developing strategies to use vishing to gain access into systems.
According to Cyberscoop, (a publication that I read religiously), Mandiant has confirmed that “multiple cybercrime groups,” including ShinyHunters, are “combining…
The holidays are always a busy time—sending holiday cards, cooking, present shopping and giving, and spending time with family and friends. It’s also an opportune and busy time for scammers too.
A new report by KrebsonSecurity reminds us that fraudsters use the holidays to launch new campaigns, in this case, SMS phishing scams. According to…
In a recent blog post, KnowBe4 reported that it has “uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. The attackers are wielding a powerful new tool that’s completely changing the game for cybercriminals—turning what used to be complex, technical phishing setups into simple one-click launches that can bypass…
I love it when people come up to me and say they are “wicked paranoid” about QR codes. I have been trying to educate people on the risks of QR codes for years and that gives me satisfaction that I have prevented that person from becoming a victim of a malicious QR code. QR codes…
An attack against Salesforce between August 8 and August 18 targeting data through its Salesloft Drift app “is more extensive than at first thought.” The attack targeted numerous Salesforce customers “systematically exfiltrating large volumes of data.”
Google affirmed that threat actors not only targeted the Salesforce integration with Salesloft Drift, but also targeted some Google…
