I have been alerting clients that I know use Wipro, but may have missed some of you. It is being reported that IT outsourcing company Wipro Ltd. has been hacked through several phishing campaigns from what is believed to be a state-sponsored attacker. According to recent reports, including KrebsonSecurity, sources have stated that “Wipro’s systems … Continue Reading
The Oregon Department of Human Services (DHS) announced late last week that nine of its staff members had fallen victim to a phishing campaign and that their email boxes were compromised on January 8, 2019. The intrusion was discovered on January 28, 2019. When the intrusion was discovered, the staff members’ changed their passwords to … Continue Reading
In another round of warnings from the federal government on protecting yourself from tax return fraud and identity theft, the Internal Revenue Service (IRS) has issued its 2019 “Dirty Dozen” Campaign, designed to warn individuals about the most common tax-related phishing schemes that are focused on tax fraud and identity theft. During tax season, cyber … Continue Reading
To illustrate just how creative phishing campaigns have become, on January 30, 2019, it was reported by multiple credit unions that Bank Secrecy Act officers at credit unions around the country received emails that appeared to be from Bank Secrecy Officers at other credit unions. The emails were addressed to the actual Bank Secrecy officers … Continue Reading
With more companies hiring, online recruiting scams have re-emerged to prey on job seekers and employers. The Better Business Bureau tracked more than 3,000 recruiting scams in the first 10 months of 2018 with losses in the million dollars. The online recruiting scam works this way: the scammer fraudulently uses a company’s name and logo, … Continue Reading
According to a new report by Datto, Inc. (its third annual Global State of the Channel Ransomware Report), ransomware continues to be the top cyber-attack experienced by small- and medium-sized companies. Some managed service providers were surveyed in Singapore, the Asia-Pacific region and across the globe. Fifty-five percent of them said their clients had experienced … Continue Reading
Phishing attacks continue to hit health care providers and experts say the attacks will become even more frequent in 2019. As previously reported, the largest breach of health care information was recently settled by Anthem, which involved almost 80 million individuals’ information, all caused by a phishing email sent to one individual at Anthem [view … Continue Reading
Phishing campaigns continue to be one of the most successful ways for malicious intruders to access company information, including personal information of employees and customers. Phishing emails continue to get more and more sophisticated and employees continue to fall victim to them, often putting the entire company at risk. Typical successful phishing campaigns end with … Continue Reading
Small businesses are targeted by hackers because they often do not have the resources to stay abreast of new schemes, or to protect against them with the latest technology or security solutions. Small businesses have historically struggled with data security, so any help is always welcome. Recognizing that small businesses struggle with data security, the … Continue Reading
An old trick is coming back and working. It is a wire fraud scheme targeted at homeowners instead of businesses, and it is happening at an alarming rate. Here’s how it works: An individual is in the process of purchasing a home. Most of the communication in real estate transactions these days is done via … Continue Reading
The month of August saw two federal criminal convictions of individuals involved in significant cyberattacks. In Boston, a federal jury convicted Martin Gottesfeld of one count of conspiracy to intentionally damage a protected computer and one count of intentional damage to protected computers. The charges resulted from 2014 Distributed Denial of Service (DDOS) attacks on … Continue Reading
In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry. According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that … Continue Reading
Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme. The incident illustrates how the manufacturing sector is continuing to … Continue Reading
Late last week, a joint statement by the Department of Homeland Security and the Federal Bureau of Investigation confirmed that the Russian government has been behind an ongoing targeted campaign to penetrate U.S. power plants and the electric grid. Of course, this fact has been well known and has been reported on repeatedly in the … Continue Reading
In a recent Public Service Announcement dated February 21, 2018 entitled “Increase in W-2 Phishing Campaigns,” the Federal Bureau of Investigations (FBI) issued another alert about an increase in phishing campaigns since the beginning of 2018. According to the FBI, “IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed … Continue Reading
On January 30, 2018, EDUCAUSE, a higher education technology association, submitted a letter to the U.S. Department of Education describing concerns that it had with the Federal Student Aid (“FSA”) ability to protect federal student financial aid data. EDUCAUSE’s members include IT professionals from over 1,800 colleges and universities as well as other organizations. First, … Continue Reading
According to a Proofpoint study that analyzed 160 billion emails delivered to 2,400 global companies at the end of 2017, 88.8 percent of organizations were targeted by at least one email phishing attack over the past year. This is an increase over its 2016 report conclusion of 75 percent. In addition, more identities were spoofed … Continue Reading
Lazarus, the well-known hacking group responsible for the WannaCry ransomware attack from last year, as well as the attack on the Bangladesh Central Bank and Sony, is now targeting global financial firms and Bitcoin adopters with a phishing campaign dubbed “HaoBao.” The phishing campaign was discovered by McAfee Labs in mid-January. The way it works … Continue Reading
It is a myth that employees hate training and education. I have seen it with my own eyes. It is very exciting to watch an audience visibly cover their mouths when real life stories are told about cyber-attacks and phishing incidents that employees’ conduct cause because they are working too fast, not paying attention to … Continue Reading
It is well known that hackers and fraudsters surf Facebook to find individuals who have not protected their information through Facebook’s privacy settings. People put a lot of information on Facebook that is very personal and can give criminals detailed leads on how to launch successful campaigns against unsuspecting victims. Less publicized is the fact … Continue Reading
Beazley has published a report outlining data breaches in the first nine months of 2017. The report notes that the highest cause of a data breach in 2017 so far are unintended disclosures, which accounted for 41 percent of all incidents. Beazley stated: “We urge organizations not to ignore this significant risk and to invest … Continue Reading
Hackers working on behalf of the Iranian government have been targeting the aviation and petrochemical industries in the United States, Saudi Arabia, and South Korea since 2013, according to a report released by FireEye last week. According to the report, APT33, a hacking group working for the Iranian government, have sent phishing emails to aviation … Continue Reading
Vevo announced this week that it experienced an intrusion into its servers by the hacking collective OurMine, self-described as a white hat organization that informs individuals and organizations of potential security vulnerabilities. When OurMine reached out to Vevo to inform it of a vulnerability, a Vevo employee dismissed the claim and told OurMine that they … Continue Reading
The Internal Revenue Service (IRS) has issued a warning alerting the public to a new email phishing scam that looks like a joint notice from the IRS and FBI about new tax laws. The phishing email uses the emblems of both agencies, and asks recipients to download an FBI questionnaire related to “changes of tax … Continue Reading
