When assessing cybersecurity risk in your organization, it is important to understand your users and their behavior. A new study by Keepnet sheds light on new hire behavior concerning phishing susceptibility. According to its recent survey, the 2025 New Hires Phishing Susceptibility Report, a whopping “71% of new hires click on phishing emails within
phishing
Privacy Tip #444 – Best Phishing Campaigns are from HR or IT
Everyone thinks they can spot a phish. Whether it is an email, SMS text, or QRish phishing, people have an overinflated view of their capabilities to detect them.
A new summary by KnowB4, “What Makes People Click?” provides an insightful review and proves that people still click when curiosity gets the best of them.
According…
Phishing Attacks – Anyone Can Get Pwned
HaveIBeenPwned is a website that allows users to check whether their data has been involved in data breaches. The website’s creator, Troy Hunt, was the subject of a phishing attack earlier this week. The attack was unrelated to the HaveIBeenPwned website and compromised Hunt’s personal Mailchimp account.
According to Hunt, he received an email purporting…
Privacy Tip #416 – Impersonation is the Most Prolific Phishing Tactic in 2024
A new report published by the software company Egress this month, Phishing Threat Trends Report, is a must-read. It outlines the proliferation of phishing toolkits on the dark web (that basically allows any Tom, Dick, and Harry Hacker) to launch successful phishing campaigns, how “commodity phishing attacks are overwhelming security teams,” the anatomy of…
Privacy Tip #393 – Phishing, Smishing, Vishing and Qrishing Schemes Continue to Dupe Users
The recent increase in smishing and vishing schemes is prompting me to remind readers of schemes designed to trick users into providing credentials to perpetrate fraud. We have previously written on phishing, smishing, vishing, and QRishing schemes to increase awareness about these methods of intrusion.
HC3 recently warned the health care sector about vishing schemes…
Privacy Tip #388 – Understanding the Risk of Multifactor Authentication Fatigue
Most organizations and online platforms use multifactor authentication (MFA) (also called two-factor authentication) to confirm that the user is an authorized individual and not a scammer or fraudster. We have all been trained to use MFA through our workplaces to gain access to our work emails; tech companies offering free email services are suggesting that…
Privacy Tip #382 – Beware of Fake Package Delivery Scams During Holiday Season
There are lots of package deliveries this time of year. When shopping online, companies are great about telling you when to expect the delivery of your purchase. Fraudsters know this and prey on unsuspecting victims especially during this time of year.
Scammers send smishing texts (smishing is just like phishing, but through a text), that…
NYAG Settles with Personal Touch for $350,000 over Phishing Incident
According to a press release, Personal Touch, a home health company located on Long Island, has reached a settlement with New York Attorney General Letitia James for $350,000 for a data breach that occurred in January of 2021 when a Personal Touch employee “opened a malware-infected file attached to a phishing email that allowed…
AI Phishing Attacks Illustrate the Importance of Employee Awareness
Retool, a software development firm offering modular code for customizable enterprise software, recently notified 27 customers that a threat actor had accessed their accounts. The attacker was able to navigate through multiple layers of security controls after taking advantage of an employee through an SMS-based phishing attack. The attacker then used this access to target…
CISA Issues Three Advisories for Industrial Control Systems
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.
The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary…