Tag Archives: phishing

Secureworks 2020 Incident Response Report Confirms Increased Vulnerabilities with At Home Workers During Pandemic

Secureworks issues an annual Incident Response Report that is very helpful in obtaining information on what types of incidents are occurring in order to become more resistant to threats. The 2020 IR Report was recently issued, and it contained some conclusions that made sense, while others were surprising. The Report, entitled Pandemic-Driven Change: The Effect … Continue Reading

Privacy Tip #256 – COVID-19 Scams Continue to Plague U.S. Public

It has been widely reported that hackers are taking advantage of the pandemic to perpetrate scams and frauds. We have seen attacks against workers of companies through phishing emails that include an attachment or link offering information or access to specialized treatment for COVID-19 to lure people to click on them. Once they click on … Continue Reading

Privacy Tip #250 – Beware of Vishing

The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert warning the public about vishing campaigns [see related post]. Vishing is defined by the FBI as “a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial … Continue Reading

Benefit Vendors’ Security Practices

Most employers use vendors to assist with managing various employee benefits, including payroll, health and dental benefits, pharmacy, cost-reduction strategies, retirement, analysis and wellness programs. When using these vendors, the personal information of employees is provided to the vendor in data dumps. Usually that means that the vendors receive employees’ names, addresses, dates of birth, … Continue Reading

SEC Issues Warning for Advisors and Broker-Dealers on Increased Ransomware Attacks

On July 10, 2020, the Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their cybersecurity controls to prevent and respond to an increase in phishing campaigns and ransomware attacks. The Risk Alert advises that the OCIE has “observed an apparent … Continue Reading

Privacy Tip #243 – Misconfigured Cloud Exposes Millions of Records of Eleven Dating Sites

Dating sites continue to be the source of compromise of sensitive personal information. Another example of this was discovered recently by security researchers at WizCase, who found that information on millions of users of up to 11 different dating service sites was accessible due to misconfigured cloud storage.  The databases that were discovered included users’ … Continue Reading

Financial Services Information Sharing Group Warns of Increased Phishing Attacks

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has warned that financial services firms, and in particular smaller ones, are being attacked at an increased rate during the coronavirus pandemic. According to FS-ISAC, phishing attacks against financial services firms increased by one-third in the first quarter of 2020. In that time period, FS-ISAC identified … Continue Reading

New York Department of Financial Services Issues Guidance Regarding Heightened Cybersecurity Awareness During COVID-19 Pandemic

The New York Department of Financial Services (DFS) recently issued guidance to its regulated entities regarding heightened cybersecurity awareness as a result of the COVID-19 pandemic. DFS described three primary areas of heightened risk during this time: remote working, increased instances of phishing and fraud, and third-party risks. With respect to remote working, DFS noted … Continue Reading

Privacy Tip #236 – Foreign Government-Backed Phishing Attacks Pose as Fast Food Chains

Google has warned users in a blog article that nation state-backed hackers are using the COVID-19 crisis to ramp up phishing attempts and, in one example, are posing as American fast food franchises and sending malicious emails with fake offers and coupons to government officials and health care workers. Google has identified over 12 government-backed … Continue Reading

Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion

Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. That figure is based on historical cybercrime figures. It is estimated that the cost of ransomware to businesses will … Continue Reading

Privacy Tip #226 – Beware – Well-Known Brands Used for Phishing Schemes

A new study by Check Point Research shows that cyber criminals are using well-known brands to lure victims into clicking on nefarious links, providing personal information or credentials, or getting users to transfer money.  This is an old malware trick that we used to see and now recognize. Scammers send a phishing email after copying … Continue Reading

Crime-as-a-Service Targets Popular Platforms

It’s getting difficult to keep up with the jargon of all of the new digital scams. The SaaSes in the beginning became regular business terms, such as Software-as-a-Service (SaaS), and Business Processes-as-a-Service (BPaaS). But then the criminal enterprises came up with Malware-as-a-Service (MaaS), Ransomware-as-a-Service (RaaS) and now Crime-as-a-Service (CaaS). A new Crime-as-a-Service offering is targeting … Continue Reading

2.2 Million GateHub and RuneScape Passwords Compromised

It has been reported by Troy Hunt, the security researcher who provides the “Have I Been Pwned” free breach notification service, that 1.4 million passwords and personal information of customers of GateHub, a cryptocurrency wallet service provider, and 800,000 customers of EpicBot gaming bot provider RuneScape are for sale on the web. According to Hunt, … Continue Reading

Small and Mid-Sized Businesses Continue to Be Targeted by Cybercriminals

A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks. The Ponemon study finds that 76 percent of the 592 companies surveyed had experienced a cyber-attack in the previous year, up from 70 percent … Continue Reading

Privacy Tip #206 – Be Mindful of Calendar Invites—They Can Contain Spam

Spam is invading all aspects of our online life, and of late, even our online calendars. I hadn’t thought about embedded malware in calendar invites until I read an informative krebsonsecurity.com blog article this week. I think this is something everyone should know about and be mindful of when receiving calendar invites. Calendar invites are … Continue Reading

Business Email Compromises Bilking U.S. Companies Out of $301M Per Month

The United States Treasury Department came out with a report last week that concludes that business email compromises (BEC) are costing U.S. companies more than $301 million per month. The report confirms that the two industries hit the hardest by these scams are manufacturing and construction. The report, issued by the Treasury Department’s Financial Crimes … Continue Reading
LexBlog