Jan 22 2021

Key 2021 Insights: Proactive Security Needed for Ransomware, Phishing

Category: Information Security,Phishing,RansomwareDISC @ 12:03 pm

Healthcare leaders will need to shift into a proactive security approach into 2021, if they hope to defend against the onslaught of ransomware and phishing threats.

The ransomware surge during the last few months has already continued into 2021. And though the malware will remain a key trend into this year, healthcare industry stakeholders will need adopt a proactive security approach and secure key entry points, including phishing threats and vulnerable endpoints.

Listen to theĀ full podcastĀ to learn more about Xtelligent Healthcare Mediaā€™s predictions for 2021. And donā€™t forget to subscribe onĀ iTunes,Ā Spotify, orĀ Google Podcasts.

Xtelligent Healthcare Media Editors recently compiled predictions for the healthcare sector in the year ahead on aĀ Healthcare StrategiesĀ podcast episode. In the healthcare security space, leaders can expect continued email-based attacks and other schemes that prey on COVID-19 fears.

Source: Proactive Security Needed for Ransomware, Phishing

Sep 24 2020

SMS phishing scam pretends to be Apple ā€œchatbotā€ ā€“ donā€™t fall for it!

Category: PhishingDISC @ 11:01 pm

If you got someone elseā€™s ā€œfree offerā€ in what looked like a misdirected message, would you take a peek?

Dear Christopher, we have your packet in queue. Address: Londonderry, 
Ballynagard crescent http COLON SLASH SLASH xxxxxxxx DOT com SLASH zzzzzzz

The message is meant to look as though it was sent to the wrong number, so the crooks are relying on you being intrigued enough to click through, whereupon they use some sneaky ā€œreverse authenticationā€ psychology to lure you in further

Source: SMS phishing scam pretends to be Apple ā€œchatbotā€ ā€“ donā€™t fall for it!




Aug 14 2020

CISA alerts of phishing attack targeting SBA loan relief accounts

Category: PhishingDISC @ 9:31 am

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released an alert about phishing attacks targeting various government organizations to steal logins for the Small Business Administration COVID-19 loan relief accounts.

In a newer phishing attack that started in August, security researchers saw the threat actor using convincing tricks to fool potential victims into providing personal and financial information

 

Some Countermeasures:

Checking the source of the message for the sender address will reveal the real one. Simply comparing it with the legitimate email will show the fraud attempt.

Paying attention to the URL in the address bar should also ensure that you don’t fall for a trick and are on the genuine page.

CISA recommends organizations include warning banners for messages from an external source. Even if the message bypasses email defenses, users may act with more caution.

Source: CISA alerts of phishing attack targeting SBA loan relief accounts



Phishing Scam

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉Ā Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet




Tags: SBA loan relief

Jul 31 2020

Twitter says a spear phishing attack led to the huge bitcoin scam

Category: Hacking,PhishingDISC @ 2:54 pm

Twitter shared an update in a blog post and tweets Thursday night.

Source: Twitter says a spear phishing attack led to the huge bitcoin scam



Twitter Says It Knows How Hackers Gained Access
httpv://www.youtube.com/watch?v=ORjCyJUZRN8

What is spear phishing?
httpv://www.youtube.com/watch?v=fZc2oXfz9Qs


Phishing Scams

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Tags: spear-phishing

Jul 12 2020

10 Ways to Identify a Phishing site

Category: PhishingDISC @ 6:08 pm

Cybercriminals create fake websites, malicious emails, text message or phone calls to trick people into clicking on links or revealing sensitive information.

Source: 10 Ways to Identify a Phishing site | The PC Hero

Phishing Attack Example – How to Spot a Scam Email
httpv://www.youtube.com/watch?v=PTE2oqMcfSw



Phishing Scam

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




May 22 2020

To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

Category: PhishingDISC @ 12:08 am

Welp, at least that’s better than industry averages, says code-hosting biz

Source: To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

The mock attack simulated a targeted phishing campaign designed to get GitLab employees to give up their credentials.

The GitLab Red Team ā€“ security personnel playing the role of an attacker ā€“ obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google’s GSuite to send phishing emails. The messages were designed to look like a laptop upgrade notification from GitLab’s IT department.

“Targets were asked to click on a link in order to accept their upgrade and this link was instead a fake GitLab.com login page hosted on the domain ‘gitlab.company’,” explained security manager Steve Manzuik in a GitLab post.

“While an attacker would be able to easily capture both the username and password entered into the fake site, the Red Team determined that only capturing email addresses or login names was necessary for this exercise.”

Fifty emails went out and 17 (34 per cent) clicked on the link in the messages that led to the simulated phishing website. Of those, 10 (59 per cent of those who clicked through or 20 per cent of the total test group) went on to enter credentials. And just 6 of the 50 message recipients (12 per cent) reported the phishing attempt to GitLab security personnel.

Download a CyberAware Cheat Sheet




Apr 20 2020

Q3 2019 Top-Clicked Phishing Email Subjects from KnowBe4 [INFOGRAPHIC]

Category: PhishingDISC @ 11:16 am

Q3 2019 Top-Clicked Phishing Email Subjects from KnowBe4. Users continue to fall for LinkedIn, Facebook, and security-minded messages. See the full report!

Source: Q3 2019 Top-Clicked Phishing Email Subjects from KnowBe4 [INFOGRAPHIC]

This is what happens when you reply to spam email | James Veitch
httpv://www.youtube.com/watch?v=_QdPW8JrYzQ

How to Spot a Phishing Email I Fortune
httpv://www.youtube.com/watch?v=jfnA7UmlZkE


Anatomy of Scam Emails – How To Recognise A Phishing Scam Message
httpv://www.youtube.com/watch?v=3gpOM9c6mmA




Subscribe to DISC InfoSec blog by Email




Jun 10 2019

A guide to phishing emails and how they work -TEISSĀ® : Cracking Cyber Security

Category: PhishingDISC @ 6:32 pm

Security Awareness writer Keil Hubert describes a mysterious email message that could well have been an insidiously clever spear phishing attack.

Source: A guide to phishing emails and how they work -TEISSĀ® : Cracking Cyber Security



This is what happens when you reply to spam email


Ā Subscribe in a reader




Jun 09 2019

From phish to network compromise in two hours: How Carbanak operates

Category: Hacking,Phishing,Security BreachDISC @ 2:21 pm

Cybercriminal group Carbanak has stolen hundreds of millions of dollars from financial institutions. Here’s a detailed analysis by Bitdefender of an attack on one bank.

Source: From phish to network compromise in two hours: How Carbanak operates






Apr 13 2019

Anatomy of a spearphishing attack

Category: PhishingDISC @ 2:12 pm

Anatomy of a spear phishing attack

You may be wondering what it takes to send this type of attack. This is not trivial, and can only be done by someone trained in advanced hacking techniques. We will first take a look at the steps required to send an attack, and then weā€™ll look at steps to mitigate this threat. For the (simplified) attack steps we am freely borrowing from a great blog post by Brandon McCann, a well-known pentester.

Image result for spear phishing attack


Enter your email address:

Delivered by FeedBurner




Mar 28 2019

The ABCs of Detecting and Preventing Phishing

Category: PhishingDISC @ 11:12 am

Stay out of the phishing net with these actionable tips – here’s how you can detect and prevent phishing attacks.

Source: The ABCs of Detecting and Preventing Phishing


 




Jan 25 2019

How a Security Vendor Tricked Social Media Phishers

Category: PhishingDISC @ 11:33 am

UK-based Fidus Information Security was targeted by angler phishing

Source: How a Security Vendor Tricked Social Media Phishers

Subscribe to DISC InfoSec blog by Email





Jan 24 2019

Google Creates Online Phishing Quiz

Category: PhishingDISC @ 11:59 am

Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.

Source: Google Creates Online Phishing Quiz

Subscribe to DISC InfoSec blog by Email





Oct 24 2017

10 most clicked phishing email subject lines

Category: PhishingDISC @ 10:13 am

10 most clicked phishing email subject lines

Ā Luke IrwinĀ Ā 

Ironically, the most successful phishing emails of Q3 2017 told recipients that they had been victims of a data breach.

This finding comes from aĀ report from KnowBe4Ā that investigated the most effective phishing email subject lines. The report looked at tens of thousands of emails from simulated and custom phishing tests, and discovered that the most clicked subject line was ā€˜Official Data Breach Notificationā€™.

Phishing subject lines

The top ten most clicked subject lines were:

  1. Official Data Breach Notification
  2. UPS Label Delivery 1ZBE312TNY00015011
  3. IT Reminder: Your Password Expires in Less Than 24 Hours
  4. Change of Password Required Immediately
  5. Please Read Important from Human Resources
  6. All Employees: Update your Healthcare Info
  7. Revised Vacation & Sick Time Policy
  8. Quick company survey
  9. A Delivery Attempt was made
  10. Email Account Updates

KnowBe4 also evaluatedĀ phishing email subject lines specifically from social networks. The most clicked subject lines were messages ostensibly from LinkedIn. This is worrying for organisations, as many people link their work email address to their LinkedIn account, and a successful phishing attack could expose the company to a data breach or further phishing emails.

Other common social media phishing emails claimed that someone had attempted to log in to their accounts, that theyā€™d been tagged in a photo or that theyā€™d received free pizza.

ā€œNearly impossibleā€ for technology to protect you

Commenting on the study, KnowBe4ā€™s chief evangelist and strategy officer, Perry Carpenter, said: ā€œThe level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats. Phishing attacks are smart, personalized and timed to match topical news cycles. Businesses have a responsibility to their employees, their shareholders and their clients to prevent phishing schemes.ā€

You can take action against targeted phishing attacks by enrolling your staff on ITG Phishing Staff Awareness Course.

This online course shows your staff how phishing works, what to look out for and how to respond when they receive a malicious message. Itā€™s ideal for all employees who use the Internet or email in their day-to-day duties and, as such, itā€™s delivered in simple terms that everyone in your organisation can understand.

Find out more about our Phishing Staff Awareness Course >>




Subscribe to DISC InfoSec blog by Email




Tags: phishing, phishing countermeasures, spear-phishing

« Previous Page