Somebody wants to punch our lights out – literally turn off the electric power grid. Who would want to do this? Who has the capability? Is it the Russians, who have already demonstrated this attack two years ago in the Ukraine? Or the North Koreans, who have both motive and the cyber army to carry it off? Cybersecurity firm Symantec has attributed ...
Email account hijacking is a serious, growing problem. It has become the number one way that cyber-criminals make money. What makes it so insidious is the ease with which the hijacker can impersonate the owner of the email account.
What this means to you is this – that email you got from your boss, a close friend, a coworker, a supplier or customer ...
There is a new twist on an old tax scam appearing in email inboxes recently. The new phishing exploit uses both IRS and FBI emblems to scare recipients into provide personal information on a downloadable questionnaire. You can read the official warning here.
I like to remind people that the IRS only communicates with taxpayers by postal mail. Sometimes they might send a US Marshal. And the FBI certainly would not be sending an email when they can ...
Continue Reading →
That’s right, it’s still you. Sorry.
October is Cybersecurity Awareness Month, and this week’s theme is Simple Steps to Online Safety.
The toughest part of cybersecurity is securing the human mind, emotions, behaviors, and responses from the making a decision or taking an action that will open the door for a cyber-attacker. The reality is that it is much easier to secure systems than humans. And unfortunately, humans have been given ...
Continue Reading →Is your email address one of the 711 million emails that are being used by the Onliner spam-bot? I checked my email address at Have I Been Pwned and found it on the list. You can click through the link and see if yours is on the Onliner list, or part of some other breach.
Onliner ...
Continue Reading →The Equifax breach has been all over the news this weekend, and it should be. This is worse than they are telling us. It most certainly DOES affect you, if you are adult and have ever purchased a car or opened a credit card account. Don’t wait to be told you are a victim. Assume you are a victim.
In a world where we are all suffering from “breach fatigue,” having suffered through dozens if not hundreds of these revelations about ...
Continue Reading →
There are four ways that a typical business user on a Microsoft Outlook/Exchange/Office 365 platform can utilize. While these may not be perfect, and all of them have issues, applying these solutions will help prevent your users for falling victim to phishing emails. These solutions are additive, and each additional solution deployed provides a further layer of protection.
Junk Mail Filter – Outlook comes with a built-in Junk Mail filter that, ...
Continue Reading →
When I am investigating an email exploit, I will take a look at the email headers. Email headers in an email are a lot like the html code in a web site. This is information that the machines that create, send, and receive the email use for routing, and for providing other information about the message. As a human, we do not see the headers unless we specifically look for ...
The SANS institute released the results of a new survey recently, and found that cybersecurity professionals ranked phishing as the number one exploit this year. Phishing awareness training programs were seen by many as the best defense against phishing, spearphishing and whaling exploits. Something that was new this year was the reporting of so-called “malware-less” exploits that use “the built-in features of the operating system to turn it against itself without ...
One of the tactics that I am seeing more often is the clever use of web address spoofing in the web sites and landing pages used in phishing emails. This sort of spoofing has been used successfully even against people who have been training to detect phishing emails, and to check link destinations (using the hover trick) and double check web addresses in the browser address bar.
Here are some techniques ...
Continue Reading →