As long as we are on the subject of telephone fraud, here is a post inspired by a recent article from Naked Security. It reminded me that not all attacks are high-tech cyber-attacks. The phone is still an effective tool used by criminals to extract cash from their victims, and the losses can be in the thousands.
Here are some different scams run by these scammers:
Last week we went deep on the subject of just how bad losing control of your email account can be. Today we are wrapping up the four-part series with solutions to help you prevent email account compromise from happening, how to detect if it has already happened to you, and how to recover if that is the case.
Prevention is the best solution. Your email account is one of the crown ...
Continue Reading →On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker. Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.
They have already proven that you are susceptible to phishing and other social engineering exploits. So sending the victim other phishing emails that allow more ...
Continue Reading →
Has it been another year already? Tomorrow is System Administrator Appreciation Day.
Gifts are always appreciated. Some easy do-ers. Mountain Dew, Doritos, Pie, Pizza.
Here are some cool ideas from my Pinterest feed.
On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password. Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.
I consider email account compromise to be one of the most personally harmful cyber-exploits. When another person has access to your ...
Continue Reading →Let’s say I just hijacked your email account. What can I do with it?
First thing, a hijacker would not announce his or her presence in your account. Staying undetected is important so you do not change your password. Depending on what the attacker is doing with your email account, there is a significant probability that you would not know your account was compromised for several days, weeks, or even years!
In ...
Continue Reading →
I am honored to be presenting at the 2017 ISSA International Conference, October 9-11 in San Diego, CA. This year’s theme is “Digital Danger Zone.” Please join me for networking, education, and fun.
I will be presenting “Shields Up for WordPress Web Sites and Blogs.” This presentation covers the threat of website hijacking, what an attacker wants to do with your ...
Continue Reading →
Toward the end of last year I made a pair of bold predictions. The first, that ransomware exploits would start declining, because anti-malware software companies were bringing products online that would prevent the encryption from taking place. The second, there would be an increase in Business Email Compromise (BEC) exploits, as cyber-criminals turned to new income streams. I was only half right.
BEC exploits have increased, because the potential returns are ...
Continue Reading →I was a guest on Sarah Westall’s web radio program, Business Game Changers. The YouTube video is below. It’s 53 minutes, so get a beverage, sit back and enjoy.
Continue Reading →
We have reported previously about Operation Hard Copy. This is from the US Department of Justice: The US Marshall’s Service arrested another member of the North Dakota lottery scam in Jamaica recently.
“United States Attorney Chris Myers announced today, that the U.S. Marshals Service, working with Jamaican law enforcement, has located and apprehended another man charged with participating in an international organized crime advance fee “lottery scam” which defrauded at least 90 ...
Continue Reading →