Search Results for "email account hijacking"


  • Authentication Without Passwords
    The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack.  Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as ...
  • Ransomware Is Back and Worse Than Ever
    A couple years ago, it looked like crypto-ransomware attacks were falling by the wayside.  Business email compromise (email account hijacking) and associated wire transfer fraud were becoming easier and more successful for cyber-criminals than ransomware.  I made some predictions in this blog and ...
  • Don’t Get Emotional!
    Social engineers have many tricks up their sleeves, and we have covered many of them in previous articles.  The biggest trick is phishing emails, of course, coupled with replica landing pages on hijacked websites.  Other methods include phone calls, such as fake tech support calls.  There are tex...
  • Identity Theft: Methods and Prevention
    Identity theft is probably one of the most serious crimes that can happen to you.  The bad news – identity theft in one fashion or another is likely to happen to all of us.  In any given year, one in fifteen people will suffer identity theft.  There are many ways that your personal informat...
  • The Insider Threat – Part 1
    Which is a bigger risk to your organization?  A determined outsider trying to break into your network?  Or an insider, an employee or coworker who is already on the network as a credentialed user?  Obviously, it is the insider who represents the greatest threat. In truth, all successful attacks b...
  • Most Common Malware of 2019 (So Far)
    In 2015 and 2016 the winner was crypto-ransomware exploits.  In 2017 and 2018 the most common exploit was Business Email Compromise, aka Email Account Hijacking (BEC/EAC).  This is year is shaping up to be the year of the crypto-mining exploit. Here are the crypto-mining malware programs that are ...
  • Unhappy Valentines Day – Romance Fraud
    This Valentine’s Day, be careful of who you let into your heart.  Unfortunately for every love-lorn single there is a fake Romeo or dating site scammer waiting to separate them from their money.  According to the FBI, the amount of money losses to victims of romance fraud makes it the secon...
  • Top Cyber-Attack Vectors – Past, Present, and Future
    Are you wondering what exploits represent the biggest threats in 2019?  It can be difficult and expensive to defend against everything.  If your company is budget-constrained, it may make more sense to defend against what is “likely” instead of everything that is “possible.”...
  • A Timeline of Russian Cyber-Exploits
    We have been investigating Russian cyber-attacks this week.  Today we publish a timeline of Russian cyber-activities.  In the interest of space, I am publishing just the timeline with little descriptive content.  I have included a download link to a PDF and spreadsheet of the timeline with more d...
  • Another Problem with MFA – Slow Adoption
    Do the web sites your frequently visit offer two-factor authentication?  Have you enabled 2FA where it is available to you?  Is the particular implementation of 2FA or MFA security really adding any extra protection for you?   Not sure?  Please read on. Password management company Dashlane recen...
Page 4 of 8 «...23456...»