Tag Archives: phishing

4 Sneaky Ways Cybercriminals Used Phishing In 2017

10 Jan 18
lverbik
, , , , , , , , , , ,
No Comments

Cybercriminals were more active in 2017 than ever before, with a staggering array of high-profile hacking incidents in the news each month. Here are four of the ways hackers used phishing to penetrate some of the most secure networks in the country last year.

Shipping Info Scam: Last July, an Internet security company called Comodo outlined a phishing strategy that was zeroing in on small businesses. Hackers sent phishing e-mails out to more than 3,000 businesses with the subject line “Shipping information.” When the recipient clicked the tracking link in the body of the e-mail, it downloaded malware to their PCs.

WannaCry: This widespread ransomware exploited a weak point in the Windows operating system to infiltrate networks across the country. Once it was in, the malware locked users out of their files and demanded a hefty ransom to retrieve their data.

The Shadow Brokers: Last April, the ominously named Shadow Brokers released a huge number of classified tools used by the NSA, including Windows exploits, which hackers then used to infect businesses throughout the world.

Google Docs Phishing: In May, hackers sent out false Google Docs editing requests to over 3 million individuals. You know how the story goes — when recipients clicked the link, phishers gained access to their entire Gmail account.

 

SmallBizTrends.com 08/29/2017

4 E-mails You Should NEVER Open

17 May 17
lverbik
, , , , , , , , , , , , , , , , , ,
No Comments

No matter how “bomb-proof” we make your network, you and your employees can still invite a hacker in if you click on a link or open an attachment in an e-mail sent by a cybercriminal. Some spam is obvious (can you say, “Viagra at a discount”?) but others are VERY cleverly designed to sneak past all the filters and trick the recipient into opening the door. Known as a “phishing” e-mail, this still is the #1 way hackers circumvent firewalls, filters and antivirus, so it’s critical that you and your employees know how to spot a threatening e-mail. Here are four types of e-mail ploys you should be on high alert for.

The Authority E-mail. The most common phishing e-mails are ones impersonating your bank, the IRS or some authority figure. The rule of thumb is this: ANY e-mail that comes in where 1) you don’t PERSONALLY know the sender, including e-mails from the IRS, Microsoft or your “bank,” and 2) asks you to “verify” your account should be deleted. Remember, ANY important notification will be sent via old-fashioned snail mail. If it’s important, they can call you.

The “Account Verification” E-mail. Any e-mail that asks you to verify your password, bank information or login credentials, OR to update your account information, should be ignored. No legitimate vendor sends e-mails asking for this; they will simply ask you upon logging in to update or verify your information if that’s necessary.

The Typo E-mail. Another big warning sign is typos. E-mails coming from overseas (which is where most of these attacks come from) are written by people who do not speak or write English well. Therefore, if there are obvious typos or grammar mistakes, delete it.

The Zip File, PDF Or Invoice Attachment. Unless you specifically KNOW the sender of an e-mail, never, ever open an attachment. That includes PDFs, zip files, music and video files and anything referencing an unpaid invoice or accounting file (many hackers use this to get people in accounting departments to open e-mails). Of course, ANY file can carry a virus, so better to delete it than be sorry.