Tag: Social Engineering

endpoint security

Toward A Hybrid Workforce: The Future of IT Security

When 2020 began, no one could have predicted the working world’s massive shift to remote environments. Now, from VPNs to ever-expanding endpoints, remote security culture has become an integral aspect of today’s IT security.

Read More »
NCAM

Going Phishing: 10 Most Effective Scams

Strange correspondence in your email inbox? Unsolicited phone call from corporate? Though you may not know it, you’re on the wrong end of a phishing scam—and it’s time for you to sink or swim.

Read More »
best practices

Phishing Emails Win Again

For many, it’s a morning ritual. Come to work, grab a cup of coffee and start answering those emails. The sooner you’re caught up, the sooner you can get started on the day. Because of this, you may skim internal emails a little more quickly, only acting on what’s asked of you. After all, these work-related messages are from people you trust— right?

Read More »
BAI Security Audit

Insider Theft Leads to the Data Breach of 1.5 Million Bank Clients

Atlanta bank SunTrust recently announced that 1.5 million users have potentially been exposed to a criminal third party. Unlike most data exposures we’ve been hearing about, the source of SunTrust’s breach was not caused by cybercriminals, but rather a theft by an employee who gained access to sensitive client information without security clearance. Sources say the data theft could include information such as names, addresses, phone numbers and bank account balances of SunTrust customers. Simultaneously, SunTrust announced it will partner with Experian to offer identity protection for all consumer clients at no cost on an ongoing basis. Here’s what happened and how your organization can prevent falling victim to a similar scheme. An Untrustworthy Employee An ongoing investigation by SunTrust

Read More »
backdoor

The Hidden Flaws

Cyber attackers are known for their persistence. If they hit a pothole trying to break into your IT network, they won’t just give up and move on to their next target. Instead, they’ll redouble their efforts and probe your infrastructure, looking for new ways to grab your valuable data. Unfortunately, sometimes these vulnerabilities can be a bit beyond your reach. Rather than weak points in your security infrastructure, they’re baked into the very devices your business depends on. As some researchers recently discovered, a new vulnerability found in Intel chips could pose a potentially catastrophic risk for your business. Here’s what you need to know about this flaw and how you can protect yourself. The Backdoor The first thing you

Read More »
employee training

Employee Training is the Only Way to Prevent Social Engineering

Social engineering is currently one of the hottest topics within the IT security world – for good reason. The use of this attack method is only increasing, as phishing attempts grew by a whopping 250% between October 2015 and March 2016, and to make matters worse, combatting this threat poses a very unique challenge. While phishing methods can sometimes be blocked by email spam protections and other similar barriers, detection mostly falls on employees who are challenged to figure out what is real or not. This can be much more difficult than it seems – and it’s only getting harder. Take the following into consideration. Emails can appear as though they are sent from official sources – with official graphics, signatures and

Read More »
banks

Employers Beware: W-2 Scams Running Rampant

Employees count on their employers to keep their private information safe. This is especially true during one of the most information-sensitive times of the year: tax season. For attackers who rely on social engineering tactics, targeting organizations right now can be a potential goldmine. We’ve previously discussed how social engineering tries to trick members of your staff into giving out valuable information – oftentimes by posing as official sources who need the requested information now. This is a threat you should stay on high alert for year round, but recent news should have you more aware and wary of requests centered around employee tax information. A Common Scam A few high profile social engineering attacks have made the round recently, but let’s

Read More »
Cybersecurity

Smarter Protection: 2016’s Worst Passwords and How to Improve Them

You’ve heard this before, but it’s such a pressing issue that we’ll repeat it again: you need to create safe passwords. That means not just coming up with one password with uppercase and lowercase characters, punctuation and numbers, then using it as your login everywhere. You need to create different passwords for every account you own. We bring this up for a good reason: people still aren’t taking passwords seriously. A study released by Keeper Security, a password management software vendor, detailed the 10 million passwords uncovered by data breaches in 2016. You can view the full list here, but examples from the top five include: 123456, 123456789, qwerty, 12345678 and 111111. Of course, the standard fallback of “password” comes in

Read More »
Compliance

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. Phishing, as we’ve previously written about, is a scam that uses seemingly legitimate links to take you somewhere you didn’t intend to go. This can be done by subtly changing a URL address, which is exactly what was done in this case. The Scam Per the HHS, this phishing email campaign masquerades as a message regarding HIPAA compliance audits from the HHS’ Office for Civil

Read More »
IT Security

Social Engineering: What It Is, and How You Can Prevent It

You’re probably aware of some standard IT security threats, like viruses, ransomware, various different kinds of malware and more. These make headlines and, more importantly, fit our conception of standard cyber-criminal attacks – programs designed to steal our data and information. However, there are arguably more pressing threats to your business that you may not be familiar with. From time to time, your security profile can fall under attack, and you won’t know until it’s too late. Meet one of the most pressing IT security threats facing the world right now: social engineering. The Threat Social engineering is a method of getting people to willingly give out valuable information about either themselves or a company that employs them. Classified as a

Read More »