A Scary Incident of a $21.5 Million Successful CEO Phishing Fraud

Phishing is a scam usually executed via email or text messaging. The perpetrator usually poses as someone you know and they induce you to send them money. The incident explained below could also be called spear phishing or whaling, in [...]

A Scary Incident of a $21.5 Million Successful CEO Phishing Fraud2018-11-28T16:13:51+00:00

Auto-fill Phishing Attack – This is scary. You better turn off your browser’s auto-fill feature.

There is interesting breaking news from web developer and hacker Viljami Kuosmanen as reported in The Guardian - Browser autofill used to steal personal details in new phishing attack.

 “The phising attack is brutally simple… when a user fills in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.

Disabling Autofill in Web Browsers

Google Chrome

1.       At the top right, click on the Settings icon (represented by three vertical dots)....

Auto-fill Phishing Attack – This is scary. You better turn off your browser’s auto-fill feature.2017-06-27T15:53:24+00:00

Don’t go on a phishing trip!

Kevin McDonald guest writes a blog for Dave Berkus' BerkonomicsTUESDAY, June 21st, 2016 Don’t go on a phishing trip!By Kevin McDonaldPhishing, a play on the word “fishing,” is a dangerous form of executive or CEO email fraud, and is negatively [...]

Don’t go on a phishing trip!2017-05-25T15:17:58+00:00

Ransomware and Phishing Awareness Training for your end-users

If you don’t treat network security as important, don’t expect your users to treat security as important.Irvine, CA - Ransomware and phishing threats are the most prevalent cyber-risk problem facing your organization today. Securing your system is a layered approach, [...]

Ransomware and Phishing Awareness Training for your end-users2016-05-23T21:01:21+00:00

What is Phishing, aka Social Engineering, and How Do I Avoid It?

I recently warned of a very large recent upsurge in ransomware.  Now I must warn you to beware of new successful social engineering exploits.  What is social engineering?

Wikipedia has a good definition:

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

In other words, phishing, the internet term for social engineering scams is simply a way to trick you into doing something so that you reveal vital information like bank account info, tax return info or send money unwittingly to a devious person.

Let me tell you about social engineering exploits in three recent real world examples.  In the first case, City of Hope in Duarte, CA (City of Hope employees fall victim to phishing attack) had three employees targeted by a phishing scam. They unwittingly revealed protected health information (PHI) which by law must be kept confidential. In the other two cases, the loss of data was much more vast. Both Seagate Technologies (Seagate Phish Exposes All Employee W-2’s) and Snapchat (Snapchat falls hook, line & sinker in phishing attack: Employee data leaked after CEO email scam) had an employee get tricked into providing W2 information on all past and current...

What is Phishing, aka Social Engineering, and How Do I Avoid It?2017-09-18T00:27:31+00:00