We've got something really cool for you: the new Phishing Security Test v2.0!
It's got several great new features, and sending simulated phishing emails to train your employees is a fun and an effective best practice to patch your last line of defense... your users.
The phish-prone percentage is usually higher than you expect and is great ammo to get budget. You can now find out the current Phish-prone percentage of your organization and who might infect your network with ransomware.
Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including news media, and scientific research.
The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX. Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails.
A recent survey of 70 professional hackers and penetration testers found that 60% of them take a maximum of just six hours to compromise a target. The research titled The Black Report, was done at the 2016 Black Hat USA and Defcon by Australian technology company Nuix.
Google Research analyzed over a billion emails passing through Gmail, and the results were presented yesterday at the RSA security conference in San Francisco.
Extremely interesting stats: corporate email addresses are 6.2 times more likely to receive phishing attacks, 4.3X likely to receive malware compared to personal accounts, but 0.4X less likely to receive spam.
It is time to remind your users that heartless con artists use social engineering tactics to trick people looking for love.
The FBI's Internet Crime Complaint Center warns every year that scammers use poetry, flowers, and other gifts to reel in victims, the entire time declaring their "undying love."
These callous criminals -- who also troll social media sites and chat rooms in search of romantic victims -- usually claim to be Americans traveling or working abroad. In reality, they often live overseas and it's a whole industry with planned criminal campaigns focused on days like this.
More than 1,000 government computer systems shut down. A county in Ohio, US, has had to shut down its entire IT infrastructure due to a ransomware infection. County Auditor Mike Smith found a bright side on an otherwise gloomy day. "Apparently, our clock still works."
You now really have 300+ new ways to make sure your users Think Before They Click!
Wednesday Jan 4th, the SANS Internet Storm Center warned about an active phishing campaign that has malicious PDF attachments in a new scam to steal email credentials.
The SANS bulletin said that the email has the subject line “Assessment document” and the body contains a single PDF attachment that claims to be locked. A message reads: “PDF Secure File UNLOCK to Access File Content.”
John Bambenek, handler at SANS Internet Storm Center said: “This is an untargeted phishing campaign. They are not going after the most sophisticated users. They are going after Joe Cubicle that may not think twice about entering credentials to unlock a PDF,”
This is a large spray-and-pray campaign that hopes to get a small foothold into your org via an email account and then compromise, tunnel in or send spear-phishing attacks. Here is how it looks:
Our friends at www.Social-Engineer.org sent me some interesting news in their January newsletter: "Adobe recently announced Project VoCo at the November Adobe Max conference.
It’s purported to have the ability to take recordings of someone’s voice, then create audio that sounds like it is from that person. In a nutshell, it’s Photoshop for audio."
And they continued with: "According to Adobe, the software needs about twenty minutes of someone’s voice, and then it can recreate that voice exactly.