2018 has been a busy year for new threats spread via email, with spear-phishing and Business-Email-Compromise (CEO fraud) the rising star for cyber-criminals intent on draining your bank account. Recent victims include Google and Facebook ($100 million lost), McEwan University (almost $12 million lost), a New York judge ($1 million), and a Dutch cinema chain (over $21.5 million). These threats will continue to grow as cyber-criminals try new tactics to separate you from your money. The latest trend involves using encrypted HTTPS connections to trick users into thinking they’re visiting a secure site. This means users can no longer trust a site that displays the green padlock icon in the address bar. Always verify that you’re visiting a legitimate site before entering any personal information such as Social Security or credit card numbers, otherwise, your private data could be transmitted to a hacker.
As we continue to bring awareness to these threats, new ones emerge almost daily. In the past three months, a cyber-espionage group known as Seedworm (aka MuddyWater) has used spear-phishing attacks to infect 131 individuals with the Powermuddy backdoor (a new variant of their Powermud backdoor). Once a system has been compromised, this malware runs a tool that steals passwords from a user’s browser and email, often leading to access to the victim’s email and social media accounts.
Protect Yourself from the Latest Threats
Over the years, I’ve posted many times about phishing, spear-phishing, and other threats, with a variety of suggestions for protecting yourself and your business from becoming the next victim. Throughout these posts (from oldest to newest), you’ll find lots of tips to avoid being tricked by these email-borne scams.
- Using DKIM, SPF & DMARC to Protect your Brand and Customers from Spear Phishing
- New How-to Guide: Protecting Outbound Mail with DMARC
- Grabit Campaign Spread via Phishing Attacks Spies on SMBs
- Ransomware and Banking Trojans are Big Business
- Are you taking the security of your email account seriously?
- Are you doing enough to protect your email privacy?
- Beware of New Amazon.com Phishing Scam
- 18 Email Safety Tips Every User Should Know
- With today’s massive ransomware outbreak, here are a few reminders of how to avoid becoming a victim.
- Don’t Get Hit by the Whaler’s Harpoon
- 10 Tips to Identify a Phishing Email
- Business Email Compromise – The 12 Billion Dollar Threat to Your Business
- Four-Step Swindle: The Anatomy of a Business Email Compromise Attack
- Avoid Business Email Compromise and CEO Fraud Attacks with these 10 Best Practices to Protect Your Business
As the threat landscape continues to evolve, businesses of all sizes must maintain awareness of the latest email-borne threats and educate staff at all levels, from entry level to C-suite. After all, without the right tools and procedures in place, it only takes one misguided mouse click to damage a business’ reputation or send it into bankruptcy.