Phishing Awareness Training

Posted by Theresa Hietpas

Dec 21, 2016 5:00:29 PM

phishing image.jpg

How often do your employees click on links without knowing where they lead? How many attachments are opened without recognizing who the email came from? Hint: A lot more often than you think.  Most organizations have at least one click-through on a well-designed “Phishing” test…some as many as 10-25%.

Read More

Topics: Phishing attacks, training

Cyber-Security Begins with You!

Posted by Theresa Hietpas

Sep 23, 2015 1:54:00 PM

phishing on a smartphoneAt River Run, our mission is to keep your network up and running.  Our Technicians and Engineers work diligently to ensure the safety of your network with recommended software and hardware updates, malware protection, high quality firewalls, redundant backups, network monitoring, and more.  We can do everything technologically possible to protect your network, and you could still have a major breach of security because the “liveware” – you and your employees – accidentally opened the door.

Read More

Topics: Phishing attacks, Cyber Security

Hackers Target Lonely Hearts with Valentine's Spam & Phishing Scams

Posted by Eric Torres

Feb 10, 2012 9:01:00 AM

With Valentine's Day around the corner, cyber criminals are ramping up spam, phishing, and other attacks targeting the lovers' holiday

By Tony Bradley | PC World | Published: February 10, 2012

Read More

Topics: SPAM, Email scam, Online Scam, Phishing attacks, Virus Alert, Cyber Crime

3 Ways Mobile Devices Become Infected with Malware

Posted by Eric Torres

Jul 26, 2011 9:39:00 AM


mobile securitySocial engineers have been using various dirty tricks to fool people for centuries. Social engineering, the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques, is as old as crime itself and has been used in many ways for decades.

For the past several years online, social engineers have been trying to fool unsuspecting users into clicking on malicious links and giving up sensitive information by pretending to be old friends or trusted authorities on email and social networks.
And now that mobile devices have taken over our lives, social engineering is an attack method of choice to gain access to a person's smartphone or tablet.

Here are three examples of current cons being used by criminals to get inside your mobile device.

Malicious apps that look like legitimate apps

One example is the case of a popular and legitimate application Android users were purchasing that caused a virtual "steam" to appear on the screen of a smartphone. You could move your finger to scrape the virtual steam off, people love this sort of thing, although it served no real purpose.

But a malicious application that looked exactly like the virtual-steam application was created and many were conned into purchasing that one, instead of the authentic application. From a users perspective it is very hard to distinguish between an app that is legitimate with an app that turns out to be malicious.
What users ended up with was an application with unwanted things behind it. In some cases, the malicious application activated an SMS message from the victim's phone that was sent to request premium services and the user was charged. The attacker, meanwhile, would delete any return SMS messages acknowledging the charges so the victims had no idea they were being billed.

The best advice, don't install applications that come from un-trusted sources.
 
Malicious mobile apps that come from ads

In some cases, legitimate applications on a smartphone run bad advertisements. If the user clicked on the ad, they are taken to a web site that tricks the victim into thinking their battery is inefficient. The person is then asked to install an application to optimize the battery consumption, which is instead a malicious application.

Our advice is the same as with PC’s, be leery of any advertisement that is asking you to install an application.

Apps that claim to be for "security"

Another new mobile attack vector is a ZeuS malware variant that actually originates with an infected PC. When a user visits a banking site from an infected computer, they are prompted to download an authentication or security component onto their mobile device in order to complete the login process.

The attackers realize that users are using two-factor authentication. In many cases that second factor is implemented as a one-time password sent to the user's phone by the banking provider. Attackers were thinking: 'How can we get access to those credentials?' Their answer is: 'Attack the user's phone.'
The way this ruse works is once the PC is infected, the person logs onto their bank account and is told to download an application onto their phone in order to receive security messages, such as login credentials. But it is actually a malicious application from the same entity that is controlling the user's PC. Now they have access to not only the user's regular banking logon credentials, but also the second authentication factor sent to the victim via SMS. In many cases, people thought they simply were installing security applications, or in some cases, a security certificate.

Mobile devices, pure and simple, are hand-held computers and should be treated as such. The best way to protect yourself is to be cautious of not only the applications you install, but the links you click on in the web browser. If asked to download a file, application or security certificate, be leery and only download from trusted sources.




Read More

Topics: Phishing attacks, Communications, Browser, Malware, Apps, Smartphone, Android

Citibank Kept Quiet About Massive Data Theft of Personal Information

Posted by Eric Torres

Jun 9, 2011 8:55:00 PM

It is being reported that hackers have stolen the details of thousands of Citibank customers including their account details and personal information. As it turns out, this isn’t actually today’s news. This major security breach, resulting in the theft of personal information for nearly 200,000 Citibank customers, was actually stolen last month. You hadn’t heard? Neither have we, and that’s because Citibank chose to keep quiet about it until today.

Read More

Topics: Security, attacks, Online Privacy, Phishing attacks, Hacked

Banks Warn of Potential 'Spearphishing' Attacks

Posted by Eric Torres

Apr 6, 2011 1:16:00 PM

epsilon intl logo profileSecurity experts warned Monday that banking customers should worry about a wave of spearphishing attacks utilizing the recently-breached email database stolen from marketing firm Epsilon.

The email addresses leaked during the breach could be used to send targeted attacks to the customers of Epsilon's clients, which include a host of financial services providers such as Barclays Bank of Delaware, CapitalOne, Citibank and JPMorgan Chase. The banks are "freaking out" about the leak, says Avivah Liten, vice-president of security research for analyst firm Gartner.

"The attackers are going to use the records - that's what the banks are worried about," says Litan. "It might not even be focussed on the victim's bank accounts. They might just be interested in using the spearphishing attack to get on the desktop."

Friday, Epsilon warned its corporate customers that their client email addresses had been stolen by an attacker. While the company counts a number of major banks among its customers, other companies - such as Best Buy, Disney Destination, and Tivo - were also affected by the breach.

Epsilon says it continues to investigate the attack.
"The information that was obtained was limited to email addresses and/or customer names only," the company said in a statement. "A rigorous assessment determined that no other personally identifiable information associated with those names was at risk."

The attacks should convince companies to take a second, if not a third, look at their outsourced providers' security. While credit-card information comes with an industry mandated set of security standards, names and email addresses are not protected in the same way.

Click here for more information on this breach and who is at risk.

Read More

Topics: Email, Online Privacy, Phishing attacks, Virus Alert

Most Popular Posts

Subscribe

* indicates required

Posts by Topic

see all