The IRS is warning of a new series of phishing attacks targeting your finance, payroll and human resource departments. Some versions of this scam are requesting wire transfers as well. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
Here’s how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).
For the last year malware writers were using javascript files to distribute malware. Attackers have recently switched to less suspicious attachment types, most notably .LNK and .SVG files. LNK files are files for shortcuts or links to executable files. In this instance, ransomware/malware files.
SVG files are image files. Unfortunately this file format is allowed to contain javascript which of course means executable content is only an image preview away.
Those that have ContentCatcher are already protected with FileWall. The ContentCatcher team has added .lnk and .svg attachments hidden within zip files to the default drop list for your protection.
The Internet of Things is gaining ground. Many items purchased today have the ability to connect to the internet. Sadly, most of them have very little in terms of security but this is slowly changing. Now, we face something entirely different, privacy concerns. Recently police were trying to access records of an Amazon echo device to help solve a crime. In this particular case, an IOT water heater was also used to compile evidence based on how much water was used with the prosecutor saying, it was enough to wash away evidence. Thinking of business and IOT devices, it is extremely important to make sure these types of devices are protected. Attackers are gaining access and using the information found within to gain a stronger foothold, phish users or whatever else they have yet to think of for financial gain.
The role of a Security Information and Event Management (SIEM) system has shifted from being…
In an era where digital operations are the lifeblood of every enterprise, the concept of…
The digital safety of an organization no longer rests solely on a strong perimeter. With…
In the current digital climate, maintaining a secure network is no longer a matter of…
In the world of finance, trust is the only currency that truly matters. Yet, as…
In the boardroom of a typical mid-sized business, the conversation around cybersecurity has shifted. It…