The IRS is warning of a new series of phishing attacks targeting your finance, payroll and human resource departments. Some versions of this scam are requesting wire transfers as well. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
Here’s how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).
For the last year malware writers were using javascript files to distribute malware. Attackers have recently switched to less suspicious attachment types, most notably .LNK and .SVG files. LNK files are files for shortcuts or links to executable files. In this instance, ransomware/malware files.
SVG files are image files. Unfortunately this file format is allowed to contain javascript which of course means executable content is only an image preview away.
Those that have ContentCatcher are already protected with FileWall. The ContentCatcher team has added .lnk and .svg attachments hidden within zip files to the default drop list for your protection.
The Internet of Things is gaining ground. Many items purchased today have the ability to connect to the internet. Sadly, most of them have very little in terms of security but this is slowly changing. Now, we face something entirely different, privacy concerns. Recently police were trying to access records of an Amazon echo device to help solve a crime. In this particular case, an IOT water heater was also used to compile evidence based on how much water was used with the prosecutor saying, it was enough to wash away evidence. Thinking of business and IOT devices, it is extremely important to make sure these types of devices are protected. Attackers are gaining access and using the information found within to gain a stronger foothold, phish users or whatever else they have yet to think of for financial gain.
In today's digitized world, the protection of a business's IT infrastructure has become more crucial…
As cybersecurity threats grow more complex, organizations are turning to advanced solutions to protect their…
In the world of cybersecurity, two powerful tools frequently come up in discussions around threat…
In the ever-evolving cybersecurity landscape, businesses are increasingly looking for ways to protect their data…
In an increasingly digital world, businesses must be able to monitor, detect, and respond to…
In today’s digital world, security is a priority for every business, regardless of size. Cyber…