Email Security | SC Media Email Security

Email Security

Ransom payments averaging $41,000 per incident

The average ransom payment paid out by victims increased 13 percent, to $41,000, during the last three months, but researchers noted the rate of increase has plateaued. Researchers at Coveware credited the victims with being better prepared to restore their data on their own negating the need to pay the ransom. However, that was not…

Greed is good… for this phishing scam

Cofense has come across a particularly seductive phishing scam that uses the lure of a wage increase to entice workers to spill their Microsoft Office 365 credentials. The spoofed email differs little from other varieties used in phishing attacks, except this one purportedly comes from a corporate human resources department regarding a company-wide pay hike…

Ontario Science Centre’s marking firm hit with breach, 174K affected

A third-party email vendor for the Ontario Science Centre suffered a data breach exposing some PII of 174,000 of the Centre’s members, donors and customers. The Centre learned of the breach on August 16 when the educational center’s outside email marketing firm Campaigners reported that sometime between July 23 and August 7 an unauthorized person…

UN, NGOs targeted by ongoing phishing attack

The United Nations and other non-government organizations have been undergoing spear phishing attacks since at least March of this year with the goal of obtaining staffers’ login credentials. The attackers are using compromised Office 365 credentials garnered through phishing attacks to enter the NGOs’ systems, enabling them to install phishing websites that mimic each organization’s…

Phishing scam behind Kalispell Regional Healthcare data breach

Kalispell Regional Healthcare (KRH) just reported a cyberattack that took place in late August and exposed patients’ health information. The Kalispell, Mont. facility had several employees fall for a phishing email scam, resulting in the attackers gaining the login credentials to KRH’s system, the hospital said in a statement. “This summer we discovered that several…

Millions of YouTube accounts hijacked through phishing and compromised 2FA

Cybersecurity executives blamed YouTube’s continued use of multifactor authentication and relying on user credentials instead of more advanced forms authentication as the reasons behind why millions of accounts were hijacked over the last few days. The attackers used phishing attacks that convinced account owners to give up their Google account login credentials, used that information…

Authorities arrest 281 alleged BEC scammers in ‘Operation reWired’ campaign

Law enforcement officials at home and abroad have arrested 281 individuals over a span of four months, in a massive crackdown on various business email compromise scams, the Justice Department announced yesterday. Dubbed Operation reWired, the coordinated campaign began in May 2019 and has resulted in 72 arrests in the U.S., and 167 in Nigeria,…

Bad bid: Malicious actors target government contractors

IT personnel working the trenches in the fight against malicious emails know that financial transactions — and the various documents that support and accompany those transactions — provide malicious actors seemingly endless fodder for clever phishing attacks designed to separate legitimate organizations from their money and reputations, as well as their customers, clients, and partners.…

Next post in Data Breach