Tag Archives: email fraud

Immediate Vault

Prevent Your Employees From Getting Tricked by Phishing Emails

Posted on by

We all know to watch for suspicious emails. But phishing emails are becoming increasingly more sophisticated, tricking even the savviest among us. The costs to consumers, businesses and institutions keep adding up: According to the FBI, online theft, fraud and exploitation totaled $2.7 billion in financial losses in 2018.

The most expensive complaints involve business email compromise (BEC), a tool that cybercriminals use to launch many types of cybercrimes, from misdirected payment and inventory fraud to ransomware attacks.

More than a third of businesses (37%) surveyed nationally for HSB by Zogby Analytics received an email from someone pretending to be a senior manager or vendor requesting payments. The businesses reported that almost half of employees receiving those emails (47%) responded by transferring company funds, resulting in tens of thousands of dollars in losses. For some types of businesses and government entities, the payment frauds can reach hundreds of thousands to millions of dollars.

Three Tips to Help Employees Avoid Cyber Fraud

What can a business or institution do to help prevent employees from falling for email phishing schemes? Here are three tips to avoid falling for the latest tricks:

  1. Check the Source

Before you open an email, take a moment to consider the source of the email and whether that person is likely to send you an attachment or link. Check the email address, screen name or phone number associated with the message.

online pharmacy estrace with best prices today in the USA

Hackers often mimic an email address that you would trust with one letter or number off from the original name or domain.

The address may even look exactly like a trusted contact but when you mouse-over the name, you can see that the address is different. A hacked email account can also be used to send malicious content, so be sure to evaluate the content of the message.

  1. Check the Content

Before you click on a link or download an attachment, take a good look. Many times, if you copy the link or name of the attachment into a search engine, you can find out whether cybercriminals are actively using the content to spread malicious content, like a virus or ransomware.

Ask yourself whether this is the type of content you usually receive from the sender. Are you expecting an attachment? Even if you are expecting an attachment, does it appear, from the name and type of file, that it is legitimate? Is the attachment or link the only content of the email?

If you have doubts, delete the message or call the sender at a number you have verified as theirs.

online pharmacy zetia with best prices today in the USA

Also, hackers often make an urgent request to trick victims into clicking on malicious links or files. Any urgent request sent via email should be verified in-person.

  1. What if I Clicked on the Wrong Thing?

Everyone makes mistakes. You would not be the first person to click on a bad link or download a bad file. But even if nothing happens immediately, there is no guarantee that the threat is gone.

Malware can lay dormant for weeks, months, or even years before activation. It may also be transmitting information in the background without your knowledge.

So, act as soon as you realize you clicked on a bad link or file. Alert your information technology security department right away. If you are a smaller operation, run a virus scan and keep an eye on your financial information.

online pharmacy cymbalta with best prices today in the USA

Ransomware Down, Extortion and Email Fraud Up in 2018, Proofpoint Finds

Posted on by

Ransomware may have waned at the end of last year, but that gave way to straight-up extortion, according to Proofpoint’s newest Quarterly Threat Report, Q4 2018.

Despite a slight resurgence in the middle of last year, ransomware strains appeared in “relatively small, sporadic email campaigns” that by Dec.

buy tobradex online healthdirectionsinc.com/flash/swf/tobradex.html no prescription pharmacy

31, 2018, comprised one-tenth of 1% of overall malicious message volume.

buy cymbalta online healthdirectionsinc.com/flash/swf/cymbalta.html no prescription pharmacy

buy elavil online https://royalcitydrugs.com/elavil.html no prescription

The consequence of this seemingly-good news was that direct extortion once again came en vogue, albeit in cyber form. The newest threats often took the form of “sextortion,” in which actors threaten to reveal compromising information (like revealing photos or video) or take destructive action if the victim does not pay a fee.

buy zofran online healthdirectionsinc.com/flash/swf/zofran.html no prescription pharmacy

Proofpoint theorized that actors have reverted to extortion simply because it is more cost efficient.

The report recommended tips to spot a sextortionist and call their bluff:

With rare exceptions, these emails do not contain malware or malicious links and rely on the human factor to trick recipients. Often, the threatening emails include “evidence” of compromise, such as an old password that the actor may have obtained from a data breach or simply guessed.

Additional findings and highlights from the report included:

  • 60% of companies’ domains were spoofed by email fraudsters, a nearly 10% increase from Q3.
  • Email fraud attacks against targeted companies increased by 226% quarter-over-quarter, and 476% vs. Q4 2017. Telecommunications, education and transportation were the industries experiencing this activity most.
  • Incidents of social media support fraud, or “angler phishing” – a type of phishing in which attackers attempt to insert themselves in legitimate conversations between consumers and brand-owned social media accounts – increased by nearly 40% from the prior quarter and saw an overall increase of 500% in 2018.
  • Emails leveraging malicious URLs outnumbered malicious attachments by roughly two-to-one for Q4 and three-to-one for the entire year.

Visit here for Proofpoint’s full quarterly report.