It’s Tax Identity Theft Awareness Week in the United States, which means that tax-related identity theft happens often enough to get the government’s attention. The Federal Trade Commission (FTC) and Internal Revenue Service (IRS) have provided the public with a number of resources to help raise awareness on this issue. In this article, the FTC gives a short description on how tax identity theft works:
High volume spam is a seasonal business. Over many years spammers discovered best times of the year to ensure the highest possible response rate to their messages. It turns out that the period between Black Friday and the last day for Christmas shipping is one of the best times to reach an intended audience with malicious messages. It is a time of the year when we all do a lot of online shopping and are expecting confirmation emails from retailers we purchased goods from and tracking messages telling us where our packages are.
Here at Barracuda, we noticed this trend happening in the weeks leading up to Christmas. There was a large increase in fake UPS and FedEx messages and fake confirmation emails from your favorite e-tailers during this time.
Barracuda Essentials for Office 365 customers can now access security training at no cost thanks to a new partnership between Barracuda and KnowBe4. The training focuses on helping users identify potential threats like phishing and ransomware. For full details, see the press release here.
KnowBe4 is one of the world’s most popular integrated new school security awareness training and simulated phishing platform, is used by more than 6,500 organizations worldwide. Because users are often the weakest link in a security system, KnowBe4 offers educational courses and simulations that help users become an additional layer of security for the company.
According to the FBI, Business Email Compromise (BEC) is now a $3.1B business. The FBI defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” This has also become known as Spear Phishing.
I spend a lot of time talking with customers about their business and how they run their IT infrastructure to meet those business needs. Traditionally, IT’s primary role has been to deploy and manage infrastructure and applications that drive their business. Because of the evolving threat landscape, IT has been forced to a position of protecting users from themselves.
Wednesday, September 7, 2016
10:00 a.m. Pacific Register now
Thursday, September 22, 2016
10:00 a.m. Pacific Register now
These days it’s rare to read the news and for there not to be an article about some sort of security breach. Ransomware and phishing (in its various forms) have been around for years – they aren’t exactly new news. So why are they making headlines?
In short – it’s about big money, bold attacks, and the ability to evade the law. In 2016, the FBI estimates that $2.3 billion have been extorted from CEOs in email scams. Additionally, IDG estimates that 93% of phishing emails are ransomware—and we are barely even scratching the surface. It doesn’t matter how you look at it; if you’re anything like me, you’ll be left wondering when it’s your turn.
Despite the ubiquity of file sharing services like OneDrive and Google Docs, many information workers are still using email to share documents and other files. Radicati reports that the number of business emails sent and received per day will reach 116.4 billion by the end of 2016, and a good number of them will include an attachment. Regardless of the potential version conflicts and security risks, email remains a fast and convenient way for users to review and collaborate on a document.
Because of the huge volume of documents that are shared via email each day, antivirus (AV) technologies around the world are constantly evaluating email attachments for potentially malicious files. Last week the threat detection community ran into a problem when a public domain AV signature provider wrongfully categorized all Microsoft .doc files as a virus. This led to a large number of legitimate Microsoft Word documents to be blocked from transmission when they encountered an AV layer.