Phishing Email

Phishing EmailPhishing emails look surprisingly legitimate when you don’t know what you’re looking for.  74% of targeted cyber attacks come from email.  In a recent FBI report, ransomware and phishing scams are increasing rapidly with over 246 million dollars compromised in 2015.

Email used to be a much safer exchange.  Spam firewalls kept the bad stuff out and Sandboxing stopped zero-day threats, but gateways are blind to social engineering.  Attacks are now coming in through the “back door” and able to get around security gateways.

Think of cyber criminals like super spies who watch you online.  They know who you are, where you work, your online habits, and who you know.  This information allows them to send you emails from a “trusted” source whether it be from a financial institution or a co-worker.

Phishing Emails

Phishing emails are designed to obtain information by having you click on a link to update financial information.  Check out the example below outlining what you should be looking for.

Phishing Email Example
It’s important to thoroughly check your email to make sure it says the correct information and websites. Often times, the website link will be misspelled (ie: faceboook.com, citybank.com).  It’s best to hover over the link to see what it says.  If you do happen to click on it, make sure it’s the correct website in the browser.  If not, close the browser immediately.

Spear Phishing

In spear phishing, cyber criminals do more digging and spend time researching their highly targeted victim.  The criminal stalks your personal social media profiles and websites you access before baiting you with an email that looks legitimate.  The more time they spend observing your actions, the more they can send you a convincing scam you’ll fall for.

Spear Phishing example

Clara was tagged in her boss, George’s photo on Facebook.  The criminal then finds Clara on LinkedIn and finds out information about her job and company.

Anatomy of spear phishing email

Using the information the criminal found out on social media, he sends an email to Clara from “George” mentioning the party they were both at the previous night.  The criminal follows that up with a request for a money transfer.

Facts

Poor employee behavior is a greater email security concern than inadequate tools.  This is why it’s imperative to educate and test your employees about proper protocol on company network, email, and devices.

Interested in training your employees and learning how to protect your company?  Ask about our managed IT services, which includes cyber-security, employee training/testing as well as back-up and recovery options.

Sign up for our cyber security newsletter to receive more tips to keep you safe.









Graphics & info provided by Barracuda.

There’s a new report out by ProofPoint and its findings for businesses are grim, with business email attacks being the biggest problem.

It’s no secret that businesses of all shapes and sizes are coming under increasing fire from hackers around the world.

Now we have hard data that shows us exactly how big of an increase we’re seeing.

Here are some of the key findings in the report:
  • Email fraud attacks targeting businesses have increased 25 percent in the last quarter alone.
  • They have increased by a staggering 85 percent from this time last year.
  • Phishing links sent via social media platforms have increased by 30 percent.
  • 60 percent of those phishing links specifically targeted individual contributors and lower-level corporate management.
  • 23 percent of attacks targeted employees working in operations and production.
  • Incidents of customer support fraud increased by 39 percent, compared to the previous quarter. This increased a whopping 400 percent compared with this time last year.
Nick Frost (a co-founder of the Cyber Risk Management Group) had this to say about the disturbing report:

“Key to this is engineering emails and spoofing email addresses to a level of sophistication that fails to alert the recipient that there is anything suspicious about the email. Techniques such as web crawling and web scraping are able to collect and collate key information about an individual that can be used in crafting an email, accompanied by a link (as part of a phishing attack) to an unsuspecting user.

Whilst there are many legitimate web crawlers and many are enabled for business reasons, there may be organizations and individuals that wish for their information not to be collected and shared either for legitimate or adversarial purposes. There are tools that organizations can adopt that prevent or even delay web crawlers.”

Training is the first line of defense here. If you’re not doing it already, you should be holding regular phishing simulations so your employees become adept at spotting them.  Brash Concepts offers free employee training to all of our managed services clients.  Contact us to help inform your staff and get your company protected.

Cybercrime is at an all-time high, and hackers are setting their sights on small and medium businesses who are “low hanging fruit.” Don’t be their next victim! Click here to download this free report that reveals the most common ways that hackers get in and how to protect yourself today.

Used with permission from Article Aggregator

Employee Vulnerability Assessment by Brash Concepts

As a courtesy to all of our clients, we offer free security scans and employee security training. >>Contact us for details.

Ransomware is an epidemic for small to midsize businesses and email phishing scams continue to be the attack vector of choice for cyber-criminals. However, technology alone cannot provide adequate security defense, as employees must be trained to avoid common security threats.

Recent security reports reveal that 95% of data breaches are caused by employee error. Without proper training to spot and avoid falling victim to phishing attempts, employees will continue to be the weakest link in an organizations security defense.

Brash Concepts Security Awareness Program helps to transform a business’ weakest link into their strongest defense!

Great Learning Experience and Valuable Tool to Battle Ransomware.

Jonathan G, Customer Service Manager, Kent Bicycles

Client Focused

Brash Concepts Security Awareness Program is a robust security platform that protects our clients’ businesses, by providing customized security awareness training, simulated phishing campaigns, detailed security policies and thorough security risk assessments, all through a single client-branded portal.

The Brash Concepts Difference:

✔Client Focused

✔Flexible Pricing Terms

✔Monthly Newsletter

✔Revolutionary Training Tools

Why use Employee Awareness?

➙ Rich training modules that encourage employee engagement and security adherence

➙ Consistent platform enhancements based on client feedback and market trends

➙ Real-world security training modules

➙ Flexible phishing campaigns & extensive template library

Employee Vulnerability Assessment
The Employee Vulnerability Assessment raises the bar when it comes to employee defense.

Dark Web Breach Assessments (DWBA) & Security Training

With our standard level of service, our clients can run a Dark Web Breach Assessment on up to 3 domains. This robust dark web breach assessment, allows our clients to evaluate potential exposure, and identify breached credentials on the dark web that may be putting their business at risk!

Our clients can also perform insightful phishing campaigns to test employee security mindfulness, as well as roll out engaging security awareness training.

Show your management that data breaches can happen to anyone – give examples of businesses JUST LIKE YOURS that have fallen victim to cybercrime.

Prove security risk with a free Dark Web Breach Assessment and phishing campaign.

Convince your management they need security awareness training, to help protect their business from data theft.

Dark Web Breach Assessment
Dark Web Breach Assessments help partners show the security risks to an organization based on breached employee data.

Advanced Awareness & Employee Vulnerability Assessment (EVA)

Make education continuous with our Advanced Awareness Program. Invaluable client branded services like weekly micro-trainings, informative security newsletters, simulated phishing campaigns, continuous DWBAs, and security risk assessment for one low monthly cost. Our revolutionary Employee Vulnerability Assessment (EVA) combines security metrics into an Employee Secure Score (ESS), so our clients can see which employees are their weakest links! By quickly determining an employees ESS, we can confidently recommend security remediation services to help our clients strengthen their security posture!

✔Increase employee engagement by monitoring individual ESS!

✔Employees stay engaged with friendly competition via a leaderboard!

✔Test employee retention and run simulated phishing campaigns!

If you’re already one of our clients, email sandy@brashconcepts.com to claim your free training or ask about our advanced awareness plan (details below).

Not a client? Not a problem, contact us for a consultation.

Advanced Awareness & Employee Vulnerability Assessment (EVA)

Make education continuous with our Advanced Awareness Program. Invaluable client branded services like weekly micro-trainings, informative security newsletters, simulated phishing campaigns, continuous DWBAs, and security risk assessment for one low monthly cost. Our revolutionary Employee Vulnerability Assessment (EVA) combines security metrics into an Employee Secure Score (ESS), so our clients can see which employees are their weakest links! By quickly determining an employees ESS, we can confidently recommend security remediation services to help our clients strengthen their security posture!

✔Increase employee engagement by monitoring individual ESS!

✔Employees stay engaged with friendly competition via a leaderboard!

✔Test employee retention and run simulated phishing campaigns!