When people mention AI, or artificial intelligence, do you feel lost?
Do you feel confused when your coworkers talk about AI? You're not alone! Many people don't understand artificial intelligence, and that can be scary. It is becoming a big part of many jobs. If you don't learn about it soon, you might lose your job.
Work faster and smarter
The good news is… there's an easy way to catch up. The book AI for Beginners can teach you all about artificial intelligence in simple words. It explains things like how artificial intelligence helps with research and writing. You'll learn how to work faster and smarter.
Don't let yourself feel lost anymore. If you don't learn it now, you might lose out on job opportunities or worse, lose your ... Read More
2FA can be beaten
A new phishing attack method shows that even the mighty Two-Factor Authentication (2FA) can be beaten without needing to possess a user’s mobile device.
We’d like to think that using 2FA surrounds the logon process with such a high level of security that it can’t be broken. But a recent phishing attack shows that simple mix of social engineering and quick backend hacking can successfully work around the most basic of 2FA – two-factor, SMS one-time password (OTP) authentication.
Researchers at Certfa Labs recently identified the attack scheme created by the cybercriminal group Charming Kitten (who hacked HBO back in 2017). The phishing attack uses the Google’s Site Service (which uses the subdomain sites.google.com) to establish credibility and to deceive their potential victims.
Fake notices to Google users
Users are initially ... Read More
12 Ways to Hack MFA
Special thank you to Author Roger Grimes, KnowBe4's Data-driven Defense Evangelist.
It was a standing room-only crowd when I gave it at Blackhat USA in Las Vegas this year, and I’m giving it again at this coming year’s RSA. If you’re interested in seeing it before then, do an Internet search on ’12 Ways to Hack 2FA Grimes’ and you are sure to get lots of opportunities to view one of the many previous presentations.
It seems to have hit a digital nerve with computer defenders and end-users alike. I think the reason it is so interesting is that it is surprising to many people that multi-factor authentication (MFA) does not protect you from hackers (including simple phishing) as much as you would ... Read More
Phishing campaign tricks financial industry employees
Researchers at Menlo Labs have spotted a new phishing campaign aimed at tricking employees of US banks and financial firms into downloading Houdini Malware.
It’s no surprise that cybercriminals are going where the money is – in this case, literally. A phishing campaign that has been running since August has been identified seeking to compromise business endpoints using a combinations of tactics:
Reputation Jacking – all of the files were hosted on Google’s Cloud Storage (storage.googleapis.com). This use of well-known, popular hosting services helps to avoid detection. (According to Menlo Lab’s most recent Annual State of the Web Report, 4,600 phishing sites used legitimate hosting services.
Archived Files – the files linked to in these campaigns were zip or gz archive files, further obfuscating the malicious payload.
... Read More
Phishing and file sharing are Wall of Shame bait
Internet thieves have long used file sharing sites and services to host their malicious files. When they do this, they typically use the underlying service to generate download links that anyone can click without logging in to the hosting service. Makes sense when you're blasting out thousands upon thousands phishing emails with malicious links. You want to set the table for a feast, not an intimate dinner for two.
The other thing the bad guys typically do, however, is generate their own emails instead of using the underlying hosting service to deliver their malicious links to a wide audience. Doing so reduces the chances that the service notices something is amiss (like mass spam deluges erupting from their own servers) ... Read More
Criminal gangs are behind CEO fraud
A new study by Agari concludes that, despite all the finger pointing and attention some countries' services have been getting for their phishing attacks, the big threat still comes from criminal gangs.
Here is your quick Executive Summary:
97% of people who answer a CEO Fraud email become victims
The average CEO fraud incident included a payment request of $35,500 (ranging from $1,500 to $201,805)
24% of all observed email scam attempts between 2011 and 2018 were CEO fraud even though CEO fraud only started in earnest in 2016
And what's that country?
Many of those criminal gangs continue to operate from Nigeria, of the ten gangs engaged in the email scams that Agari studied, nine were based in Nigeria. Conclusion: the old Nigerian 419 ... Read More
CEO fraud up 136% worldwide
The FBI is again warning of the threat posed by CEO Fraud and email account compromise (EAC). Together, says the FBI, these have cost businesses $12 billion between December 2016 and May 2018. That represents a 136% increase in reported losses worldwide.
The scams have been reported in all 50 United States and in 150 countries. Small, medium, and large businesses have all been affected. The attempts at theft depend upon compromise of a legitimate account or device. They often involve fraudulent wire transfers, but they can also simply target personally identifiable information, payroll data, or tax information.
The real estate sector has been heavily targeted recently
Victims include not only real estate agents, but also title companies, supporting law firms, and, of course, property ... Read More
CEO Fraud happens to small and medium sized businesses too
Lloyds Bank says CEO Fraud rose by 58% in the UK over the past year. although CEO Fraud is often associated with large firms, Lloyds’ results show the contrary: about half-a-million small and medium enterprises were victims. These smaller organizations lost an average of £27,000 each time they were hit with an impersonation scam.
The organizations most affected were, in order, law firms, human resources departments, IT workers, and financial firms. Lloyds thinks the actual rate of attack may be higher than what they reported. Their study is of course based on the self-reporting of victims, and Lloyds believes that as many as one in twenty victims conceals their mistake to avoid embarrassment in front of colleagues.
Scammers ... Read More
I have previously written on Multi Factor Authentication. Multi Factor Authentication (MFA) is a more secure login solution than merely Single Factor Authentication. Single Factor challenges your access based on one trait, usually a password. Multi Factor challenges for at least two traits, including:
What you know. This could be a password.
What you have. This could include your phone with an authentication app, or the ability to receive PINs via text.
What you are. This could include a retinal or fingerprint scan. Yes. Retinas (the back of the eyeball) are as unique as fingerprints.
I am advocating you adopt Twilio Authy as your primary Multi Factor Authentication solution. although Google Authenticator is a big name, here’s a summary of why you should adopt Authy…
The UP ... Read More
Schwab broker lied
A former broker for Charles Schwab & Co. was fined $5,000 and suspended for 90 days by the Financial Industry Regulatory Authority Inc for lying to Schwab about a CEO Fraud attack in which he wired nearly $800,000 to someone impersonating one of his customers.
Fired because he violated Schwab's policy
Deming Payne, who resigned from Schwab in September 2017 after admitting that he violated firm policy regarding the documentation of outbound calls, is no longer employed in the securities industry. The Financial Industry Regulatory Authority Inc., in its letter of acceptance, waiver and consent, said that in August 2017, Mr. Payne received requests via email from an individual posing as a customer to process eight wire transfers from the customer's account.
Imposter got away with $794,860
In total, wire ... Read More