Cybersecurity RESOURCES

Business Email Compromise (BEC) is a sophisticated email scam where cybercriminals trick victims into transferring funds or sharing sensitive data. Learn more about common BEC attack types, how they work, and essential strategies for protection.

Microsoft 365 accounts are facing an extensive password spraying attack by a Chinese botnet, which possesses the ability to bypass multifactor authentication (MFA). This botnet comprises over 130,000 compromised devices, utilizing stolen credentials from infostealer accounts and then systematically attempting to log into M365 accounts globally.

With recruiters using LinkedIn as a very popular way to research and reach out to potential candidates, bad actors have begun to try to abuse people’s trust and desire for new challenges to lure them in with fake job opportunities as a way capture their credentials and deliver additional malware.

The IRS has already made several reminders for individuals to be aware of bad actors trying to take advantage of this season to gain access to your personal data and finances. Read tips and guidance taken directly from the IRS’ website, including associated links to stay safe during tax season.

As the holiday season approaches, there’s a beautiful spirit of giving that fills the air, with many of us feeling inspired to spread joy and lend a helping hand to those in need. However, the rise of charity scams that prey on the kind-hearted are becoming more and more common. Read about one woman who opened her heart – and her wallet – to a charity, only to end up scrambling to secure her accounts and recover money lost to scammers.

Take a minute and think about the password(s) you use in both your professional and personal capacities. When passwords are reused or weak, they are far more susceptible to being stolen. One stolen password can lead to a detrimental data breach for your organization.

To prepare for the FFIEC Cybersecurity Assessment Tool sunset date, financial institutions should identify a new framework around which to build their programs and self-assess themselves against that framework using a risk based approach to ascertain that the appropriate level of maturity is reached within various areas.

As the excitement of Black Friday and Cyber Monday draws shoppers in with unbeatable deals and discounts, it’s important to remember that the online shopping frenzy also brings increased cybersecurity risks.

Contrary to the common belief that fraud schemes are quick scams leading to minor losses, one woman was deceived into thinking she was a prime suspect in a money laundering operation for three long months. Fearing imprisonment or deportation, she became entangled in the deception and lost $300,000 before discovering it was a scam.

With the remote workforce not showing any signs of slowing down, many organizations are starting to evaluate and implement ways to access these systems through the usage of Remote Access Tools. While these tools provide an incredible amount of value to an organization to stay connected and retain access, Remote Access Tools are a significant attack vector in cybersecurity and are something that should not be taken lightly.

Election years are a critical moment for any democracy. Unfortunately, they are also prime opportunities for hackers and cybercriminals to exploit the heightened political atmosphere.  A voter registration verification scam is a common and deceptive tactic employed by cybercriminals. These scams specifically target individuals, tricking them into divulging sensitive personal information under the guise of verifying or updating their voter registration status.

CISA is alerting the public to be cautious of potential cyber scams following hurricanes. After major natural disasters, fraudulent emails and social media messages—often containing harmful links or attachments—are common.

Announcing the NEW GRID Active Cyber Risk Readiness Action Dashboard.  The additions to DefenseStorm’s Cyber Security Risk Management platform delivers customers with an overview and actionable steps to stay ready against cyber attacks

The Federal Financial Institutions Examination Council (FFIEC) released important information surrounding the commonly used Cybersecurity Assessment Tool (CAT).

During the process of purchasing a house, newlyweds Lilah Jones and her husband were deceived into sending money to a scammer. The fraudster used the scam, Business Email Compromise (BEC), to pose as the title company. False wiring instructions were provided, leading the couple to transfer a $130,000 downpayment to a fraudulent account instead of the title company.

In April 2024, a known threat actor calling themselves USDoD claimed to possess and sell approximately 2.9 billion records from National Public Data, which included individuals’ personal data from people in the US, UK, and Canada.

A common way scammers gain access to accounts is through imposter scams. This is where a fraudster poses as someone of authority to scam a victim and commit monetary theft. Fraudsters use psychological strategies, including isolation and instilling a sense of urgency, to take advantage of the trust and emotional vulnerability of their victims. This was just such a case when one senior citizen fell victim to an imposter scam that cost him $740,000 in retirement savings.

News is emerging about AT&T’s disclosure of what they term as ‘Unlawful Access of Customer Data.’  The majority of AT&T customer data was illegally downloaded from their workspace on a third-party cloud platform from May 2022 through October 31, 2022 and on January 2, 2023.

GRID Active now offers customer a view into their state of Cyber Risk Readiness and demonstrates the positive impact an integrated cyber risk management platform can have in managing cyber risk.

In late June 2024, LockBit cybercriminal group claimed responsibility for having breached a government agency with plans to release the stolen data. It was revealed that the group actually breached Evolve Bank and Trust.