Tag Archives: phishing

Microsoft Identifies 38% Increase in BEC

The sheer number of emails that currently travel the globe is astounding. Billions of emails are underway every single day and, I must add, the majority are simply legitimate ones. Herein lies the problem from a security perspective, psychological conditioning. Basically meaning that the brain is acting based on experience from previous engagements. Whenever you see an email arriving in your inbox, there is some sort of automatic response and the “look and feel” of an email triggers a certain behaviour.

Continue reading

Latitude Financial Services has been “hacked”

Huh???, why the quotes?

A hack is not really a hack when a spear phising attempt is able to obtain employee credentials, who are then used to basically bypass all security measures that are in place. Is it really a “burglary” when you leave the front-door open, or more an invitation for criminals to go “shopping”?

The Latitude security page shows a somewhat troublesome image that seems to be in line with the policies and procedures that are followed in the company. Too much “easy going” will eventually catch up with you.

Irrespective of terminology, the fallout of the breach is significant, with detailed information of a large customer base being stolen. Latitude Financial Services observed a breach that had all the hallmarks of a relatively simple spearphishing campaign and it most likely took only one employee with enough authorisation in one or more systems, to do this significant damage.

This comes just days after I wrote about the poor state of security in the financial services industry and the lack of preventative measures that should’ve been in place to prevent this from happening. Latitude is not the only one and it is just matter of time that other institutions will see the same fate.

Actions to take now

I know I’m sitting on the side line here making a high level analysis, but when relatively simple things like credential theft through phising happens, you can imagine that awareness training and Verifier Impersonation Resistant MFA technologies have not been used at Latitude.

I’ve said it before, customer and employee phishing awareness as well as full proof MFA solutions will prevent this to the extent that attempts to breach into environments are only possible under physical duress of the owner of the token.

As an authorised partner of KnowBe4 and Yubico, we can help in bringing you solutions that tackle both the main two problems that have a root cause of the breach at Latitude. Ask us for a demo of KnowBe4 and how this can help your organisation in elevating awareness of the various phishing methodologies and how to thwart them, or click here to register directly.

Contact us for Yubico solutions to help you and your customers to obtain maximum, phising resistant, MFA protection.

Kind regards,

Erwin

State of Security at Australian Financial Institutions

When it comes to safeguarding your money, you would think that banks, lenders and mortgage brokers have their act together. With about 95% of all financial services being done over the internet, there are a significant amount of interactions that may be susceptible to modifications by malicious parties, which could result in losses of large sums of money. The gateway to your money at financial institutions should be improved.

Continue reading

Let’s go Phishing.

phishing

noun

  1. The act of sending email that falsely claims to be from a legitimate organization. This is usually combined with a threat or request for information: for example, that an account will close, a balance is due, or information is missing from an account. The email will ask the recipient to supply confidential information, such as bank account details, PINs or passwords; these details are then used by the owners of the website to conduct fraud.
  2. The act of circumventing security with an alias.

If you read my previous post (Cybersecurity prevention is like Whack-a-mole) you would have seen that a large part of defending your organisation against malicious people and organisations comes down to people and having the knowledge and awareness to be able to assess suspicious activities.

Continue reading