Spearphishers Rob Russian Banks

Kaspersky has uncovered a cyberattack that is being used to rob Russian banks. The attack is being called "well planned and executed" in the press. The attack is a model of deception -- the core of spearphishing. Deception is not a computer science concept; deception is a concept of human cognition. Spearphishing is deception perpetrated with computers. Attackers know that people open email based on perceived relevance, urgency clues and habit. In this case, the attackers knew that bank employees would perceive emails from FinCERT, the Russian banking regulator, as relevant and urgent, and would, as a matter of habit, open [...]

Employee Data Lost To Spearphishers

Our last blog posting discussed the warning from the IRS about the threat of fake emails being used to steal employee payroll data.  The following high profile companies have fallen victim to this scam. Click on the logos to read their stories. Do you notice what is missing in each of these cyberattacks?  Malware.  There is no malware involved in these data breaches.  The bad guys used spearphishing to trick the authorized users into divulging the desired information.

2017-01-07T17:35:09-05:00March 21st, 2016|Cybersecurity - General, SP Guard, spear phishing|

IRS Warns HR Professionals About Spearphishing

On March 1, 2016, the IRS issued an alert to HR professionals warning that criminals are targeting HR professionals in order to steal employee data.  The fake email appears to come from a company executive requesting employee payroll data. The IRS reports that the scam  has several variations, all aimed at getting crucial personal information about employees. The scams include: Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review. Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, [...]

2017-01-07T17:35:09-05:00March 4th, 2016|Cybersecurity - General, SP Guard, spear phishing|