An estimated 91-percent of hacking attacks begin with a phishing or spear-phishing email

Your IT department has no doubt warned you not to click on suspicious links in e-mails, even when the missive promises a hilarious video or comes from a seemingly trustworthy source. If the link looks suspect: Do. Not. Click.

That’s because these emails are often phishing scams designed to trick you into clicking on a malicious attachment or visiting a malicious web site. In the latter case, the web site may appear to be a legitimate bank site or email site designed to trick the user into disclosing sensitive information—such as a username and password or bank account information—or may simply surreptitiously download malware onto the victim’s computer.

Just ask the White House employee who apparently clicked on a phishing email purporting to come from the State Department and allowed hackers into several government networks.

TL;DR: Phishing refers to malicious emails that are designed to trick the recipient into clicking on a malicious attachment or visiting a malicious web site. Spear-phishing is a more targeted form of phishing that appears to come from a trusted acquaintance.

Spear-phishing is a more targeted form of phishing. Whereas ordinary phishing involves malicious emails sent to any random email account, spear-phishing emails are designed to appear to come from someone the recipient knows and trusts—such as a colleague, business manager or human resources department—and can include a subject line or content that is specifically tailored to the victim’s known interests or industry. For really valuable victims, attackers may study their Facebook, LinkedIn and other social networking accounts to gain intelligence about a victim and choose the names of trusted people in their circle to impersonate or a topic of interest to lure the victim and gain their trust.

Read more details here.

Author: Kim Zetter

Ransomware incidents surge, education a hot bed for data breaches, according to Verizon

“Ransomware incidents have surged 50 percent from a year ago, educational institutions are becoming a playground for cyber espionage and 68 percent of healthcare security threats are internal, according to Verizon’s 2017 Data Breach Incident Report (DBIR).

Everything you need to know about ransomware: how it started, why it’s booming, how to protect against it, and what to do if your PC’s infected.

At a high level, Verizon’s DBIR isn’t that surprising. One of the recent trends is that cybercriminals have been targeting smaller companies. According to Verizon, 61 percent of data breach victims in the DBIR have less than 1,000 employees.”

Read more details here.

Author: Larry Dignan

Chipotle Reveals Payment System Data Breach

“Burrito chain Chipotle is just beginning to rebound after a number of high-profile food borne illnesses, but last night the company revealed a bit of not-great news: Its payment system was hacked for several weeks.

During a conference call to discuss Chipotle’s latest quarterly earnings, chief financial officer Jack Hartung revealed that the company recently learned of unauthorized activity on the network supporting its payment processing systems between March 24 and April 18.

Hartung said the company immediately began an investigation into the activity and believes those actions — which included working with cyber security firms, law enforcement, and the payment processor — stopped the activity.”

Read more details here.

Author: Ashlee Kieler