Protect your Business with Smarter Passwords

Passwords

We all know that passwords are meant for protection. We use them to protect our personal online accounts and we also use them to protect information in our businesses.

Read more

Is Your Spam Filter Doing It’s Job?

The Importance of Spam Filters

We all use email as one of the main ways we communicate with customers, friends and family.

As a result, we all know what spam email is and may even receive it on a regular basis. Read more

Should You Uninstall QuickTime for Windows? The Answer is YES!

Uninstall QuickTime for Windows

The Zero Day Initiative, founded by TippingPoint, a program created to reward security researchers for responsibly disclosing vulnerabilities, has announced two recently discovered vulnerabilities in the popular software QuickTime for Windows. Read more

Scam targets HR departments

New scam targets HR departments

Be on the lookout for a new tax season twist on a traditional CEO fraud scam. Attackers are targeting businesses during tax season. This type of scam capitalizes on an employee’s desire to assist the most senior members of their organization.

The latest variation of these scams specifically targets human resources staff because of their relatively easy access to confidential employee information such: as full names, addresses, social security numbers, and salaries. This information can be used to compromise the identities of individuals and commit identity fraud.

The Scam

The attack is usually initiated with an email that appears to come from senior management, but is actually sent by the attacker. The email requests that the victim send confidential information via email. If the victim complies, the information that they send is routed to the attacker instead of someone within the company.

Some of the most common verbiage from the latest attacks includes the three examples provided by the IRS below:

  • Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Once the victim’s response is sent, the damage is done. Due to the nearly instant nature of email, without safeguards in place, it is unlikely that the outbound message can be stopped before it reaches the attacker.

Protect Yourself

People

The most important thing you can do to protect your organization from this type of attack is to develop and practice a standard operating procedure for the use of company resources such as email and confidential personnel data. It is critically important that everyone, from the top to the bottom of your organization, be held accountable for the responsible use of your resources.

Technology

Your IT provider can implement software safeguards, such as email data loss prevention filters, to prevent confidential and proprietary information from being exfiltrated. This technology can also be used to protect against other insecure practices, like the sharing of credit card information via email.

If you would like to know more about email scams, data loss prevention, and other important IT considerations, get in touch for a free security evaluation!