New Scam Alert: Don't Fall For Phishing Scam for Amazon Overdue Bills

Amazon Web Services Scam.jpg

The scam email claims to be from Amazon Web Services and uses a realistic logo and font to inform users their "services have been suspended." The overdue amount is a middling $4.95, and clicking the link to take care of it transports you to a landing page with space to enter your Amazon account information. Once entered, you're kicked to the real Amazon.com.

By then, hackers already have your Amazon username and password.

Komando has the full story here.

6 Phishing Attacks and How to Combat Them

6 Common Phishes.jpg
  1. Deceptive Phishing

  2. Spear Phishing

  3. CEO Fraud

  4. Vishing

  5. Smishing

  6. Pharming

Have you heard of all? Do you and your staff know how to combat? Tripwire has the full story here.

If you work in Accounts Payable, check out my Authentication Guide to authenticate vendors when they call on the phone or send an email.

New Scam Alert: Phishing Abuse of HTTPS and 65% of BEC Scams Target Gift Cards

New Scam Alert:   Phishing Abuse of HTTPS  and 65% of BEC Scams Target Gift Cards

Security Boulevard reported that APWG released findings that in Q2 of 2019 more than half of phishing sites have HTTPS, which makes the site appear legitimate.

The findings also revealed that over 65% of BEC attacks are focused on getting obtaining gift cards. How do you combat? Train your staff to spot these threat actors through the requirement to send the gift card numbers. Also, add a policy that leadership will not ask the employees to request gfit card numbers, only tunr over the actual cards or send via by mail.

Security Boulevard has the story here.

New Scam Alert: Change Your Calendar Settings to Avoid Fraud

Scam Alert:  Change Your Calendar Settings to Avoid Fraud

Cybercriminals are taking advantage of your calendar settings to automatically add invitiations. Fraudulent links or downloads are included in the invite, which is more likely to be accessed by the user since their guard may be down in calendar assuming they forgot they accepted the calendar invite.

Change your (Google, Outlook, etc) calendar settings to not automatically accept invitations.

The Better Business Bureau has the story.

How I Helped Cabarrus County After Their Social Engineering Scam. I Can Help You Too...

How I Helped Cabarrus County After Their Social Engineering Scam.jpg

Great mention of my services: "Cabarrus County government targeted in social engineering scam" - Business Today http://bit.ly/2YvzSPC


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

BEC Scammers Turn to Aging Reports in New Twist

BEC New Twist.jpg

Don’t be tricked to giving your AP Aging Report - they are gold to scammers. Read the post from Info Security here.

Add authentication techniques, internal controls and best practices to reduce the potential for fraudulent payments.

 
 

Guest Appearance: Protecting your accounts payable function from cyberattack

 
Cyber Risk Management Podcast.jpg
 

Click to Listen

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, talk with guest Debra Richarson about how finance professionals should protect their company from common financial cyber fraud.