New Scam Alert: Using Fake Performance Appraisals as Phishing Attacks

New Scam Alert:  Using Fake Performance Appraisals as Phishing Attacks

Phishing is nothing new and we know that cybercriminals are always evolving their quest to steal your business credentials. What better way to get employees to click than to tie it to performance appraisals.

How to thwart? Use Multi-Factor Authentication in case any of your accounts are compromised. Also, since many company performance appraisals are on the company intranet, refrain from clicking on links in email and navigate through your company intranet.

Security Intelligence has the story here.

6 Phishing Attacks and How to Combat Them

6 Common Phishes.jpg
  1. Deceptive Phishing

  2. Spear Phishing

  3. CEO Fraud

  4. Vishing

  5. Smishing

  6. Pharming

Have you heard of all? Do you and your staff know how to combat? Tripwire has the full story here.

If you work in Accounts Payable, check out my Authentication Guide to authenticate vendors when they call on the phone or send an email.

New Scam Alert: Fake Voicemail Notifications in Email as Bait

New Scam Alert:  Fake Voicemail Notifications in Email as Bait.jpg

Scammers try to access Microsoft services using fake voice message. Make your employees aware not to click the link that will request a sign-in to a phishing site to steal their Microsoft credentials.

Kapersky daily has the story http://bit.ly/2ojuYc9

New Scam Alert: Phishing Abuse of HTTPS and 65% of BEC Scams Target Gift Cards

New Scam Alert:   Phishing Abuse of HTTPS  and 65% of BEC Scams Target Gift Cards

Security Boulevard reported that APWG released findings that in Q2 of 2019 more than half of phishing sites have HTTPS, which makes the site appear legitimate.

The findings also revealed that over 65% of BEC attacks are focused on getting obtaining gift cards. How do you combat? Train your staff to spot these threat actors through the requirement to send the gift card numbers. Also, add a policy that leadership will not ask the employees to request gfit card numbers, only tunr over the actual cards or send via by mail.

Security Boulevard has the story here.

North Carolina county falls for BEC scam, to the tune of $1,728,083

Debra R Richardson.jpg

The North Carolina county of Cabarrus, in the US, says that it’s managed to claw back only some of the $2,504,601 it paid to a scammer posing as a contractor working on building a new high school.

The crooks used social engineering – specifically, what’s known as a Business Email Compromise (BEC) scam – to pose as Branch and Associates, which is a general contractor that’s working on building a new school for the Cabarrus County Schools District.

The scam came to light after Branch and Associates sent a courtesy notice about a missed payment on 8 January. County staff confirmed that the electronic funds transfer (EFT) had, in fact, cleared the month before.

County officials next notified the bank to which the $2.5m was transferred, Bank of America. The bank managed to freeze $776,518.40 of the $2,504,601 that remained in traceable accounts.

Continue reading on Naked Security.


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

How I Helped Cabarrus County After Their Social Engineering Scam. I Can Help You Too...

How I Helped Cabarrus County After Their Social Engineering Scam.jpg

Great mention of my services: "Cabarrus County government targeted in social engineering scam" - Business Today http://bit.ly/2YvzSPC


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

BEC Scammers Turn to Aging Reports in New Twist

BEC New Twist.jpg

Don’t be tricked to giving your AP Aging Report - they are gold to scammers. Read the post from Info Security here.

Add authentication techniques, internal controls and best practices to reduce the potential for fraudulent payments.