Make Online Safety a Family Priority

Posted by Greg Mancusi-Ungaro

Thu, Sep 01, 2016


Summer is over, school is back in session, and social activity is amping up everywhere. The increase of online activity, driven by school and family activity, raises the odds that you and your family will be exposed to cyber criminals.

Read More

Topics: Phishing, online identity, cyber threats, mobile malware, online risk, ThreatBrief, Masquerades

BrandProtect Anti Phishing Adds MX Record Monitoring.
CISOs: Why This Matters To You.

Posted by Greg Mancusi-Ungaro

Thu, Mar 24, 2016

Over the past 18 months there has been a phenomenal increase in the frequency of socially targeted email attacks. 

The FBI recently reported that global losses related to these Business Email Compromise (BEC) scams experienced a 270% increase from January to August 2015. These kinds of attacks do real damage, including the compromise of internal networks, the inappropriate disclosure of company IP or PII, the incorrect transfer of funds from the company treasury, to name a few of the most common outcomes. Hundreds of millions of dollars have been stolen through these schemes, directly affecting corporate bottom lines.

In these sophisticated attacks, employees, and/or business partners are targeted

Read More

Topics: Identity Theft, Domain Management, cybersquatting, Phishing, cyber threats, online risk, Spear Phishing, CISO, CSO, FFIEC

191 Million Voter Records Have Been Exposed. What Does it Mean To You?

Posted by Greg Mancusi-Ungaro

Fri, Jan 08, 2016

 

Over the past weeks there has been a lot of reporting, including these great pieces by Steve Ragan at CSOonline.com and Mathew J. Schwartz at BankInfoSecurity.com about a December 20, 2015 discovery that a database containing 191 Million voter records had been exposed online. As part of the BrandProtect 2016 Elections Project, we dug into the situation, and what it means to you.

Because of the nature of the exposure – effectively a database containing the records was left unlocked and unprotected – there is no way to know who might has downloaded the information.

Make no mistake, this is a big number. And it is an important number.  Consider this: the US Census Bureau estimated that there were approximately142 Million registered voters in 2014. This means that the recent exposure of 191 million voting records is not just a large data breach.  It’s a national issue -- effectively every registered voter in America has had their PII exposed... Wow...

Read More

Topics: Identity Theft, data breach, Social Media Monitoring, cybercrime, social media, online risk, PII, Spear Phishing, Voting Records, 2016 Elections

Jeb Bush Has A Domain Problem.  Do You?

Posted by Greg Mancusi-Ungaro

Tue, Dec 08, 2015

That sound you hear is a bunch of the staffers at jeb2016.com (the official Jeb Bush website) trying to make it seem like they are on top of their web presence.  Or is that the Trump team, laughing?  We can't be sure.  

The Washington Post reported yesterday that people who type "jebbush.com" into a browser found themselves redirected to Donald Trump's official site, donaldjtrump.com. You read that right -- one of the leading candidates for the Republican nomination for President of the United States has found himself on the wrong side of one of the most basic domain abuse issues. Someone else has registered a similar domain and is using it to confuse the public. Try it: jebbush.com (It's fun!)

Download the InfoGraphic

Yes, it's funny for a moment. But in reality it is very scary. In fact, it is potentially devastating.

The massive breach at Anthem earlier this year originated from spear phishing emails that were sent from domains that impersonated Anthem. The employees who recieved the emails did not notice that the emails originated from a rogue address. They unwittingly opened attachments or clicked on links that gave the attackers inside access to Anthem networks. 

Game over.

When others appropriate your web presence by registering or appropriating a similar or easily mistaken domain, they put themselves in a position to confuse your message, siphon revenues or worse. 

How big a problem can it be?...

Read More

Topics: Brand Protection, data breach, scam, brand abuse, Domain Management, cybersquatting, Phishing, gTLD, brandprotect, infographic, cyber threats, online risk, brandjacking, Health Care, OSINT, Jeb Bush, Legal, Spear Phishing, CISO, CSO, InfoSec, Donald Trump, 2016 Elections, Anthem, CMO

Threat Vendors are Going Mainstream:
Extortion Is Their Business Model!

Posted by Greg Mancusi-Ungaro

Wed, May 27, 2015

I’m just back from a fantastic International Trademark Association (INTA) conference. It is exciting to spend a few days with the foremost practioners in trademark and IP world.  One of the most visible organization there was a registrar, Vox Populi Registrar, Inc., who owns the .SUCKS gTLD.   Their representatives, clad in bright blue and white, were merrily touring the floor, speaking with vendors and attendees, about how much business sense it made to a brand to purchase the .SUCKS domain.  There booth featured a continuous slide show of F500 brands,"using" the .SUCKs domain.  ibm.sucks; ford.sucks; starbucks.sucks. yourcompanyhere.sucks. Outside the conference hall, there were more blue-clad representatives, passing out .SUCKs items that were prohibited in the hall. The Vox Populi message was communicated clearly --  It only costs $2500/year to reserve this gTLD.
"Isn't that a small amount to pay to know that no one else uses it with your brand?..."

Read More

Topics: risk management, brand abuse, online brand protection, Reputation Management, INTA, trademark, intellectual property, Risk, gTLDs, cyber threats, Chief Security Officer, online risk, unauthorized associations

Credit Unions Need to Start Managing Their Social Media Risk

Posted by Natalie Gleba

Fri, Aug 01, 2014

credit-unions

On December 11, 2013, the Federal Financial Institutions Examination Council (“FFIEC”) released the article, Social Media: Consumer Compliance Risk Management Guidelines, to educate financial institutions about the risks involved in using social media. There are no additional obligations, however, this Guidance strongly suggests that financial institutions, effective immediately, become educated on the potential compliance, reputation and operational risks as it relates to social media use, and implement these guidelines into their risk management strategy. Credit Unions, like Banks, can benefit from these risk assessment strategies and need to be aware of the reputational damage that can occur via social media as a result of neglecting risk management. Here are the summarized risks that Credit Unions should be aware of and integrate into their risk assessment process:

Read More

Topics: Brand Protection, risk management, Social Media Monitoring, Phishing, social media, cyber threats, online risk

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

  Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all