Summer is over, school is back in session, and social activity is amping up everywhere. The increase of online activity, driven by school and family activity, raises the odds that you and your family will be exposed to cyber criminals.
Thu, Sep 01, 2016
Thu, Mar 24, 2016
Over the past 18 months there has been a phenomenal increase in the frequency of socially targeted email attacks.
The FBI recently reported that global losses related to these Business Email Compromise (BEC) scams experienced a 270% increase from January to August 2015. These kinds of attacks do real damage, including the compromise of internal networks, the inappropriate disclosure of company IP or PII, the incorrect transfer of funds from the company treasury, to name a few of the most common outcomes. Hundreds of millions of dollars have been stolen through these schemes, directly affecting corporate bottom lines.
In these sophisticated attacks, employees, and/or business partners are targeted
Fri, Jan 08, 2016
Over the past weeks there has been a lot of reporting, including these great pieces by Steve Ragan at CSOonline.com and Mathew J. Schwartz at BankInfoSecurity.com about a December 20, 2015 discovery that a database containing 191 Million voter records had been exposed online. As part of the BrandProtect 2016 Elections Project, we dug into the situation, and what it means to you.
Because of the nature of the exposure – effectively a database containing the records was left unlocked and unprotected – there is no way to know who might has downloaded the information.
Make no mistake, this is a big number. And it is an important number. Consider this: the US Census Bureau estimated that there were approximately142 Million registered voters in 2014. This means that the recent exposure of 191 million voting records is not just a large data breach. It’s a national issue -- effectively every registered voter in America has had their PII exposed... Wow...
Tue, Dec 08, 2015
That sound you hear is a bunch of the staffers at jeb2016.com (the official Jeb Bush website) trying to make it seem like they are on top of their web presence. Or is that the Trump team, laughing? We can't be sure.
The Washington Post reported yesterday that people who type "jebbush.com" into a browser found themselves redirected to Donald Trump's official site, donaldjtrump.com. You read that right -- one of the leading candidates for the Republican nomination for President of the United States has found himself on the wrong side of one of the most basic domain abuse issues. Someone else has registered a similar domain and is using it to confuse the public. Try it: jebbush.com (It's fun!)
Yes, it's funny for a moment. But in reality it is very scary. In fact, it is potentially devastating.
The massive breach at Anthem earlier this year originated from spear phishing emails that were sent from domains that impersonated Anthem. The employees who recieved the emails did not notice that the emails originated from a rogue address. They unwittingly opened attachments or clicked on links that gave the attackers inside access to Anthem networks.
When others appropriate your web presence by registering or appropriating a similar or easily mistaken domain, they put themselves in a position to confuse your message, siphon revenues or worse.
How big a problem can it be?...
Topics: Brand Protection, data breach, scam, brand abuse, Domain Management, cybersquatting, Phishing, gTLD, brandprotect, infographic, cyber threats, online risk, brandjacking, Health Care, OSINT, Jeb Bush, Legal, Spear Phishing, CISO, CSO, InfoSec, Donald Trump, 2016 Elections, Anthem, CMO
Wed, May 27, 2015
I’m just back from a fantastic International Trademark Association (INTA) conference. It is exciting to spend a few days with the foremost practioners in trademark and IP world. One of the most visible organization there was a registrar, Vox Populi Registrar, Inc., who owns the .SUCKS gTLD. Their representatives, clad in bright blue and white, were merrily touring the floor, speaking with vendors and attendees, about how much business sense it made to a brand to purchase the .SUCKS domain. There booth featured a continuous slide show of F500 brands,"using" the .SUCKs domain. ibm.sucks; ford.sucks; starbucks.sucks. yourcompanyhere.sucks. Outside the conference hall, there were more blue-clad representatives, passing out .SUCKs items that were prohibited in the hall. The Vox Populi message was communicated clearly -- It only costs $2500/year to reserve this gTLD.
"Isn't that a small amount to pay to know that no one else uses it with your brand?..."
Topics: risk management, brand abuse, online brand protection, Reputation Management, INTA, trademark, intellectual property, Risk, gTLDs, cyber threats, Chief Security Officer, online risk, unauthorized associations
Fri, Aug 01, 2014
On December 11, 2013, the Federal Financial Institutions Examination Council (“FFIEC”) released the article, Social Media: Consumer Compliance Risk Management Guidelines, to educate financial institutions about the risks involved in using social media. There are no additional obligations, however, this Guidance strongly suggests that financial institutions, effective immediately, become educated on the potential compliance, reputation and operational risks as it relates to social media use, and implement these guidelines into their risk management strategy. Credit Unions, like Banks, can benefit from these risk assessment strategies and need to be aware of the reputational damage that can occur via social media as a result of neglecting risk management. Here are the summarized risks that Credit Unions should be aware of and integrate into their risk assessment process: