ThreatPost – Phishing Campaign Dangles SharePoint File-Shares

I have been adding SharePoint scenarios to my phishing awareness training sessions throughout the year for this very reason. The file share component that has become so familiar and convenient to so many of us over the last 18 months is a perfect target for exploitation. During the “work from home” days of COVID-19, SharePoint and its cousins Microsoft Teams and OneDrive, have become day-in / day-out tools for many of us, so those alert messages from Microsoft letting us know content has been shared with us have become so common and expected that we barely pay them any notice. This is a serious threat.

We need to pay attention and we need to realize that our new, convenient habits quickly evolve into targets of opportunity for cybercriminals the world over. Pay heed to this article from the great team at ThreatPost.

Link to Article

How to Protect Vulnerable Seniors (and really anyone) From Cybercrime

In fairness, this article is just as applicable to basically anyone with a phone or Internet connection. We all can use a reminder on how to best deal with these threats. Enjoy the article and share it with your friends.

https://www.darkreading.com/edge/theedge/how-to-protect-vulnerable-seniors-from-cybercrime/b/d-id/1340322?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Skype Phishing Attack Targets Remote Workers’ Passwords

This is yet another example of the cybercriminal bad guys taking advantage of a crisis situation and attempting to catch us with our collective guards down.  I know many in the business world are now nearly completely reliant upon Skype, Teams, WebEx, and Zoom to function on a daily basis, but that need to stay connected cannot supersede the sound security practices that protect data and keep us safe.

Remember this simple truth – if you get an email message regarding an issue with an online service or tool, stop and don’t click any email links.  Go directly to the website you know and trust from a browser.  Any messages or alerts sent via email will be there on the website waiting for you.  President Reagan’s montra is applicable and not cliché, Trust but verify.

https://threatpost.com/skype-phishing-attack-targets-remote-workers-passwords/155068/

Office 365 Admins Targeted in Ongoing Phishing Scam

This is not unexpected.  Cybercriminals are fairly smart and they are motivated to target the resources with the greatest and/or most effective access.  As more and more of the world moves their respective Exchange and Active Directory resources to the cloud, O365 and Azure administrators move up the valued target list.

This article simply points out something we have known for some time.  We must take phishing threats and associated awareness training seriously.  This must become a priority for every organization, large and small.  This issue also places a brighter spotlight on the security associated with service providers and 3rd party administrators.  Make sure your security controls take those resources into consideration as well.

https://threatpost.com/office-365-admins-phishing/150352/

Cybercriminals Double-Down on What Works, Nearly Doubling the Number of Phishing Attacks in 2018

Have you noticed a significant increase in phishing messages over the past year?  Have you noticed that these messages seem to be better crafted, harder to identify, and generally very sneaky?  The stats from the team at KnowBe4 bear out the truth that most of us have been living over the last couple of years.

This significant increase in well crafted phishing messages should be a strong motivator to increase awareness training for our end users.

https://blog.knowbe4.com/cybercriminals-double-down-on-what-works-nearly-doubling-the-number-of-phishing-attacks-in-2018