Theirs A Hunter In The Wild

I was speaking to a business today and they are perplexed by the emails their employees are receiving seem fishy and I said as in Phising? She said what do you mean and I said theirs a hunter in your mist don’t respond or click on anything.

I received one of those UPS emails right after my post last week, funny I didn’t order anything so I filed it under “T” for trash. Here are more “Common Attacks In The Wild”!

  • Apple: You recently requested a password reset for your Apple ID
  • Employee Satisfaction Survey
  • Sharepoint: You Have Received 2 New Fax Messages
  • Your Support Ticket is Closing
  • Docusign: You’ve received a Document for Signature
  • ZipRecruiter: ZipRecruiter Account Suspended
  • IT System Support
  • Amazon: Your Order Summary
  • Office 365: Suspicious Activity Report
  • Squarespace: Account billing failure


The desire to receive communications intended for the individual is strong. The potential of something being wrong and/or at risk also plays into the human psyche, leaving the individual to think that he/she must act immediately to resolve the issue. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email.

Till Next Time ~ Think Before You Click!

Tina Louise ~ ~ 888.871-6584

Top-Clicked Phishing Test!

Top 10 general email subjects

  1. Password Check Required Immediately – 34%
  2. You Have A New Voicemail – 13%
  3. Your order is on the way – 11%
  4. Change of Password Required Immediately – 9%
  5. De-activation of [[email]] in Process – 8%
  6. UPS Label Delivery 1ZBE312TNY00015011 – 6%
  7. Revised Vacation & Sick Time Policy – 6%
  8. You’ve received a Document for Signature – 5%
  9. [ACTION REQUIRED] – Potential Acceptable Use Violation – 5%
  10. Spam Notification: 1 New Messages – 4%

If you have not received the above subject lines and there are many more it is up to you to stop and think “Why am I receiving this email”? In the work place and in our personal lives be diligent in protecting your network and data.

Tips and tricks – hover your mouse over the sender if it looks odd it is, so block that address. I have even received a so called email from UPS with a tracking number – copy the tracking # go to the legit UPS site and paste the number, that will tell you the story. Become the detective, get on the phone make a call if needed and scrutinize the email do not click on any link or attachments.

Key Takeaways – Hackers are playing into employees’ desires and our personal lives to remain security minded. There’s also an intrigue of mystery that often makes people curious enough to click (i.e., new voicemail, order on the way). Password management is a popular way to get people to click on a link.

Next time ~ COMMON “IN THE WILD” ATTACKS ~ Think Before You Click!

Tina Louise ~ ~ 888.871.6584

CEO Fraud – Action Step Three!

Action is the cure to all business growth! As it is in security awareness training being proactive instead of reactive determines success of your data.

Contact your insurance company
FBI data shows that less than 4% of CEO fraud funds are recovered. Therefore, it is necessary to contact your insurance company to find out if you are covered for the attack. While many organizations have taken out
cyber-insurance, not all are covered in the event of CEO fraud.
This is a grey area in insurance and many refuse to pay up. Many that have reported CEO fraud to their insurer, find that this type of incident is not covered. Despite the presence of a specific cyber insurance policy,
the unfortunate fact is that no hardware or software was hacked. It was the human that was hacked instead. Insurance companies draw a distinction between financial instruments and email fraud. Financial instruments
can be defined as monetary contracts between parties such as cash (currency), evidence of an ownership interest in an entity (share), or a contractual right to receive or deliver cash (bond). Many companies are
covered in the event of a fraudulent financial instrument.

However, CEO fraud is often categorized differently. It is regarded by some insurance firms as being purely an email fraud and not a financial instrument fraud. In other words, it is being regarded in many cases as a matter of internal negligence or email impersonation as opposed to being a financial instrument matter. That said, there are dozens of carriers in the market providing up to $300 million in limits. Coverage extensions have developed to include both the third-party liability and first-party cost and expenses associated with a data breach or cyber-attack.

Next time…Action Step Four…till then “Think Before You Click”!

Tina Louise ~ ~ 888.871.6584

CEO Fraud – Action Step Two!

Action is the cure to all business growth! As it is in security awareness training being proactive instead of reactive determines success of your data.

Brief the board and senior management
Call an emergency meeting to brief the board and senior management on the incident, steps taken and further actions to be carried out.

Conduct IT forensics
Have IT investigate the breach to find the attack vector. If an executive’s email has been hacked, take immediate action to recover control of that account such as changing the password. But don’t stop there, the
likelihood is that the organization has been further infiltrated and other accounts have been compromised. Have them run the gamut of detection technologies to find any and all malware that may be lurking to strike

Bring in outside security specialists
If the organization was breached, it highlights deficiencies in existing technology safeguards. These will prove harder for IT to spot. So bring in outside help to detect any area of intrusion that IT may have missed. The goal is to eliminate any and all malware that may be buried in existing systems. The bad guys are inside. The organization isn’t safe until the attack vector is isolated and all traces of the attack have been eradicated. This
is no easy task.

Next time..Action Step Three…till then Think Before You Click!

Tina Louise ~ ~ 888.871.6584

CEO Fraud – Action Step One!

Action is the cure to all business growth! As it is in security awareness training being proactive instead of reactive determines success of your data.

Resolution and Restitution
Should a CEO fraud incident take place, there are immediate steps to take:

1. Contact your bank immediately
Inform them of the wire transfer in question. Give them full details of the amount, the account destination and  any other pertinent details. Ask the bank if it is possible to recall the transfer. Get put in touch with the cybersecurity department of the bank, brief them on the incident and ask for their intervention. They can contact their counterparts in the foreign bank to have them prevent the funds from being withdrawn or transferred

2. Contact law enforcement
In the U.S., the local FBI office is the place to start. The FBI, working with the U.S. Department of Treasury Financial Crimes Enforcement Network may be able to return or freeze the funds.

When contacting law enforcement, identify your incident as “BEC”, provide a brief description of the incident, and consider providing the following financial information:
• Originating Name:
• Originating Location:
• Originating Bank Name:
• Originating Bank Account Number:
• Recipient Name:
• Recipient Bank Name:
• Recipient Bank Account Number:
• Recipient Bank Location (if available):
• Intermediary Bank Name (if available):
• SWIFT Number:
• Date:
• Amount of Transaction:
• Additional Information (if available) – including “FFC”- For Further Credit; “FAV” – In Favor Of:

3. File a complaint
Visit the FBI’s Internet Crime Complaint Center (IC3) at to file your complaint.  Victims should always file a complaint regardless of dollar loss or timing of incident at and, in addition to the financial information, provide the following descriptors, in addition to the bullet points in the previous section:
• IP and/or email address of fraudulent email
• Date and time of incidents
• Incorrectly formatted invoices or letterheads
• Requests for secrecy or immediate action
• Unusual timing, requests, or wording of the fraudulent phone calls or emails
• Phone numbers of the fraudulent phone calls
• Description of any phone contact to include frequency and timing of calls
• Foreign accents of the callers
• Poorly worded or grammatically incorrect emails
• Reports of any previous email phishing activity

Next time..Action Step Two…till then Think Before You Click!

Tina Louise ~ ~ 888.871.6584



CEO Fraud – Is Your Staff Teachable?

Simulated Phishing

Security awareness training is best accompanied by simulated phishing. The initial simulation establishes a baseline percentage of which users are phish-prone. Continue simulated phishing attacks at least once a month, but twice is better. Once users understand that they will be tested on a regular basis, and that there are repercussions for repeated fails, behavior changes. They develop a less trusting attitude and get much
better at spotting a scam email. Phishing should not just be blasts to all employees with the same text. What happens then is that one employee spots it and leans out of the cubicle to warn the others. Instead, send different types of emails to small groups of users and randomize the content and times they are sent.

Red Flags

Security awareness training should include teaching people to watch out for red flags. In emails, for example, look for awkward wordings and misspelling. Be alert for slight alterations of company names such as Centriffy instead of Centrify or Tilllage instead of Tillage. Hackers have gotten good at creating spoofed email addresses and URLs that are very close to actual corporate addresses, but only slightly different. Another red flag is sudden urgency or time-sensitive issues. Scammers typically manufacture some rush factor or other that can manipulate reliable staff to act rapidly. Phrases such as “code to admin expenses,” “urgent wire transfer,” “urgent invoice payment” and “new account
information” are often used, according to the FBI.

Next time…Resolution and Restitution…till then Think Before You Click!

Tina Louise ~ ~ 888.871.6584

My Mom Always Says ” You Learn Something New Everyday” Security Awareness Training

And my mom is 93 and I listen to my mother! Training is a critical piece of every business model. No matter your product or service and your not training your staff get out of the game your going to lose…everything!


No matter how good your prevention steps are, breaches are inevitable. But user education plays a big part in minimizing the danger. Make it a key aspect of your prevention strategy. Start by training staff on security policy. Augment this by creating a simple handbook on the basics of security. This should include reminders to never to insert USB drives from outside devices into work machines. It should also review password management, such as not reusing work passwords on other sites or machines.

As it represents one of the biggest dangers, phishing demands its own training and instruction. Let users know that hovering over email addresses and links in messages shows the actual email address or destination URL. Just because it says “Bank of America,” or “IT department” with all the right logos doesn’t mean it’s from that
source. Add further instruction to not open unknown file types, click on links, and open attachments from unknown people or entities. Coach them into a suspicious frame of mind regarding requests to send in their passwords or account details. If for instance, educating a student body in this manner isn’t feasible, put them on a separate network and severely restrict their access to sensitive data.

Security awareness training is strongly recommended. The best programs baseline click rates on phishing emails and harness user education to bring that number down. But again, don’t expect 100% success. Good employee education can reduce phishing success significantly, but it won’t take it down to zero. There is always someone who doesn’t pay attention, is in a hurry that day, or is simply outsmarted by a very clever cybercriminal. Comprehensive data security best practices must also be in force.

Next post find out about…Simulated Phishing & Red Flags…Think Before You Click!

Tina Louise ~ ~ 888.871.6584