978-223-2959 horizon@saviorlabs.com

Uptick in SMS Phishing (Smishing)

by | Aug 25, 2022 | Business, General Security

The United States Federal Communications Commission issued an alert to the increasing onslaught of smishing (SMS phishing) attacks attempting to steal personal data and money. You know it’s bad when flags are being raised at this level.

Why Is Smishing So Effective?

Hackers trick individuals to enter sensitive information by crafting text messages about bank problems, unclaimed bills, package delivery issues, and law enforcement actions.

We’ve observed the most successful campaigns using simple website redirects to impersonate bank and services websites to con individuals into entering credentials and/or MFA codes. In some cases, attackers are also spoofing where the message is coming from, attempting to add legitimacy to the message.

With the credentials, account information, and multifactor codes, threat actors gain access to accounts to make fraudulent purchases, transfer money, steal identify information, or simply sell account access to other criminals.

If you simply click the links contained within the messages, you get added to a list of people who have live numbers and follow these links. That allows hackers to further target you. Dangers are elevated when individuals supply threat actors with any additional data, including credentials or MFA codes.

The FCC recommends taking the following measures to defend against these kinds of attacks:

  • Do not respond to texts from unknown numbers or any others that appear suspicious.
  • Never share sensitive personal or financial information by text.
  • Lookout for misspellings or texts that originate from an email address.
  • Think twice before clicking any links in a text message.
  • If a friend sends you a text with a suspicious link that seems out of character, call them to ensure they weren’t hacked.
  • If a business sends you a text you weren’t expecting, look up their number online and call them back.
  • Remember that government agencies almost never initiate contact by phone or text.
  • Report texting scam attempts to your wireless service provider by forwarding unwanted texts to 7726 (or “SPAM”).
  • File a complaint with the FCC.

We continue to monitor the situation with additional novel techniques.

Content provided by Bruce McCully

Lloyd’s of London to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage

by | Jul 25, 2022 | Business, General Security

Take a look: https://www.wsj.com/articles/lloyds-to-exclude-catastrophic-nation-backed-cyberattacks-from-insurance-coverage-11660861586

By 2023, insurer groups must add clauses to cyber policies excluding state-backed hacks that severely affect target nation’s infrastructure, insurance marketplace says…

What does it say? One of the largest cyber liability insurers (Lloyds) is limiting coverage at a time when nation states are ramping up attacks. What’s your plan? Are your systems vulnerable? How do you know?

Insurance companies are starting to crack down. Their renewal requirements are getting stricter and stricter. You need to ensure that you are protected and that your systems meet the requirements for cyber insurance.

About this site…

by | Feb 13, 2013 | Business

Things We Think You Should Know

With so many technology and security issues happening every day, it is handy to have one place for issues you need to be aware of. Not everything, just items important to business users.