February 27, 2014 by Carsen
Information Security Awareness Training Alert: In a new callback scam, attackers use call generators to call mass United States' cell phone numbers. The calls usually ring once, and the number displayed is an international number (typically from the Caribbean), according to this ic3.gov press release.
When the recipient calls back the number, an automated message is intended to keep the caller on the line, charging for an international call. The longer you stay on the line, the more money the attackers generate.
This attack isn’t isolated to individuals. Businesses are also seeing the attack because individuals use professional lines to call back the phone number.
Telephone companies in the United States are charged when a return call is made because they are required to pay a fee to transfer calls to foreign countries. The payment is then shared with the attacker who made the calls. This is referred to as International Revenue Share Fraud (IRSF).
Area codes used in this include: Anguilla, Antigua, Barbados, British Virgin Islands, the Commonwealth of Dominica, Grenada, Montserrat, and the Turks and Caicos Islands.
What should you do?
If you do not do business with the stated countries, you may want to consider blocking calls from those area codes.
When you receive a missed call from an unknown caller, do not callback unless there is a voicemail with a known caller. If the call is important, they will call you back. This is especially important if the call is coming from a foreign number or if you only hear one ring before a hang-up.
If you do happen to callback, immediately hang up if you begin to hear an automated welcome message.
For more information on security best practices, Security Awareness Training and other compliance training products, click our products' page here.
February 25, 2014 by Carsen
We are excited to announce that our Security Awareness Training Program won Gold for the Best Security Training and Educational Program in the 2014 Global Excellence Awards.
Info Security Products Guide (ISPG) recognized top security and IT vendors with advanced, ground-breaking products and solutions last night in San Francisco, and our program took gold. Our priority and focus continues to be on providing the best security awareness training for our clients, ultimately driving behavior change for a more secure organization.
Information security at the employee level starts with awareness, and our program continues to offer effective communication strategies for security best practices and education. For more information on our interactive and scenario-based training course, visit this page. Thank you to all our clients for your continued support.
February 24, 2014 by Carsen
We will be attending the RSA conference in San Francisco this week: the world’s leading information security conferences and expositions. At the conference, we will be able to listen to presentations on and discuss with industry leaders topics such as surveillance & privacy, Software Defined Networks (SDN), Analytics & Big Data, the Human Element and many more.
We are always excited to glean from information security industry research, awareness of new threats and best practices to better serve our clients. If you will be in attendance, we’d enjoy meeting with you. Contact us here to set up an appointment with our CEO Larry Cates.
February 20, 2014 by Carsen
Have you ever wondered what key items to look for in an information security awareness training (ISAT) program? Recently our CEO Larry Cates was interviewed by Info Security Products Guide for their executive interviews, and he discussed this topic with Rake Narang from the ISPG team.
Here are my three favorite points from the interview.
Learning is not a one-time event, and therefore you need to provide continuous learning in order to actively engage your audience. Your program should consider options that provide multiple touch points in your campaign: general awareness courses, role-based courses, topical videos, security newsletters, themed posters, email campaigns and more.
The absence of relevant and scenario-based training to engage the user is a critical misstep in conducting an effective program.
Specific course topics should focus on individual responsibility and include: phishing, mobile security, passwords, identity theft, social engineering, portable devices, data security, network security and physical security.
For the entire interview click here. For more information our our security awareness training program, click here.
February 05, 2014 by Carsen
In the aftermath of security breaches like the recent Target security breach, attackers find ways leverage such situations for additional attacks. Targeted phishing attacks bring yet another reason as to why security awareness is so important for you and your organization.
When you see something such as the following, it is tempting to believe the claim is legitimate (especially knowing the “sender” did indeed have a recent breach): “With our recent breach we need to verify your online account information. Click here to update your information. Be sure to change your password for security purposes.”
Attackers send out these emails in hopes that at least some of the recipients have accounts with the company they are posing as. They try to capture personally identifiable information such as identification numbers (social security numbers in the US), passwords, security questions and answers, birthdates and then gain access to the account or some of your other accounts.
Stay on guard for such attacks. Never provide personal information on a webpage that you arrived to by clicking on a link in an email. Always enter in the trusted company website manually in a separate browser, and login through your traditional channel. If you feel the claim is legitimate, call the company directly by looking up their phone number on their website, not using any numbers provided in the email.
For more information on security best practices and security awareness training for your organization, click here.