Every year, the number of phishing scams seems to be increasing, with the malware-ridden emails getting continually more sophisticated and convincing. The latest global phishing campaign purporting to be from international courier giants DHL has been tricking users into opening a fake PDF attachment – and subsequently unleashed a previously unseen piece of malware to wreak havoc on their PCs.
Earlier this week, Microsoft made the announcement that Windows 7 would finally be reaching end-of-life; meaning that from January 14th 2020, it will no longer receive free security updates from Microsoft. When Windows XP hit end-of-life in 2014, the floodgates opened for cyber criminals who could now develop malware for the operating system without fear of vulnerabilities being patched, and the same is expected to occur for Windows 7. So, with Windows 7 in use by an estimated 70% of businesses worldwide, what does this mean for them?
Another day, another data breach, it seems. On Friday, Quora became aware of an incident involving an “unauthorised third party” accessing data from 100 million users of the Q&A platform, and yesterday it began to notify users in an attempt to contain the incident. Quora Tweeted late last night, “We have discovered that some user data was compromised by unauthorized access to our systems. We’ve taken steps to ensure that the situation is contained and are notifying affected users. Protecting your information is our top priority” and directed users to a blog post with further information.
It’s 2018, and phishing emails are just an expected part of life for email users around the world, containing all manner of malware within concealed links and dodgy attachments. Most of us can recognise poorly spelled phishing emails that lack any real context, but what happens when something more complex hits your inbox? What if a cyber criminal emailed you your password – a real password you’ve used – and told you that they had compromising videos of you and more? What if they said that unless you pay a Bitcoin ransom, they would share this incriminating footage with everyone on your contacts list? That’s exactly what has been happening to thousands of Irish users, to both personal and corporate email addresses.
Cyber criminals have always targeted users, finding it easier to trick unsuspecting employees than to bypass complex technical security measures – and this trend has been growing steadily the last few years. Identify fraud, where criminals impersonate someone else in order to steal their money or use their account to manipulate others, is now one of the most common types of cyber crime there is. Account takeover attacks, where criminals gain access to a user’s account and use it to send spam or phishing emails, is also on the rise, often allowing malicious emails to bypass email security filters.
