Phish of the Week: Coming Soon to an Inbox Near You

COVID-19 Scams Have a New Plot

The vaccine is finally here. And so are the attackers…

The Department of Homeland Security and FBI are officially warning of cyber fraud as the COVID-19 vaccines near FDA approval. And we’re already starting to see this new twist in phishing land in inboxes.

The vaccine scams will ultimately follow the standard COVID-19 hacker behaviors – preying on fear, near-flawless impersonation of a trusted organization, and — ultimately — dissemination of malware or ransomware with disastrous impact.

But what’s different in this phase is our patience. It’s waning. Your employees are excited (possibly desperate) for a pandemic-free life. And there is no better ransomware target than an emotional and distracted employee.

As cybersecurity professionals, we must remain extra-diligent. And we must do everything possible to intercept the source of these cyber threats – phishing.

Read on for proven ways to get ahead of these attacks and protect your employees.

The Struggle to Not Click is Real

The health sector isn’t the only one being plagued by Trickbot and Ryuk ransomware. Our security research team recently detected a persistent Trickbot campaign that exploits fears about job loss (how can you not click an HR email in times like these?), and lures victims to click on a link that drops malware infections by way of Trickbot.

Read the blog for in-depth details of the campaigns, how our time-zero detections uncovered it, and what you can do to protect yourself from similar phish. (4 min)

Shocker! BEC is Back in the News

Business Email Compromise (BEC) is the FBI’s focus in their latest warning about email auto-forwards. In this recent video,, we explain how BEC attacks have become more difficult-to-detect over time, and the six things you need to know to protect against BEC threats.

Watch the video (18 min)

Frameworks…A Love Story

Many organizations look to security frameworks to strategize protection against today’s cybercrime. Check out this blog to hear from former Guess? CISO and Area 1 product expert about leaning on – not worshipping – the MITRE ATT&CK and other frameworks and how to use them as guardrails (not rules) to secure your organization.

Read the blog (3 min)

Shalabh

Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.