Phish of the Week: Coming Soon to an Inbox Near You

COVID-19 Scams Have a New Plot

The vaccine is finally here. And so are the attackers…

The Department of Homeland Security and FBI are officially warning of cyber fraud as the COVID-19 vaccines near FDA approval. And we’re already starting to see this new twist in phishing land in inboxes.

The vaccine scams will ultimately follow the standard COVID-19 hacker behaviors – preying on fear, near-flawless impersonation of a trusted organization, and — ultimately — dissemination of malware or ransomware with disastrous impact.

But what’s different in this phase is our patience. It’s waning. Your employees are excited (possibly desperate) for a pandemic-free life. And there is no better ransomware target than an emotional and distracted employee.

As cybersecurity professionals, we must remain extra-diligent. And we must do everything possible to intercept the source of these cyber threats – phishing.

Read on for proven ways to get ahead of these attacks and protect your employees.

The Struggle to Not Click is Real

The health sector isn’t the only one being plagued by Trickbot and Ryuk ransomware. Our security research team recently detected a persistent Trickbot campaign that exploits fears about job loss (how can you not click an HR email in times like these?), and lures victims to click on a link that drops malware infections by way of Trickbot.

Read the blog for in-depth details of the campaigns, how our time-zero detections uncovered it, and what you can do to protect yourself from similar phish. (4 min)

Shocker! BEC is Back in the News

Business Email Compromise (BEC) is the FBI’s focus in their latest warning about email auto-forwards. In this recent video,, we explain how BEC attacks have become more difficult-to-detect over time, and the six things you need to know to protect against BEC threats.

Watch the video (18 min)

Frameworks…A Love Story

Many organizations look to security frameworks to strategize protection against today’s cybercrime. Check out this blog to hear from former Guess? CISO and Area 1 product expert about leaning on – not worshipping – the MITRE ATT&CK and other frameworks and how to use them as guardrails (not rules) to secure your organization.

Read the blog (3 min)

Shalabh
Discover_Understand_Cyber
PhenomenonPreemption

Timing is Everything

Cyber_Attack_Preemption