Foley Hoag presented a discussion and Q&A regarding the growing threat of business email compromises (a.k.a. man-in-the-middle attacks). Attorneys Chris Hart and Yoni Bard, litigators with experience in privacy matters and business disputes, shared what they have learned through successfully representing victims of hacking and phishing attacks that have led companies to misdirect payments to unknown criminal actors. They discussed strategies for preventing these attacks and, if they occur, maximizing the likelihood of recovery through rapid response strategies (involving law enforcement and banks),… More
Tag Archives: phishing
US Security Officials Warning of Cyber Attacks in Wake of Iran Strike
On January 4, 2020, the US Department of Homeland Security posted at National Terrorism Advisory System Bulletin, in the wake of the killing of a senior Iranian military leader by a US drone. That DHS advisory states:
The United States designated Iran a “State Sponsor of Terrorism” in 1984 and since then, Iran has actively engaged in or directed an array of violent and deadly acts against the United States and its citizens globally.… More
Some Cyber Monday Shopping Tips
As you enjoy the holiday weekend, and even some Cyber Monday shopping, keep in mind these online shopping tips from the FTC:
- Know the seller and the item. Put the company or product name in a search engine, along with “review,” “complaint,” or “scam.” Read the reviews. Be sure you can contact the seller if you have a dispute.
- Avoid clicking links in emails.…
Google Docs Phishing (in real time, May 3, 2017, 4:30pm)
If you check your email this afternoon, you may see a message that someone you know is sharing something on Google Docs. You should verify that separately before opening, as there is a widespread phishing attempt going around using such an invitation. More
Additional Clarification regarding HHS OCR Phishing Email Alert
More information from HHS OCR about the phishing threat:
- On November 28, 2016, the HHS Office for Civil Rights issued a listserv announcement warning covered entities and their business associates about a phishing email that disguises itself as an official communication from the Department. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program,…
HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication
This alert just in from HHS OCR:
“It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy,… More
Practical Tips to Avoid Being Caught in an IRS Phishing Trap
As a follow-up to our recent discussion of IRS-related phishing attempts, here are a few quick tips to stay out of the phishing traps:
- In general, the IRS does not communicate with taxpayers via e-mail, so any time someone receives an e-mail from the “IRS,” they should be suspicious at the outset.
- Even if the IRS did correspond with taxpayers via e-mail,…
IRS Warns of “Surge” in Tax Season Phishing Scams
Tax season ‘tis the season to be phishing, according to the IRS. The IRS has issued a warning to payroll and human resources professionals about a “surge” in phishing emails seen this year. One of the preferred tactics of identity thieves this year appears to be impersonating CEOs and sending emails to company payroll and human resources departments asking for employee W-2s. … More
Phishing for Christmas
As the Wall Street Journal noted yesterday, banks are being deluged with phishing attacks. These attacks are especially fierce around the holiday season, when more personnel are absent and normal procedures are ignored or bypassed. The FBI and other law enforcement agencies are focused on these attacks, but it only takes one employee to “believe” a phishing email for the trouble to start.… More
Incident of the Week: Ever-Growing Breach Involving Passwords for Hotmail, Gmail, Yahoo, AOL, Earthlink and Comcast
What started out as an incident involving the leak of 10,000 user names and passwords for Windows Live Hotmail accounts continues to grow, both in terms of users and companies affected. According to reports from the beginning of the week, more than 10,000 user names and passwords from Hotmail were posted by an anonymous user on the site pastebin.com. The list was limited to accounts starting in A and B, leaving the fear that numerous more accounts had been affected. The original reports speculated that the breach was the result of a hack of Hotmail or a phishing attack. But more information is surfacing that indicates that the breach is much larger than first thought.