While there is always a lot of focus on phishing emails directing users to malicious pages or capturing credentials using cloned websites, a still-very-common scam catches organisations out every day: the ceo impersonation scam. The aim of these scams is to have an employee – often a new one in the organisation – sent an…
An article today by TechRadar about a new Phishng-as-a-Service with MFA bypass as a key selling point reminded me of something from a few years back, I was at a security event and attending a presentation by a reputable cyber security form on social engineering. Towards the end of the presentation they began summarising some…
One of our consultants, Bob McKay, recently discovered what is a bizarre and absurd mistake by Microsoft in the Microsoft 365 Defender platform. When configuring training phishing simulations in the Attack simulation training of Microsoft 365 Defender, he opted to use the built in training functionality so that users who were ‘successfully’ phished would be…
Criminals are constantly coming up with novel techniques to launch attacks and there’s a new phishing technique available to them that’s a terrifyingly convincing. Users have been told for years to double check domain names, look for padlocks to confirm encryption is enabled and that using SSO (Single-Sign On) services is a good thing –…
