News and Insights
Get the latest Click Armor news and expert insights to help you fight phishing, social engineering scams and other risks related to human behaviors.
What should you do when you receive a Microsoft Office document has Macros in it?
On May 18, 2020, Microsoft issued a warning about a massive phishing attack that uses a spreadsheet attachment that claims to have information about COVID-19 deaths. Unfortunately, the attachment contains a macro that tries to install a remote access tool if you allow...
What can be done about phishing and social engineering scams that impersonate your organization?
There is one thing about phishing and social engineering scams against customers or external partners that impersonate your organization, which makes them impossible to detect with technology…
6 myths about using gamification for security awareness training
I have heard many reasons why people are hesitant to use gamification as the basis for their security awareness training programs. But in reality, most of the time, there is a clear argument that favors using gamified learning and assessment. But as with any...
What is the difference between regular phishing and spear-phishing?
Executive Summary: The short answer to this question is that “phishing” is an opportunistic email attack that targets many people with a “false-premise” (or lie) to trick at least some of them into take an action for the attacker’s benefit. The attacker doesn’t really...
What does a surge in phishing attacks look like? (Part 1 of 3)
You’ve probably heard that since the pandemic hit there has been a surge in phishing email attacks on employees and individuals. For example, this article at Forbes.com references a report by Atlas VPN that says the number of phishing websites (or landing pages) has...
What does a surge in phishing attacks look like? (Part 2 of 3)
In the first part of this blog series, I looked at how the number of phishing websites has surged recently during the pandemic. Now, let’s look at an example of how this is impacting businesses, like NASA, which has reported a doubling of attacks. NASA's ability to...
What does a surge in phishing attacks look like? (Part 3 of 3)
WHAT DOES A SURGE IN PHISHING ATTACKS LOOK LIKE? (PART 3 OF 3) - A CREATIVE EXAMPLE THAT MIGHT CATCH YOU In Parts 1 and 2 of this series, I looked at what phishing websites are, and what the surge in phishing attacks looks like and means to a business. In this part,...
There’s a new game in town to help you fight the wave of COVID-19 related phishing attacks – “Can I Be Phished?”
Click Armor’s new online phishing awareness game is now free to everyone at http://canibephished.com, to test your proficiency at spotting potentially unsafe email messages.
How do attackers exploit our emotions through societal crises like the coronavirus outbreak
It is inevitable that cyberattackers will increasingly target the emotions of employees to get them to react without thinking about related risks. Continuous cybersecurity awareness is the best way to help staff prepare for those emotional situations, and improve resilience to attacks.
Double Dipping – Why having backups may give you a false sense of security against ransomware
Why attackers who infect your system may try double dipping if you don’t pay them. Another reason to avoid ransomware at all costs.
Balancing employee productivity against cybersecurity risk avoidance
When employees have conflicting priorities they may take actions that they think will make them most productive. This can introduce risks into business processes. Management has to take some responsibility beyond saying “be more careful.”
Case Study: Commercial Proposal and invoicing scam
There are many ways that weaknesses in a business process can be exploited by an attacker. This case study illustrates how a contractor was scammed by a fake pricing proposal with updated payment information.
Why does aiming beyond compliance with your awareness program reduce risk
Achieving compliance should not be the goal of a board of directors or C-suite. Aiming for a more mature risk-based approach that uses gamified learning will provide better assurance, and better value that traditional compliance-based security awareness training.
Does your security awareness program improve resistance to attacks or just cause training fatigue??
If your organization’s security awareness training is causing training fatigue, can it really be helping employees to resist cyber attacks?
Case Study: How to lose most of your digital life, while you sleep…
When hackers attempt to hijack your email account, there may be some clues that will tip you off. But with the right conditions, an attacker may be able to reset your email password and access many accounts you have access to. In this example, an engineer in San Francisco lost $100,000 in crypto currency this way.
