News and Insights
Get the latest Click Armor news and expert insights to help you fight phishing, social engineering scams and other risks related to human behaviors.
Announcing the “Can I Be Phished?” podcast – unboxing the most common attacks!
Click Armor is proud to announce that we have published our first episode of the "Can I Be Phished?" podcast, where we take a closer look at some of the most common and dangerous phishing attacks and scams. The podcast is available on Youtube for video and on popular...
Can we stop saying “Security is everybody’s business” now?
Spoiler: Sorry. These days, it’s becoming increasingly clear that security is becoming an even bigger part of “everybody’s business”. People instinctively feel their productivity is hindered by security IT’s always been easy to blame the IT organization’s security...
How MSPs can overcome common objections from their customer base, to implement continuous cybersecurity awareness
Managed Service Providers (MSPs) that deliver IT services to small and medium-sized businesses have a real dilemma when it comes to security awareness training. According to a forum post I read recently, the vast majority of MSPs believe that it is valuable, if not...
Shared Security Podcast celebrates its 100th episode
It has been my pleasure to have co-hosted 100 episodes of the Shared Security Podcast with Tom Eston. We have been practicing social distancing religiously for over 10 years. In fact, we have never met in person. Tom and I were brought together by the early...
What should you do when you receive a Microsoft Office document has Macros in it?
On May 18, 2020, Microsoft issued a warning about a massive phishing attack that uses a spreadsheet attachment that claims to have information about COVID-19 deaths. Unfortunately, the attachment contains a macro that tries to install a remote access tool if you allow...
What can be done about phishing and social engineering scams that impersonate your organization?
There is one thing about phishing and social engineering scams against customers or external partners that impersonate your organization, which makes them impossible to detect with technology…
6 myths about using gamification for security awareness training
I have heard many reasons why people are hesitant to use gamification as the basis for their security awareness training programs. But in reality, most of the time, there is a clear argument that favors using gamified learning and assessment. But as with any...
What is the difference between regular phishing and spear-phishing?
Executive Summary: The short answer to this question is that “phishing” is an opportunistic email attack that targets many people with a “false-premise” (or lie) to trick at least some of them into take an action for the attacker’s benefit. The attacker doesn’t really...
What does a surge in phishing attacks look like? (Part 1 of 3)
You’ve probably heard that since the pandemic hit there has been a surge in phishing email attacks on employees and individuals. For example, this article at Forbes.com references a report by Atlas VPN that says the number of phishing websites (or landing pages) has...
What does a surge in phishing attacks look like? (Part 2 of 3)
In the first part of this blog series, I looked at how the number of phishing websites has surged recently during the pandemic. Now, let’s look at an example of how this is impacting businesses, like NASA, which has reported a doubling of attacks. NASA's ability to...
What does a surge in phishing attacks look like? (Part 3 of 3)
WHAT DOES A SURGE IN PHISHING ATTACKS LOOK LIKE? (PART 3 OF 3) - A CREATIVE EXAMPLE THAT MIGHT CATCH YOU In Parts 1 and 2 of this series, I looked at what phishing websites are, and what the surge in phishing attacks looks like and means to a business. In this part,...
There’s a new game in town to help you fight the wave of COVID-19 related phishing attacks – “Can I Be Phished?”
Click Armor’s new online phishing awareness game is now free to everyone at http://canibephished.com, to test your proficiency at spotting potentially unsafe email messages.
How do attackers exploit our emotions through societal crises like the coronavirus outbreak
It is inevitable that cyberattackers will increasingly target the emotions of employees to get them to react without thinking about related risks. Continuous cybersecurity awareness is the best way to help staff prepare for those emotional situations, and improve resilience to attacks.
Double Dipping – Why having backups may give you a false sense of security against ransomware
Why attackers who infect your system may try double dipping if you don’t pay them. Another reason to avoid ransomware at all costs.
Balancing employee productivity against cybersecurity risk avoidance
When employees have conflicting priorities they may take actions that they think will make them most productive. This can introduce risks into business processes. Management has to take some responsibility beyond saying “be more careful.”
