Posts

Showing posts with the label FBI

FBI Warns of Hidden Threats in Remote Hiring: Are North Korean Hackers Your Newest Employees?

Image
The Federal Bureau of Investigation (FBI) recently warned employers of increasing security risks from North Korean workers infiltrating U.S. companies by obtaining remote jobs to steal proprietary information and extort money to fund activities of the North Korean government. Companies that rely on remote hires face a tricky balancing act between rigorous job applicant vetting procedures and ensuring that new processes are compliant with state and federal laws governing automated decision-making and background checks or consumer reports. Quick Hits The FBI issued guidance regarding the growing threat from North Korean IT workers infiltrating U.S. companies to steal sensitive data and extort money, urging employers to enhance their cybersecurity measures and monitoring practices. The FBI advised U.S. companies to improve their remote hiring procedures by implementing stringent identity verification techniques and educating HR staff on the risks posed by potential malicious actors, incl...

AI versus MFA

  Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find multifactor authentication (MFA) at or near the top of every list. Government agencies responsible for helping to protect the U.S. and its information systems and assets (e.g.,   CISA ,   FBI ,   Secret Service ) send the same message. But that message may be evolving a bit as criminal threat actors have started to exploit weaknesses in MFA.   According to a recent report in  Forbes , for example, threat actors are harnessing AI to break though multifactor authentication strategies designed to prevent new account fraud. “Know Your Customer” procedures are critical in certain industries for validating the identity of customers, such as financial services, telecommunications, etc. Employers increasingly face similar issues with recruiti...

Business Email Compromise Scams: What They Are, and How to Avoid Them

Image
  In an increasingly digital world, the rise in cybercrime involving email scams has become a significant threat to individuals and organizations alike . These sophisticated attacks exploit human psychology and technological vulnerabilities, luring unsuspecting victims into divulging sensitive information or transferring funds. With the proliferation of Business Email Compromise (BEC) scams, and the fact that cybercriminals are continually refining their tactics, the urgency for businesses to be wary about protecting their assets has never been greater. Quick Hits According to the FBI,  Business Email Compromise (BEC) scams  often involve the spoofing of a legitimate, known email address or the use of a nearly identical address to appear as someone known to or trusted by the victim. Real Estate Wire Fraud is a subcategory of BEC, in which criminal actors target individuals or companies executing large wires related to real estate transactions. From 2020 to 2022, there was...