What is CEO fraud? c/o KnowBe4.com

Irvine, CA - CEO fraud is a phishing scam in which cybercriminals spoof company email accounts

and impersonate executives to try and fool an employee in accounting or HR into executing unauthorized wire transfers, or sending out confidential tax information.

The FBI calls this type of scam "Business Email Compromise" and defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”

In the time period from January 2015 to June 2016, the FBI reported a 1300% rise in lossesfrom this type of fraud. Most victims are in the US (all 50 states), but companies in 100 other countries have also reported incidents. While the fraudulent transfers have been sent to 79 countries, most end up in China and Hong Kong. Unless the fraud is spotted within 24 hours, the chances of recovery are small.

Four Attack Methods

Understanding the different attack vectors for this type of crime is key when it comes to prevention. This is how the bad guys do it:

What is CEO fraud? c/o KnowBe4.comtlgadmin2019-11-19T21:29:11-08:00

DFARS 252.204-7012 is going to define new winners and losers in defense contracting

Kevin McDonald has just published his latest article of DFARS (Defense Federal Acquisition Regulations Supplement) at SearchCompliance.TechTarget.com. If you fall into this category, a recently implemented rule from the Department of Defense called the Defense Federal Acquisition Regulation Supplement (DFARS) [...]

DFARS 252.204-7012 is going to define new winners and losers in defense contractingOli Thordarson2020-04-08T23:08:28-07:00

Aligning IT and compliance procedures increasingly a business priority

Kevin McDonald writes for TechTarget SearchCompliance on Aligning IT and compliance procedures increasingly a business priority. He says, "When I've asked IT pros about HIPAA Security Rule compliance within their organization, they've typically responded with, "That is the compliance officer's realm" [...]

Aligning IT and compliance procedures increasingly a business priorityOli Thordarson2020-04-08T23:10:49-07:00

Auto-fill Phishing Attack – This is scary. You better turn off your browser’s auto-fill feature.

There is interesting breaking news from web developer and hacker Viljami Kuosmanen as reported in The Guardian - Browser autofill used to steal personal details in new phishing attack.

“The phising attack is brutally simple… when a user fills in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.”

Disabling Autofill in Web Browsers

Google Chrome

1. At the top right, click on the Settings icon (represented by three vertical dots)....

Auto-fill Phishing Attack – This is scary. You better turn off your browser’s auto-fill feature.tlgadmin2024-04-21T19:39:44-07:00

CEO Message

Alvaka's Philosophy

Alvaka Facilities

Management Solutions

Services Overview

Ransomware Prevention

Ransomware Recovery

Infrastructure Monitoring

DFARS Compliance

NIST 800-171

Vulnerability Management as a Service

"Net" Solutions

AlvakaNet

NetPlan

NetSecure

Network Management Consulting

"Worx" Solutions

Software Patching

Backup & Disaster Restore

Advanced Email Security

Advanced Email Filtering

Staff Augmentation

What is CEO fraud? c/o KnowBe4.com

Irvine, CA - CEO fraud is a phishing scam in which cybercriminals spoof company email accounts

and impersonate executives to try and fool an employee in accounting or HR into executing unauthorized wire transfers, or sending out confidential tax information.

DFARS 252.204-7012 is going to define new winners and losers in defense contracting

Aligning IT and compliance procedures increasingly a business priority

Auto-fill Phishing Attack – This is scary. You better turn off your browser’s auto-fill feature.

There is interesting breaking news from web developer and hacker Viljami Kuosmanen as reported in The Guardian - Browser autofill used to steal personal details in new phishing attack.

Disabling Autofill in Web Browsers

You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.

For example, someone making $80,000 per year will typically work 52 weeks of 40 hours, or 2080 hours. $80,000 divided by 2080 is $38.46/hour. Multiply that hourly rate by 1.3, and you get $50.00/hour.

There are many variables to consider. Some are:

How long does it take you to download patches for each system/site?

Are you able to patch multiple systems in parallel?

How many software applications are you patching?

How many reboots are involved, etc.?

What kind of reporting must be completed to satisfy auditors and regulators? And how will you collect and document that information to prove compliance?

Smoke testing is a type of software testing performed by Alvaka after a software patching sequence to ensure that the system is working correctly and to identify any misconfigurations or conflicts within the patched system.

Smoke testing is a term used to describe the testing process for servers after patches are applied.