-
Listen Now
EPISODE 262
Broadcast Date:
December 14, 202223 minutes
Podcast Dec 14, 2022Root Causes 262: The Continuing Erosion of Online Identity
We look back at the continued erosion of reliable online identity, including deep fakes, celebrity phishing, AI-generated art and Twitter blue check marks.
-
Listen Now
EPISODE 261
Broadcast Date:
December 13, 202210 minutes
Podcast Dec 13, 2022Root Causes 261: Why I Don't Say Spoof
The word spoof is a security industry term used regarding social engineering attacks. We discuss why this word is problematic in a security context.
-
Listen Now
EPISODE 238
Broadcast Date:
August 15, 202217 minutes
Podcast Aug 15, 2022Root Causes 238: Tim's Big Phishing Adventure
Tim's identity as a Sectigo executive is being used in a "waterholing" phishing scam to raid job seekers' bank accounts. We describe what is going on.
-
Listen Now
EPISODE 213
Broadcast Date:
March 31, 20228 minutes
Podcast Mar 31, 2022Root Causes 213: 600-domain Phishing Attack
A recent phishing campaign encompassed 600 unique domains. We discuss the implications of a campaign of this scale and high level of organization.
-
Listen Now
EPISODE 93
Broadcast Date:
May 21, 202015 minutes
Podcast May 21, 2020Root Causes 93: Videoconferencing Phishing
With the global workforce's massive shift to work-from-home, a clever new set of opportunistic social engineering attacks has sprung up to take advantage of our unfamiliarity with our new communication and collaboration applications and processes. In this episode our hosts describe these new attacks and what IT departments can do to combat them.
-
Blog Post Apr 08, 2020
Top Tips to Prevent “Zoom Bombing”
I recently compiled useful tips published by the FBI, Zoom, and other authoritative sources, to help our internal team prevent unwanted Zoom visitors during calls during this new era of widespread videoconferencing.
-
Blog Post Nov 26, 2019
On Black Friday and Cyber Monday, Look Out for “Not Secure” Warnings
As millions of people visit online retailers to spend their hard-earned money this holiday, cybercriminals will be working to trick consumers into mistakenly sending that money their way, instead. A number of browsers are pioneering new ways for users to recognize that the site they are visiting might not be what it appears. Non-HTTPS pages, or pages without an EV SSL certificate validating them as trustworthy, will be flagged as potentially dangerous sites.
-
Blog Post Nov 05, 2019
Social Engineering: Friend or Foe?
In a social engineering attack, a bad actor uses human interaction (social skills) to acquire information about a company and/or its computer systems. Attackers often seem unassuming and respectable, often claiming to be a new employee, a service technician, or a member of the service-providing company and may even offer credentials to support that identity.
-
Blog Post Oct 24, 2019
Proceed with Caution: Tips for Avoiding Email Phishing Scams
More than 90% of data breaches start with a phishing attack. Being able to spot phishing scams starts with knowing what motivates fraudsters. Here are the most common tactics used in email phishing and how to avoid becoming a victim.
-
Listen Now
EPISODE 39
Broadcast Date:
September 26, 201920 minutes
Podcast Sep 26, 2019Root Causes 39: New University Research on Phishing and Certificates
The majority of phishing sites now use SSL certificates to closely imitate the behavior of legitimate sites. Join our hosts as we dig into these findings.
-
Learn More
Cyber Insurance Claims Double as BEC Overtakes Ransomware
News Article from Sectigo
News Article Sep 03, 2019An AIG report says that a quarter of reported incidents in 2018 were due to business email compromise (BEC), up from 11 percent in 2017. Sectigo's Tim Callan comments here about the skyrocketing number of email attacks.
-
Blog Post Aug 26, 2019
Mozilla Should Reconsider Removing the EV Green Address Bar
The week before last, very quickly and without advance warning, Mozilla announced that it would remove the Extended Validation SSL certificate indicator from its upcoming build 70. This announcement spawned a very lively debate that is still going on. Below is my response to the thread, explaining why I believe it to be ill- considered and detrimental to overall internet security. Jason Soroko and I also covered Mozilla's decision to remove the EV SSL indicator in our Root Causes PKI and security podcast series.
