FCPA Compliance Report-Episode 408, Brad Davis on Social Engineering for Data Protection
The SafePay ransomware group has been active since fall 2024 and has increased its activity this spring and summer. According to NCC Group, SafePay hit the most victims of any threat actor in May 2025—it is linked to 248...more
The global cyber scam industry is a multi-billion dollar racket run by crime syndicates who often operate through massive compounds known as “scam farms” in far flung locations. On our shores, many businesses fall prey to...more
On June 27, 2025, the Federal Bureau of Investigation (FBI) issued a warning on X to the airline and transportation sectors that the notorious cyber criminal ring Scattered Spider is attacking those sectors....more
Several insurance companies have been targeted this month by cyberattacks, including AFLAC, Erie Insurance, and Philadelphia Insurance. The threat actor, Scattered Spider, is now focusing on the insurance industry. We want to...more
When assessing cybersecurity risk in your organization, it is important to understand your users and their behavior. A new study by Keepnet sheds light on new hire behavior concerning phishing susceptibility. According to its...more
We’re back with a deeper dive into the 2025 Data Security Incident Response Report, which features insights and metrics from more than 1,250 incidents in 2024. This episode dives deeper into the data, including network...more
The cybercrime group known as Scattered Spider is at it again, according to Google’s Threat Intelligence Group. This criminal group is known to focus its cyber attacks on one sector at a time. Last spring, it was the retail...more
Every year, BakerHostetler collects, analyzes and compares key metrics on the incident response matters we handled in the prior year. The Data Security Incident Response (DSIR) Report presents key findings and trends, along...more
A threat actor group with ties to the Democratic People’s Republic of Korea (“North Korea”) called Contagious Interview is using front companies to spread malware through fake job interviews. This group has a history of...more
A recent court case has unveiled a new level of sophistication in attacks targeting high-net-worth cryptocurrency holders. In a meticulously orchestrated scheme, hackers managed to steal more than $40 million in bitcoin from...more
Most professionals are aware of the April 15 tax deadline. We know that fraudsters certainly are! As Tax Day approaches in the U.S., we encourage all to be mindful of several phishing campaigns that Microsoft has observed...more
At this point, your IT department has almost certainly warned you to approach your e-mail inbox with skepticism--for good reason. Cybercriminals regularly and effectively impersonate our legitimate contacts for illegitimate...more
HaveIBeenPwned is a website that allows users to check whether their data has been involved in data breaches. The website’s creator, Troy Hunt, was the subject of a phishing attack earlier this week....more
We have educated our readers about phishing, smishing, QRishing, and vishing scams, and now we’re warning you about what we have dubbed “snailing.” Yes, believe it or not, threat actors have gone retro and are using snail...more
CrowdStrike recently published its 2025 Global Threat Report, which among other conclusions, emphasized that social engineering tactics aimed to steal credentials grew an astounding 442% in the second half of 2024....more
AI-enabled technology enhances threat actors’ ability to engage in advanced and difficult-to-detect forms of social engineering to deceive employees and circumvent companies’ security controls. Companies may consider new...more
As part of Data Privacy Awareness Week, Ward and Smith is spotlighting the most common types of data breaches that businesses encounter. In Part 1, we explored the industries most vulnerable to cyberattacks, highlighting the...more
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find...more
Last month, the New York State Department of Financial Services (“DFS”), which has broad regulatory powers over financial services-related entities and insurance companies operating in New York State, published guidance...more
Editor’s Note: This webcast brings together some of HaystackID’s top experts to dissect the intricacies of Business Email Compromise (BEC) attacks—a rapidly growing threat impacting organizations globally. During the...more
On October 16, 2024, the New York Department of Financial Services (NYDFS) issued an industry letter entitled “Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks” in response to...more
On October 16, the New York State Department of Financial Services (NY DFS) issued an industry letter to entities regulated by NY DFS (covered entities) providing guidance addressing the cybersecurity risks associated with...more
Most policyholders are aware of the danger of losses from fraudulent instructions and invoices accomplished through what is known as “social engineering” or related methods. Often this is carried out by an email claiming to...more
As the manufacturing sector continues to embrace the hyper-connected era of Smart Manufacturing, known as Industry 4.0, more and more organizations are integrating advanced automation, artificial intelligence (AI), the...more
Cyberattacks powered by artificial intelligence have become more sophisticated as bad actors utilize machine learning to analyze vulnerabilities, automate exploits, and outpace traditional security measures. Through the use...more