ActiSoft Technology - Blog , EducationActiSoft Technology - Blog , Educationhttps://www.actisofttechnology.com/blogs/educationWed, 22 Apr 2026 17:12:36 +0200http://zoho.com/sites/<![CDATA[Every Employee is Part of Your Security]]>https://www.actisofttechnology.com/blogs/post/every-employee-is-part-of-your-securityBlog courtesy of KnowBe4 Written by Stu Sjouwerman Employees are an essential component of an organisation’s security defences, according to Nico Popp, ]]>
Blog courtesy of KnowBe4
Written by Stu Sjouwerman
Employees are an essential component of an organisation’s security defences, according to Nico Popp, Chief Product Officer at Forcepoint. On the CyberWire’s Hacking Humans podcast, Popp explained that humans generally want to do the right thing and can help prevent cyberattacks that can’t be stopped by technical safeguards. Popp pointed to the way financial institutions have their customers verify potentially suspicious transactions as an example of this.


“I always use the example of credit card companies,” he said. “They have been brilliant. You know, they have huge fraud issues. And what have they done? They basically involve us in the process of solving, right? They don't always block your credit card. They may block you, but they may ask you, you know what? We've seen that transaction. It looks suspicious to us. Is that really you trying to complete this thing? And it's working, right? Can you imagine, they are using all these consumers to solve the fraud problem? And, of course, we care. So we participate.”
Popp concluded that organisations need to shift the way they think about how employees fit into their security posture.


“So, taking that concept of putting the human in the middle and saying, look, you’re part of the solution,” Popp said. “We're going to engage you. It’s not just about monitoring you, spying on you. Quite the opposite. We’re trying to make you better. But also, we want you to be part of our cybersecurity team, you know, because we want to be able to leverage the fact that we have this smart and caring human being, common folks behind the keyboard that also care about the company assets and can help there. Something that cyber has never done, really, that whole idea of putting humans in the middle of cyber. It’s all this different dimension, these different approaches.”


New-school security awareness training can create a culture of security within your organisation by enabling your employees to thwart social engineering attacks.              


The CyberWire has the story.

Request A Demo: Security Awareness Training

New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!
]]>Tue, 09 Feb 2021 13:52:55 +0000<![CDATA[Here Are Some Truly Scary Social Media Stats!]]>https://www.actisofttechnology.com/blogs/post/here-are-some-truly-scary-social-media-statsBlog courtesy of KnowBe4 Written by Stu Sjouwerman Scamming incidents have increased by 519% in 2020 compared to last year, according to researchers at ]]>

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

Scamming incidents have increased by 519% in 2020 compared to last year, according to researchers at Baltimore-based ZeroFOX. The researchers compared their own data to a recent report from the Federal Trade Commission, which found that scams on social media have skyrocketed since the start of the pandemic earlier this year. ZeroFOX says their data aligns with the findings in the FTC’s report, and they’ve observed a significant year-over-year increase in scams:

    • 423% increase in Financial Services (scammers/money mulers targeting banking customers)

    • 1579% increase in Retail scams

    • 226% increase in Consumer Goods scams

    • 295% increase in HR scams, which could align with scammers looking to capitalize on work from home opportunities and lay-off/furloughs due to the pandemic

    • 164% increase in crypto giveaway scams, where an account is taken over or an impersonator profile is created to look like an influencer to peddle the scam

    • 609% increase in money flipping scams

    • 100% increase in impersonating profiles that have someone who claims to work for a company in HR, but does not.

ZeroFOX concludes that this activity will continue to proliferate, since scammers have no reason to change their methods.

“ZeroFOX Alpha Team assesses that scammers will likely continue to use the pandemic as an opportunity to take advantage of desperate consumers,” the researchers write. “Emotional and economic distress can leave victims vulnerable to these scams, especially ones designed to alleviate stress and reduce the impact of the pandemic. Alpha Team also assesses that the scam types will remain constant and we will not see many new scams, mostly due to the years of experience and resources available for tried and tested scams. The old adage ‘don’t fix what isn’t broke’ applies to bad actors as well. As always, be mindful when using social media for business or for personal use to prevent yourself from becoming the next victim to a social media scam.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling victim to social engineering techniques.

ZeroFOX has the story.
Don't get hacked by social media phishing attacks!
Many of your users are active on Facebook, LinkedIn, and Twitter. The bad guys use these platforms to scrape profile information of your users and organisation to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organisation's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organisation at risk.

Here's how the Social Media Phishing Test works:

    • Immediately start your test with your choice of three social media phishing templates
    • Choose the corresponding landing page your users see after they click
    • Show users which red flags they missed or send them to a fake login page
    • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered
Go Phishing Now!

Don't like to click on redirected buttons? Cut & Paste this link in your browser:


https://info.knowbe4.com/social-media-phishing-test-partner?partnerid=0010c00001ywD8SAAU

]]>Thu, 29 Oct 2020 15:04:40 +0000<![CDATA[Don't be Fooled by Fakes]]>https://www.actisofttechnology.com/blogs/post/dont-be-fooledPhishing emails come in all shapes and sizes, some seem extremely poor, and some are very authentic. Both have their purpose. The poor ones with spelli ]]>

Just a Little Phish

Phishing emails come in all shapes and sizes, some seem extremely poor, and some are very authentic.


Both have their purpose.


The poor ones with spelling mistakes and bad grammar are not a mistake, they are intentional. They are looking to draw in those that will fall for the scam and will pay, they are homing in on their ‘target market’. If you spot the mistakes you are not the type of person who would fall for their scam whether they are perfectly written or not.


It is all about their conversion rates, we will be going into more detail on this in a future blog.


In the past they have done it to try and beat email security and spam filters. They have done their A/B testing and know what works!

If the email is coming from an individual as opposed to an organisation it makes them seem more authentic, most people do not write their emails as a professional copy writer would.


We all make typo’s and don’t always use the correct grammar, were human and make mistakes, when we receive such an email we can all associate with it. Recent attacks have mentioned an attachment in the email but haven’t attached anything, we’ve all done that, but the scammers do it to build rapport as their ‘error’ is relatable.


Never dismiss the sender of poorly written Phishing emails as stupid, unfortunately they are usually quite smart and have done their homework on human behaviour.


With emails sent from organisations we are usually less sympathetic to typo’s and grammatical errors after all they should go through a process and be proof read and approved.


See the example below that I have received today;

The above is a screenshot of an email received and viewed on my mobile phone. As you will be aware they don’t usually show the full sender so unless you click on the sender’s ‘Display Name’ to see the full email address you could be duped into believing that it may be genuine.


If you were to compare this email to a genuine one from Amazon you would spot very few errors. The links at the top of the email to ‘Your Orders’, ‘Your Account’ and ‘Amazon.com’ are all genuine links that take you to the real Amazon site. This is a common tactic used by bad actors to provide a level of authenticity to their communication.


Can you spot any mistakes or grammatical errors on the email?


The ‘nasty’ is in the ‘Revise your payment’ which is the main link you are going to go for. With the current economic climate and everyone worrying about their financial position such Phishing emails are preying on the fear of a payment ‘bouncing’.


Spelling and grammar are more important when impersonating a brand as the expectation is that they will be checked before being sent out.


I can’t think of a single brand that would start their communication with just ‘Hello’. They will use your name as opposed to nothing or customer etc. If your email has been part of a data breach elsewhere they may not have your name and with personal email addresses it is difficult to get a name, how would you get a first name from skywalker785342@?


How could I easily tell it was a phishing scam? I don't have an Amazon Prime Membership!

We cannot be too careful when clicking on links in emails, even ones from trusted sources. A single momentarily lapse can cause you a lot of grief and money.


Pass what you learn on to those that don’t spend their working day in front of a computer and aren’t as tech savvy that way we are all working towards reducing the threat.

Also, take one minute out of your day to report these emails, nothing can be done about them if the relevant authorities or brands know nothing about them.


I forwarded this one onto stop-spoofing@amazon.com and report@phishing.gov.uk. It does make a difference and it does get acted upon.


For text scams forward them onto 7726.

To find out all about the different methods of Phishing that there are visit our pages using the links below;


Phishing           Spear-Phishing         CEO Fraud         Social Engineering

]]>Mon, 07 Sep 2020 11:19:13 +0000<![CDATA[Something looks Phishy!]]>https://www.actisofttechnology.com/blogs/post/something-looks-phishyTrain & Educate your users so that they can make better informed decisions.]]>

Can your users spot a phish?

When you have a new starter in your organisation you give them the latest hardware and other fancy gadgets. You teach them how to use your business system, how to book holiday, how to claim for expenses but do you train them on what to look out for on a phishing email?


You want them to hit the ground running contributing to the business increasing the bottom line of the company and you want that return on investment as quickly as possible so why bother having them trained in something they should already know or something that doesn't contribute to the bottom line?


The reason to train your users in how to recognise a phishing email or to at least raise concerns with the IT Department protects your bottom line, one wrong click and you could be paying the price for training your users!


Many security reports from trusted sources are telling us that threats to businesses are growing and are going to continue growing year on year. There has been an increase in phishing, spear phishing and whaling attacks and whilst the majority will be picked up by email and spam filtering it only takes one to get through to cause devastation to your company then you are down to relying on your tape backups for recovery, remember those tape backups that you have been meaning to test but haven't gotten around to it yet...

A lot of companies help the threat actors with the information they give away on the company website, job titles, email address, mobile phone number etc and this will increase the chances of Social Engineering attacks.


Am I scaring you? I hope not, but these are unfortunately the facts of life as we know it in the cyber world and it is only going to get worse. If you get a Ransomware attack from a phishing email less than 50% of companies who pay get their data back and also open themselves up to further attacks as they are willing to pay. Anyone wanting to start a phishing campaign doesn't have to be very technical nowadays as they can buy a campaign for $200 or so on the Dark Web. 91% of data breaches start from a spear phishing attack and you can do something to make sure it doesn't impact you.


You will have heard about the need to create a multi-layered approach to Data and Cyber Security, in fact I am always trying to preach that! That layering system is not just about having firewalls, Anti-Virus and all the other bits, it's also about training your users and letting them know how to deal with a suspicious email.


The criminals see your users as low-hanging fruit. Give your users the tools to fight back by training them in what red flags to keep an eye out for, keep their training up to date as cyber criminals are finding new ways to try and get at you everyday. This way you are turning that low-hanging fruit into a Human Firewall!

Shameless Plug Warning!

Yes we do sell Security Awareness Training and you will be pleasantly surprised how inexpensive it is and the ROI! Contact us for a demo and a quote.


You can run a free phishing email test with up to 100 emails addresses on the same domain to see how it works along with other fantastic tools! Check out the FREE Tools


Be safe out there!

#thinkb4uclick #mssp #managedsecurityservices

Get Started Now
]]>Mon, 24 Feb 2020 10:26:00 +0000