Platform

Unify HRM Overview

Platform

Capabilities

Identify: HROC Dashboard
Human Risk Quantification (HRI)

Insights

Benchmarking

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report
Report
Measure progress and ROI of action plans

Board and Executive Reporting

Manager Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

June 15, 2020

Five Types of Themed-Phishing Scams and How to Avoid Them

Curious about what’s new in the phishing world? Eager to know what bait cyber criminals are using so you don’t get caught like a fish on a hook? Check out our list of five phishing themes, which act as the best ground bait for Internet users.

2020 Top Phishing Scams

We’ve talked about phishing before and if you need a refresher, check out this link.

Today, we’re looking into 5 types of themed phishing scams. We want to tell you which scams are most notorious in 2020 so that you can be ready if you are ever on the receiving end. Here’s some real-life examples and how to avoid them.

COVID-19 or the novel coronavirus
- Example: COVID-19 cases surpassed 300,00 globally
- Unsurprisingly, coronavirus (or COVID-19) is the undisputed winner here. The whole world is worried about the current pandemic, offering cybercriminals an ideal opportunity to exploit our fear and attack us when we are most vulnerable. In a single week in April, Google blocked more than 18 million COVID-19 phishing emails daily. That gives you an idea of the scale of the problem. :/
- Themed Phishing photos
Donations for fake charities and healthcare organizations
- Example: We need your support! Donate now!
- Donations is a classic example of a popular phishing theme, which gained an extra twist with the COVID-19 pandemic. Cybercriminals are pretending they are charities or companies working to develop vaccines or drugs for the novel coronavirus. They hook you in by explaining how you can do your part by donating in order to fund their studies or charitable work.
Tests and cure for coronavirus
- Example: New COVID-19 prevention and treatment information! Attachment contains instructions from the U.S. Department of Health on how to get the vaccine for FREE
- In this type of phishing scam you receive an email saying that the test for coronavirus is available for you for free or that there is a new drug that will eliminate coronavirus completely. To get it, you just need to click the link below and provide your personal details…
Economic relief
- Example: IMPORTANT: Details on the government scheme to help businesses affected by the COVID-19 pandemic
- For some, the current lockdown means severe financial problems. Governments in many countries promised to help businesses and entrepreneurs which were negatively affected. To make the most out of this situation, fraudsters and cyber criminals produce emails about available financial support schemes. They look like they are coming from a government agency or a bank and very often contain notorious malware!
- Spoofed IRS Payment Credential Phishing Page via cmattayers[.]com
Remote work
- Example: Message Detail Internal Communication Alert: Coronavirus (COVID-19) Update
- Working from home is today’s reality. Many companies switched to remote work at the end of March and are still operating this way. Communication between the employees is done by emails, which opens doors to a huge wave of cyber-attacks. Cybercriminals can pose as your employers, sending you updates on the company’s policies. Or they can pretend to be your IT department, emailing you a link to download a new software which allegedly increases the company’s teleworking capabilities.

How Not to Get Caught?

Phishing emails are becoming much more sophisticated and creative. At the moment, they are the most common tool used by cybercriminals. To help you stay safe online we prepared a list of things you should remember when checking your emails.

Stay alert and ask yourself questions! If an email contains info that looks unreal or too good to be true, you should not open it. If anything looks suspicious, it’s because it definitely is!
Verify before you click a link or submit any personal information. If it’s an email from your bank or an organisation you know, call them and ask if they really sent it to you.
Never download anything you received in an email unless you are 100% sure it’s from a trusted source.
If you’re interested in the information the email claims to have, google it. Visit verified websites and check there.
If in doubt, don’t open it! Ask your IT department or simply delete the message.
Invest in training. Your attention and knowledge are your best defense against phishing attacks. Good training will make you more aware of tactics used by cybercriminals and will help you stay safe.