Cybersecurity experts and companies on Long Island are looking for ways to shore up the weakest link on company computer networks : the employee . Local cybersecurity professionals are creating interactive comic books , testing employees with simulated phishing emails — tailored messages that seek to obtain key information , such as passwords — and seeking to convince top executives that the threat of business disruption from hacking requires their attention . “ The biggest problem is not the technology ; it ’ s the people , ” said Laurin Buchanan , principal investigator at Secure Decisions , a division of Northport software developer Applied Visions Inc. Sixty percent of cyber-assaults on businesses can be traced to insiders ’ actions , either inadvertent or malicious , according to a 2016 study by IBM Security . The average cost of a data breach Attack.Databreach for U.S. companies is $ 7.4 million , or $ 225 per lost or stolen record , a June 2017 study by IBM and the Ponemon Institute , a Traverse City , Michigan , researcher , found . Costs related to data breaches Attack.Databreach can include the investigation , legal costs to defend against and settle class-action lawsuits , credit monitoring for affected customers , and coverage of fraud losses . Harder to gauge is the cost to a company ’ s reputation . One of the largest hacks Attack.Databreach ever was disclosed this month , when credit reporting company Equifax Inc. revealed that sensitive data from 143 million consumers , including Social Security numbers and birth dates , was exposed Attack.Databreach . A stock analyst from Stifel Financial Corp. estimated that the attack will cost Equifax about $ 300 million in direct expenses . Investors seem to think the incident will have a much greater impact on At a seminar in Garden City this month , Henry Prince , chief security officer at Shellproof Security in Greenvale , explained how in a ransomware attack Attack.Ransom — one of many types — cybercriminals can buy specialized tools such as those used to send Attack.Phishing phishing emails . The easy availability of that software means that hackers require “ no programming experience , ” Prince said . Phishing emails can be blocked by company email filters , firewalls and anti-virus software . But if one gets through Attack.Phishing and an employee clicks on the link in the phishing email , the business ’ network is compromised . Hackers can then encrypt files , preventing access to them by the company and crippling the business , Prince said at the seminar . Hackers then can demand payment Attack.Ransom , typically in an untraceable cryptocurrency like Bitcoin — a digital asset that uses encryption — before agreeing to decrypt the files . “ Ransomware is a business to these people , ” Prince said . “ Ninety-nine percent of the time , ransomware requires user interaction to infect. ” Della Ragione echoed that sentiment : “ The greatest risk at a company is the employees . Training employees is one of the best steps in shoring up your defenses. ” In response , many local experts and companies focus on teaching employees how to resist hackers ’ tricks . Secure Decisions has developed interactive comics to teach employees ways of detecting “ phishing ” emails and other hacking attempts . The company has gotten more than $ 1 million for research related to the interactive comic project , known as Comic-BEE , from the Department of Homeland Security , as well as a grant for $ 162,262 from the National Science Foundation . The comics , inspired by children ’ s “ Choose Your Own Adventure ” books , feature different plots depending on the reader ’ s choices . “ If you can give people the opportunity to role-play , some of the exhortations by the experts will make more sense , ” Buchanan said . The comics are being field-tested at several companies and Stony Brook University . They were featured in July at a DHS cybersecurity workshop in Washington , D.C. Radu Sion , a computer science professor at Stony Brook and director of its National Security Institute , which studies how to secure digital communications , acknowledged that security is far from a priority for most users . “ Ultimately , the average Joe doesn ’ t care , ” he said . “ You [ should ] treat the vast majority of your users as easily hackable. ” Northwell Health , the New Hyde Park-based health care system that is the largest private employer in New York State , is trying to find and get the attention of those inattentive employees . Kathy Hughes , Northwell vice president and chief information security officer , sends out “ phishing simulations ” to the workforce . The emails are designed to mimic Attack.Phishing a real phishing campaign Attack.Phishing that seeks passwords and personal information . In April , for instance , Northwell sent out Attack.Phishing phishing emails with a tax theme . Hughes collects reports on which employees take the bait Attack.Phishing by user , department and job function . “ We present them with a teachable moment , ” she said . “ We point out things in the email that they should have looked at more carefully. ” The emails are supplemented with newsletters , screen savers and digital signage reminding users that hackers are lurking . Another tool : Non-Northwell emails have an “ external ” notation in the subject line , making it harder for outsiders to pretend to be Attack.Phishing a colleague . “ We let [ the employees ] know that they are part of the security team , ” she said . “ Everybody has a responsibility for security. ” One of the most important constituencies for security is top executives . Drew Walker , a cybersecurity expert at Vector Solutions in Tampa , Florida , said many executives would rather not know about vulnerabilities to their computer systems , because knowledge of a hole makes them legally vulnerable and casts them in a bad light . “ Nine times out of 10 , they don ’ t want to hear it , ” he said . “ It makes them look bad. ” Richard Frankel , a former FBI special agent who is of counsel at Ruskin Moscou , said that company tests of cybersecurity readiness often snare CEOs who weren ’ t paying attention to training . But attorney Della Ragione said high-profile attacks are getting notice from executives . “ Everyone ’ s consciousness is being raised , ” she said . Data leaks Attack.Databreach at Long Island companies have caused executives to heighten security . In 2014 , Farmingdale-based supermarket chain Uncle Giuseppe ’ s Marketplace said that foreign hackers had breached Attack.Databreach the credit card database of three stores . Joseph Neglia , director of information technology at Uncle Giuseppe ’ s , said that after the data breach Attack.Databreach , which affected about 100 customers , the company began scheduling “ monthly vulnerability scans ” and upgraded its monitoring and security systems . For businesses , Stony Brook ’ s Sion said , the cybersecurity threat is real and immediate . “ I need one second with your machine to compromise it forever and ever , ” he said . “ It ’ s an uphill battle . ”

Criminals are trying to steal money from Netflix customers with a sophisticated new scam Attack.Phishing . Subscribers are being sent Attack.Phishing convincing fake emails asking them to update their payment information . While they look to be Attack.Phishing from Netflix itself , they are in fact from criminals and scammers . The message currently circulating reads : `` We 're having some trouble with your current billing information . `` We 'll try again , but in the meantime you may want to update your payment details . '' There is a red button telling you to `` Update Account now '' at the end of the message . This link takes you to a fake-designed site to look like Attack.Phishing Netflix , but in fact is run by scammers . An urgent warning has been issued about the email by the Federal Trade Commission , a US government agency that told consumers not to `` take the bait Attack.Phishing `` . `` Scammers use your information to steal your money , your identity , or both , '' it reads . `` They also use Attack.Phishing phishing emails to get access to your computer or network . `` If you click on a link , they can install ransomware or other programs that can lock you out of your data . ''

The IRS , state tax agencies and the nation ’ s tax industry urge people to be on the lookout for new , sophisticated email phishing scams Attack.Phishing that could endanger their personal information and next year ’ s tax refund . The most common way for cybercriminals to steal Attack.Databreach bank account information , passwords , credit cards or social security numbers is to simply ask for them . Every day , people fall victim to phishing scams Attack.Phishing that cost them their time and their money . Those emails urgently warning users to update their online financial accounts—they ’ re fake . That email directing users to download a document from a cloud-storage provider ? Fake . Those other emails suggesting the recipients have a $ 64 tax refund waiting at the IRS or that the IRS needs information about insurance policies—also fake . So are many new and evolving variations of these schemes . The Internal Revenue Service , state tax agencies and the tax community are marking National Tax Security Awareness Week with a series of reminders to taxpayers and tax professionals . Phishing attacks Attack.Phishing use email or malicious websites to solicit personal , tax or financial information by posing as Attack.Phishing a trustworthy organization . Often , recipients are fooled Attack.Phishing into believing the phishing Attack.Phishing communication is from someone they trust . A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade as Attack.Phishing a legitimate source , including presenting the look and feel of authentic communications , such as using an official logo . These targeted messages can trick Attack.Phishing even the most cautious person into taking action that may compromise sensitive data . The scams may contain emails with hyperlinks that take users to a fake site . Other versions contain PDF attachments that may download malware or viruses . Some phishing emails will appear to come from Attack.Phishing a business colleague , friend or relative . These emails might be an email account compromise . Criminals may have compromised Attack.Databreach your friend ’ s email account and begin using their email contacts to send Attack.Phishing phishing emails . Not all phishing attempts Attack.Phishing are emails , some are phone scams . One of the most common phone scams is the caller pretending to be Attack.Phishing from the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately , usually through a debit card . Phishing attacks Attack.Phishing , especially online phishing scams Attack.Phishing , are popular with criminals because there is no fool-proof technology to defend against them . Users are the main defense . When users see a phishing scam Attack.Phishing , they should ensure they don ’ t take the bait Attack.Phishing .

Last week , we reported about these alarming cryptocurrency scams spreading via Twitter . These were n't your garden-variety spam posts either , but rather , fraudsters were hacking into the verified accounts of celebrities and brands in an attempt to lure Attack.Phishing unsuspecting victims . But it looks like these crypto-scammers are moving on and are now targeting other social media platforms , as well . This time , they 're gaming Facebook 's official sponsored ad system to fool Attack.Phishing eager people who are looking to make a quick profit . Read on and see what this new scheme is all about . Cybercriminals are relentlessly coming up with new tactics all the time , and it 's always good to be aware of their latest schemes . This new ploy is a classic phishing scam Attack.Phishing that 's meant to steal your personal information like your name , email and credit card numbers . And similar to other elaborate phishing scams Attack.Phishing , these cybercriminals created Attack.Phishing a bunch of fake websites , news articles and ads for that purpose . The whole ploy starts with a fake Facebook sponsored ad promoting an easy `` wealth building '' scheme . Accompanying the post is an embedded report that appears to originate from the news site CNBC . If you take the bait Attack.Phishing and click through the ad , the ruse gets more obvious . First , the link 's web address does n't belong to any CNBC domain . However , the fraudsters mimicked Attack.Phishing the look and feel of the real CNBC site so there 's a chance an unsuspecting eye might get duped Attack.Phishing . But yes sir , the entire news article is completely fraudulent , the fakest of fake news . Basically , it states that Singapore has officially adopted a certain cryptocurrency and has anointed a firm , dubbed the CashlessPay Group , to market and purchase it . Nevermind that CashlessPay sounds just like another third-rate pyramid scheme , but let 's go along for the ride , shall we ? You probably know by now that there are tons of bogus information going on in Facebook at any given time . The social media giant is trying to clean up its act , though . If you can recall , Facebook banned blockchain and cryptocurrency ads earlier this year but softened its stance by allowing pre-approved cryptocurrency advertisers to post sponsored ads . ( Ca n't resist the revenue , eh ? ) But as always , scammers have found a way to exploit this loophole to spread their scams .

NETFLIX users are once again being warned not to fall Attack.Phishing for fake emails asking customers to update their payment details . The emails claim to be Attack.Phishing from the streaming service but are actually from scammers trying to steal your money . The convincing message reads : `` We 're having some trouble with your current billing information . `` We 'll try again , but in the meantime you may want to update your payment details . '' At the end of the email , there is a red button that tells you to `` Update Account now '' . But if you click on it and follow the link , you will be taken Attack.Phishing to a fake website that is actually run by scammers who may use the information you enter to hack your bank account . The Federal Trade Commission , a government agency in the US , has now issued an urgent warning about the Netflix `` phishing scam Attack.Phishing `` and urged consumers not `` take the bait Attack.Phishing `` . `` Scammers use your information to steal your money , your identity , or both , '' it explained . `` They also use Attack.Phishing phishing emails to get access to your computer or network . `` If you click on a link , they can install ransomware or other programs that can lock you out of your data . '' But it 's not the first time warnings have been issued over Netflix scams - in September this year Action Fraud did the same over a similar scam . And earlier in 2017 , Netflix users were also hit with a sophisticated ‘phishing’ scam Attack.Phishing inviting them to type in bank details on a fake login page .