Monthly Archives: December 2015

Business Email Compromise

Last week or so, I read the Symantec Security Response blog, talking about Business Email Compromise. Short version it talks about campaigns targeting C-level employees to try and do wire transfers. There were 2 type, one is the CEO emailing another C-level because he’s stuck in meetings and needs a wire transfer. The other version is an acquisition email, that hasn’t been announced yet.

The blog linked above has screen shot examples.

At my day job, I do occasionally work on Phishing emails. While the Symantec article was good, it is missing that the example emails are no longer going to the C-levels. While I haven’t seen the acquisition email yet, I have seen lots of the person in the meeting email going around.

It isn’t just at the C-levels. I’m seeing emails claiming to be from VPs and Directors, to underlings using the same comment about being tied up in meetings and needing the wire transfer done. Where I work the C-levels are good at catching them and reporting to them. The lower levels however have been fruitful targets.  Not realizing it is a phishing attempt and trying to comply.

We need to warn the lower level people in positions to send money.

pulled in many directions

So my current reading list had changed 3 times in the last 3 weeks or so since the Fall class ended. I had started with:

Then it was going to be some Social Media Intelligence books:

Now it’s Counterhack Reloaded, which I’m using as my only study materials before the GCIH exam in a couple of months.

Can someone tell me again, why I try to make plans since I always seem to get pulled in many directions at once and not study what I want?


So I completed the first class in University of Maryland University Center’s Cybersecurity program. The class was CSEC610 “Cyberspace and Cybersecurity”. I was extremely disappointed with the class. Full disclosure, I got an A in it. If you’ve followed my academic career, you’ll know I’m used to that grade.

The class felt more like a community college weeder class, if community colleges had those. The content covered in the class was the same I did in a Computer Information Systems program in the late 90s, at a community college before Infosec was a thing.

If you have experience in Infosec, this class will most likely be a waste of time, since it’s an overview class.

Continue reading