Massive malicious email campaign spoofs Google Docs to hijack Gmail accounts

A massive email phishing campaign started Wednesday afternoon.  The email attacks target Google accounts but have spread to other email accounts as people have been tricked into clicking on the link in the email and have unwittingly supplied their Google account access credentials and access to their contacts.

The reports of the malicious emails are coming from people across a range of industries. The emails contain what looks like a link to a Google Docs and appears to come from someone you know. These emails, however, are malicious and are designed to trick the recipient in a way that allows the cybercriminal to hijack email accounts or infect the user’s computer.

If you receive an email with a link to Google Docs, BEWARE!  These emails are designed to look like they come from a trusted or known source.  Do not click on any links in emails that you were not expecting.

A screen shot of one of the Google Docs phishing emails is shown below. If you receive one of these emails, delete it ASAP.  If you use Gmail or Google Inbox, consider activating the 2-factor authentication feature to secure your account.

Several major news organizations and cable networks are reporting on this story.  For the most up-to-date news on this developing story, use your favorite internet search engine to search for “google phishing email scam”.

A sample Google Docs phishing email.  The form and style of the email may vary from this sample.Sample Google Docs Phishing Email

To read Google’s Gmail Help on phishing emails, use your preferred internet search engine and search for: “Google Help and how to avoid and report phishing emails”.

If you are attacked by malware or a phishing email that compromises your organization’s privacy and security, Wyatt’s experienced Data Security Incident Response Team is ready to help.

Can blockchain technology solve healthcare IT security and interoperability challenges?

On March 20-21, 2017, multiple healthcare technology companies came together in Washington, D.C. to host The Healthcare Blockchain Summit.  Blockchain, the technology that underpins bitcoin technology, keeps data secure in a “distributed, encrypted ledger” while allowing control over who can access that ledger.  This is the hottest technology being discussed today as a way to secure confidential or sensitive data.

The on-line technology publication, Wired, describes blockchain’s security method in a February 1, 2017 article as follows: “Rather than having one central administrator that acts as a gatekeeper to data—a list of digital transactions—there’s one shared ledger, but it’s spread across a Continue reading

Tennessee’s Data Breach Law Drawing National Attention

flash driveBy Kathie McDonald-McClure

We recently posted an article about Tennessee’s amendment to its data breach notification law.  This amendment has drawn much attention among cyber security professionals and corporate general counsel across the country.  As Jennifer Williams-Alvarez reported in her article for Corporate Counsel magazine, cyber security was a plenary session topic at the 2016 Association of Corporate Counsel (ACC) Mid-Year Meeting in New York City this week.  See “At ACC Event, Experts Say Data Breaches Are Inevitable. So Now What?”, Corporate Counsel (April 14, 2016)(Read more: here).  In fact, an ACC Foundation report on the “State of Cybersecurity”, released in December 2015, said one-third of in-house counsel reported that their companies experienced a data breach and more than one-half reported increased spending in cybersecurity.

Matt San Roman and I spoke with Ms. Williams-Alvarez this morning.  She is working on a follow-up article regarding the amendments (HB2005 and SA0618) to the Tennessee data breach law.  When the article is published, we will provide a link here for those of you who are not currently Corporate Counsel subscribers.  Stay tuned . . .

Tennessee Amends Data Breach Notification Law – Removes Encryption Exemption (or does it?)

By Kathie McDonald-McClure and Matt San Roman

data-breaches-notification

On March 24, 2016, Tennessee Governor Bill Haslam signed into law SB2005 as amended by SA0618, revising the Tennessee Identity Theft Deterrence Act of 1999, currently codified at T. C. A. § 47-18-2101, et seq.  Under the revised law, organizations subject to the law that experience a data breach will be required to notify affected individuals in Tennessee “immediately” and no later than 45 days from the discovery or notification of a security breach of computerized personal information, unless a law enforcement investigation related to the breach requires a delay in notification. While most similar state laws refrain from mandating a definite period within which to provide notification to affected individuals or state agencies, Tennessee, effective July 1, 2016, will join seven other states in requiring notification within a specific time.

Perhaps more notably with this amendment, Tennessee “may” be the first state in the United States to remove the encryption safe harbor.* The 46 other state data breach notification laws require notification to affected individuals if Continue reading