While customer data breaches are garnering a lot of media attention, a subtler but equally problematic cybercrime is slowly on the rise — domain spoofing.

In this context, cybercriminals register domain names that are virtually identical to an entity’s legitimate domain name and/or brand, often with subtle misspellings or the addition of business designations or generic words describing the entity’s business. The false domain names are so similar to a company’s actual domain and/or brand that they appear legitimate.

The cybercriminals then use the deceptively similar domain name to create email addresses and send emails impersonating a company or its employees, sometimes using the names of the entity’s actual employees — a tactic commonly called “email spoofing.” Those emails typically contain malware in links or attachments, which are triggered by clicking the link or opening the attachment. Other email spoofing schemes attempt to trick recipients into providing login credentials, providing payment card information, or routing wire transfers to the cybercriminal’s bank account.


Continue Reading

Recent developments in privacy law and a rise in class action lawsuits related to data collection offer a cautionary tale about understanding legal and ethical boundaries of monitoring “on-the-clock” employee conduct. With a hodgepodge of federal, state, and local legislation governing employee privacy rights, employers are often left to navigate a complicated legal landscape while balancing the practical need to understand how employees are using company information and equipment.  Employers, for example, have a legitimate interest in protecting company trade secrets, detecting unlawful transmission of unlicensed material, and improving work productivity.  Employees, on the other hand, may have a reasonable expectation of privacy in certain contexts while at work.

This quandary begs the question, where do employers draw the line?
Continue Reading

Since our launch in 2013, Password Protected has made every attempt to provide in-depth relevant data privacy and cybersecurity legal analysis. In our continued effort to provide accessible and useful information, we have modernized our blog to provide readers with a better experience. We have re-formatted with the user in mind, to provide easily digestible