Improving Cyber Security Notifications for Business

The US has over 27 million small businesses often unaware of specific cyber security issues present in their networks. Dissect Cyber prioritizes notifications to US businesses in the government contractor database, as well as businesses that provided goods and services to critical infrastructure. This research initiative is reducing losses from cybercrime by focusing on the best ways to alert businesses to specific threats in their network. The project is funded by DHS, Cyber Security Division, Science and Technology Directorate.

Official DHS.gov press release: “Snapshot: Dissect Cyber alerts small businesses targeted by cybercriminals”

Critical Infrastructure Industry Notifications

Choose from the menu below to see examples of the US businesses we have notified about a specific cyber security threat at their company. These companies have been identified as providing goods or services to one of the following DHS Critical Infrastructure categories:

Chemical Communications Critical Manufacturing Dams Emergency Services Energy: Oil and Gas Energy: Power Grid Energy: Solar Energy: Wind Nuclear Transportation: Aviation Transportation: Logistics Transportation: Ocean Freight Transportation: Passenger Transportation: Rail Freight Transportation: Trucking Transportation: Warehousing Water & Wastewater

Praise from Recipients of Dissect Cyber Calls

The head of one company refused Dissect Cyber’s notification, saying his IT department had the company covered. He called back within hours with effusive thanks, saying: “I stepped out into the hall and ran into my finance person, who was headed to the bank to get a certified check in response to the fraudulent email you told us was coming!”

I received a call from Lloyd yesterday about a spoofed site mimicking our main site. I do not know how you detected it so quickly but I truly appreciate the notification!

- Bryan M.

I received a phone message regarding a look-a-like domain. Took the appropriate measures with the registration organization. I had not known about your organization to provide warnings to small businesses. Great job!

- Pat

Received a call from your staff this morning about someone creating a similar domain name jernelectronics.com. We have since received an email from them, attempting to get information from us.

- Jon R.

We recently received a message from someone with your company, informing us of a newly registered domain designed for homoglyph phishing attempts. Thanks to this early notification, we were able to implement protective email filters which immediately caught fraudulent messages. We also contacted the DNS provider with this evidence and were able to have the domain quickly suspended. While we're a small enough company to hopefully spot phishing attempts, this warning also helped us protect our clients who may be less aware of safe practices. I just wanted to thank you for the work you're doing, and for taking the time to help those who may be impacted by what you uncover in the process. Keep up the great work! Eriks

- Erik S.

Someone from your office left a message for my boss, saying a domain name registered that was similar to our company. You mentioned we should be on the lookout for emails from [the look-a-like] domain name. 2 people in Accounting did receive emails from that domain name pretending to be our boss and asking us if we were in the office.

- Cara G.

Thank you. Just want to give you a success story. We received a voicemail Dec 7th from someone at say2us warning us that (look-a-like domain) had been registered and we would likely see some bad things soon. Sure enough, a C-level person received a request for a $26K wire transfer shortly after, from someone pretending to be the CEO. We went along for one reply, enough to get the amount and bank details, then we contacted the local FBI field office, filed an I3C report, and also submitted the info to Infraguard. I tried contacting the parties involved in hosting the domain, and Vistaprint terminated the account. This morning the domain was available and we snagged it.

- Chris T.