Phishing


Closing on a Home Loan? You’re a Prime Target for Getting Phished

Closing on a Home Loan? You’re a Prime Target for Getting Phished

At the end of the day, most phishing emails are based on the same thing: a plausible financial transaction. An email shows up, it involves a financial transaction you’re been expecting, you don’t give it another thought, you get phished.

The latest phishing scam is an email targeting homeowners seeking to secure a loan to purchase their home. According to Komo News, “It’s from someone using the name Larry Conrad with First American Title in Phoenix, Arizona. The greeting doesn’t address you by name but only says Hello—that’s your first clue. It says the loan has been cleared to close and the preliminary closing documents are attached.”

Continue reading “Closing on a Home Loan? You’re a Prime Target for Getting Phished” »

The Multiplying Effect of Vendor Email Compromise

The Multiplying Effect of Vendor Email Compromise

By now, most people know about the potential threat from business email compromise or BEC. With BEC, someone in a company gets their email taken over by a hacker and the hacker uses the trust implied in that email to exploit others in the company.

Formerly dubbed as Man-in-the-Email scams, BEC attackers rely heavily on social engineering tactics to trick unsuspecting employees and executives. Often, they impersonate the CEO or any executive authorized to do wire transfers.” As bad as BEC is, at least it threatens just a single company—the one with the compromised email.

Continue reading “The Multiplying Effect of Vendor Email Compromise” »

Phishers Sure are Cold-hearted

Phishers Sure are Cold-hearted

When you tell me that phishers go after large enterprises, I get it. There’s a lot of valuable data there. When you tell that they go after banks, cause that’s where the money is, I understand. But, when you tell me they’re going after relief agencies, I call them cold-hearted.

That’s the news making headlines from researchers at Lookout Security. According to a blog post there, they have “detected a mobile-aware phishing campaign targeting non-governmental organizations around the world, including a variety of United Nations humanitarian organizations, such as UNICEF.”

Continue reading “Phishers Sure are Cold-hearted” »

Ransomware Statistics Present A Grim Scenario About The Vulnerabilities Of The Users

Ransomware Statistics Present A Grim Scenario About The Vulnerabilities Of The Users

Given the proliferation of the internet and e-mails as the preferred means of communication, ransomware attacks are on an upward spree. Malware attacks 2017 show that nearly 40% of all e-mail spam contains ransomware. It brings forth the question, what exactly is ransomware?

It is a malware attack that cripples the victim’s files with unbreakable encryption. The cyber attacker then demands money, usually in the form of cryptocurrency (such as Bitcoins) to unlock the data. Hackers can spread ransomware through malicious e-mail attachments, infected external storage devices, infected software apps, and compromised websites. Some attacks also use remote desktop protocol and other approaches which do not rely on any user interaction.

Continue reading “Ransomware Statistics Present A Grim Scenario About The Vulnerabilities Of The Users” »

Time for Your Yearly Performance Appraisal? Maybe not!

Time for Your Yearly Performance Appraisal? Maybe not!

If you work at an organization, there’s a pretty good chance you’re in for a yearly performance appraisal. And if you are, it’s likely that someone from human resources will send you an email around that time reminding you of that. But beware, that email may not be what you think it is.

There’s a new corporate phishing attack going on that involves hackers sending unsuspecting employees an email notifying them of their upcoming performance appraisal. The hacker’s use of social engineering in this attack is very clever because they convince the victims that the appraisal is mandatory and that they might get a pay raise. So, pretty much everyone who receives it will respond to it.

Continue reading “Time for Your Yearly Performance Appraisal? Maybe not!” »

Hackers Show Once Again They Care About More Than Just Money

Hackers Show Once Again They Care About More Than Just Money

When you think of phishing, you probably think of ransomware (which you should). And when you think of ransomware, you probably think about money (which you should). The money the hackers are trying to get as a ransom.

There’s no doubt that most phishing attacks, either directly or indirectly, are about money. But not all. According to an article on KnowBe4, “Universities worldwide are the target of phishing attacks by a hacking group aimed at stealing research and intellectual property.

Continue reading “Hackers Show Once Again They Care About More Than Just Money” »

Why the New Instagram Anti-Phishing Tool Won’t Work

Why the New Instagram Anti-Phishing Tool Won’t Work

As previously discussed on this blog, Instagram is now more popular than Facebook when it comes to phishing attacks. As the article detailed, Instagram is popular as a target for phishing attacks because Instagram phishing attacks can so easily go viral, given that every victim can quickly lead to hundreds of more emails to trusted relationships.

Well, the folks at Facebook, the company that owns Instagram, heard the cries for help and decided to do something about it. To that end they are rolling out a new tool to protect Instagram users from phishing attacks. There’s just one problem: it won’t work.

Continue reading “Why the New Instagram Anti-Phishing Tool Won’t Work” »

You’ll Never Guess Who’s Behind the Latest Phishing Attacks

You’ll Never Guess Who’s Behind the Latest Phishing Attacks

Would you believe North Korea, Nigeria and Egypt?

You might think that phishing emails from these “third world” countries would be unsophisticated and easy to detect. You’d be wrong.

First North Korea. According to the Digital Journal, “Several U.S. businesses have been targeted by a campaign seemingly to originate from North Korea and using the tactic of spear-phishing. The cyber-assault is sophisticated, using legitimate documents as the targets.”

Continue reading “You’ll Never Guess Who’s Behind the Latest Phishing Attacks” »

Hackers Find One More Way to Use Google to Scam You

Hackers Find One More Way to Use Google to Scam You

At this point, mentioning a new Google attack vector is almost not news anymore, given how many times the company’s services have been exploited. It’s to be expected though. Google makes most of its service available free of charge, which means not only do you have free access to it, so do hackers. And given these services’ widespread adoption, it’s not surprising that Google is a frequent target.

Continue reading “Hackers Find One More Way to Use Google to Scam You” »

Microsoft and Google Team up to Phish You

Microsoft and Google Team up to Phish You

When hackers go after you with phishing emails, you’ll never guess which brand they impersonate the most. Microsoft. “Given the ubiquity of Windows and Office, as well as other services including the Outlook.com webmail service and Xbox Live, Microsoft’s position at the top of the list should come as no surprise.”

You’ll never guess which popular Calendar app was used to phish Gmail users earlier this year. Google Calendar. For a long time now, Google Calendar has had a major flaw. If someone sends an event request to your Gmail account, it automatically assumes you want to go and adds it to your calendar. It does so even if the event request is an attempt to phish you.

Continue reading “Microsoft and Google Team up to Phish You” »

New Phishing Exploit Leaves Android Phones Vulnerable

New Phishing Exploit Leaves Android Phones Vulnerable

Got an Android Phone? You’re going to love this. Attackers can now take control of your phone over-the-air.

From Check Point Research, “Check Point Researchers have identified a susceptibility to advanced phishing attacks in certain modern Android-based phones, including models by Samsung, Huawei, LG and Sony. In these attacks, a remote agent can trick users into accepting new phone settings that, for example, route all their Internet traffic through a proxy controlled by the attacker. This attack vector relies on a process called over-the-air (OTA) provisioning, which is normally used by cellular network operators to deploy network-specific settings to a new phone joining their network. However, as we show, anyone can send OTA provisioning messages.”

Continue reading “New Phishing Exploit Leaves Android Phones Vulnerable” »

Phishing Attacks Now Coming in Stages

Phishing Attacks Now Coming in Stages

It never ceases to amaze how clever hackers are or how far they’ll go to phish someone. Whenever they find a flaw in their attack methodology, eventually, they figure out a way to overcome it.

Normally, a phishing attack will try and lure victims to a website to steal their credentials. The phishing website is typically a single, static webpage. In other words, everyone who ends up on that page sees the same page. The problem for hackers is that once this one webpage is identified as a phishing page, word gets out and that site gets blocked by anti-phishing technology pretty quickly.

Continue reading “Phishing Attacks Now Coming in Stages” »

Threats From Obsolete Phishing Protection: Are You Safe?

Threats From Obsolete Phishing Protection: Are You Safe?

The rate of cybercrimes has risen drastically across the globe in recent times. The advanced technology, the sophistication of attack methods used, and seemingly legitimate appearance of today’s phishing emails are a testimony of the strides of advancement that the phishers and cybercriminals have made in the past decade.

However, the advice for securing ourselves from phishing emails seems to have remained stagnant since the 2000s. One would always hear the same old song playing on when the topic at hand is that of phishing protection or ensuring cybersecurity in general. We need to defend ourselves from cyber threats by gathering information and resources that match the level of advancement of our adversaries. Merely following some age-old tips without cross-checking their effectiveness in the present scenario makes us more vulnerable than stronger to face the multitude of phishing attacks that hackers launch each day.

Continue reading “Threats From Obsolete Phishing Protection: Are You Safe?” »

White House – The Most Secure Place In The World Targeted By Cyber Criminals Through Spear Phishing Attacks

White House – The Most Secure Place In The World Targeted By Cyber Criminals Through Spear Phishing Attacks

It was not long ago the white house was in the news when US intelligence agencies concluded Russia tried to sway the US presidential election in favor of Donald Trump alleging that the Russian hackers stole the information of rival Hillary Clinton’s campaign. The White House is said to be one of the most secured and safe-guarded buildings in the world. But when it comes to cybersecurity, no one is spared. Yes, even top-ranked White House officials including the Homeland security Advisor and other White House officials were spoofed by cyber-criminals.

Continue reading “White House – The Most Secure Place In The World Targeted By Cyber Criminals Through Spear Phishing Attacks” »

Phishing Prevention: Email Providers Aren’t Helping Any

Phishing Prevention: Email Providers Aren’t Helping Any

How many employees have to get phished before they take action? How much ransomware has to be paid before they take action? How many personal records have to be stolen before they take action? What will it take for email security service providers to install phishing protection technology and protect their customers? Apparently they haven’t hit the limit yet because the one thing we know for sure is that they aren’t doing a very good job of it.

Continue reading “Phishing Prevention: Email Providers Aren’t Helping Any” »

The Homograph Phishing Attack: The Antidote to Awareness Training

The Homograph Phishing Attack: The Antidote to Awareness Training

If you’ve ever taken phishing awareness training, you’ve most likely been taught to identify domain name spoofing. Domain name spoofing is a phishing tactic where an attacker sends you an email from one domain, the attacker’s domain, that looks almost identical to another domain, a domain you trust.

The idea is that if the recipient of the email looks at the email address quickly, they may not notice the slight difference. Here’s an example of an email from a lady named Beth at Google: beth@gooogle.com. Or is it? No, it’s a domain name spoof spelling Google with three Os.

Continue reading “The Homograph Phishing Attack: The Antidote to Awareness Training” »

One Phishing Filter is Not Enough Which is Why You Need Six

One Phishing Filter is Not Enough Which is Why You Need Six

A recent article on the Help Net Security website discussed the results of research into the effectiveness of phishing filters. Phishing filters are used in email security to scan emails for malicious links or attachments.

Phishing filter technology is becoming widely adopted and it’s generally thought to be pretty effective at preventing phishing attacks. That’s not what the research found.

Continue reading “One Phishing Filter is Not Enough Which is Why You Need Six” »

13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization

13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization

Spear Phishing is a type of phishing attack which generally targets “Whales” or “high-level organizational actors” such as C-suite executives (e.g., CEO, CFO, CIO, etc.) or upper management to steal financial and sensitive or confidential information from unsuspecting top-level management. Spear phishing data breaches account for more than half of the phishing scams worldwide, which occur every year. Verizon reports elucidate that a high proportion of these data breaches begin with a directed phishing campaign targeted against an enterprise. Although corporations deploy sophisticated phishing prevention software to safeguard their data, they remain vulnerable because of human error, which allows adversaries to bypass such security measures, including anti-phishing solutions.

Continue reading “13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization” »

Get Free Access to Phishing Protection Best Practices

  • Learn why hosted solutions like Office 365 are vulnerable to phishing.
  • Discover why you must protect both your employees AND your customers.
  • Read why checking reputation databases once a day is a waste of time.
  • Learn what real-time website scanning should look for.
  • Get strategies for saving time and money on email protection.

Sign Up Below... and Get Instant Access to the Report