The most significant hazards to investors in 2022, according to NASAA (North American Securities Administrators Association), are cryptocurrency and digital asset-related frauds. Investors should be aware of the current cryptocurrency phishing scams getting more attention worldwide.
According to the FTC’s research, threat actors exploit popular social media platforms like Instagram and Facebook as a playground for pulling investment-related scams. Due to their popularity and excellent profits, crypto assets and stablecoins make appealing targets, making cryptocurrency one of the most vulnerable marketplaces for investors globally.
Phishing is the most frequently used break-in technique and an attack vector malicious actors have used for years. The latest report by the Microsoft 365 Defender Threat Intelligence Team warns of a new and powerful phishing campaign that targets employees’ bring-your-own-device(s) (BYODs). The attackers register their own devices in corporate networks and gradually make their way into internal and external corporate networks. In this phishing scam, the adversaries target the unmanaged devices within organizations to compromise networks and evade detection by taking advantage of the absence of security measures like multi-factor authentication (MFA) within organizations.
Entrepreneurs using Adobe Creative Cloud as a part of their organizational operations need to guard against a new cyberattack model employed by threat actors. Other loopholes call for more robust countermeasures even when deploying adequate phishing solutions. Malicious actors are leveraging the popular application, Adobe Creative Cloud, to dispatch malicious links to users that seem legitimate. Failure to have robust email phishing protection mechanisms in place would compromise your credentials.
There has been an unprecedented rise in gaming during the last few years, with smartphones making it more popular than ever. The gaming industry is valued at $165 billion, with current estimates of over 3.4 billion players worldwide. From a handful of game developers in the early years, the industry now has many options, ranging from individual contributors to substantial gaming providers, rolling out games by the dozen.
According to a recent Axios report, over 2 million monthly active users use G Suite products. In the 2017 Google I/O Conference, the organization mentioned that Google Drive alone has over 800 milliondaily users, and this figure is only increasing. If someone were to exploit a vulnerability in this famous collaborative work and educational platform, the consequences would affect millions. In a recent incident, cyber adversaries have targeted G Suite product users, exploiting a vulnerability in the ‘Comment’ option available in Google Docs, Google Sheets, and Google Slides. Here are the details about the breach and some recommendations on how to stop phishing emails. (more…)
Digitization has witnessed a sudden boom in online data storage, where not only work but entertainment, education, and communication have become dependent on the internet. Numerous survey scams are gaining popularity once again by promoting various products or free samples to users in return for their information. Scammers pretend to be some famous brand to steal the personal data of the victims using such scams. And everyone using the internet is not entirely accustomed to its usage, nor are they familiar with the features of such frauds.(more…)
QR (Quick Response) codes have become ubiquitous as smartphones have become more popular. Furthermore, due to the COVID-19 epidemic, most industries and sectors are getting digitized, with online payments becoming a significant part of this new ecosystem. However, malicious actors can use a counterfeit QR code, causing the link’s original destination to be diverted to a phishing website. QR code phishing identification levels are rising gradually in proportion to the research discovering online and email phishing. These new phishing attacks are called “Quishing” attacks. This article provides information on such QR code attacks, recognizing such frauds, and how to stop phishing emails.
According to a survey conducted by F5 Labs in 2020, phishing scams have increased by 220% since the onset of the Covid-19 pandemic. A recent example was a COVID-19 health survey conducted among the staff members of the UBC (University of British Columbia), which later turned out to be fake and was instead a ransomware delivery campaign. Examples like these show how malicious actors have used the COVID-19 pandemic to target everyone, from individuals merely browsing the internet for leisure to employees who deal with confidential organizational information. The CSA reported a sharp rise in ransomware, phishing, and cybercrimes in 2020 after the onset of the pandemic.
As the world transforms into a more digitally connected environment, the risks have also amplified manifold. New York-based domain and web hosting service provider GoDaddy discovered an enormous security breach on November 17 this year, which affected almost 1.2 million accounts. The incident occurred when the attacker accessed the GoDaddy network through a compromised password on September 6, 2021. The incident filed with the Security and Exchange Commission (SEC) states that the organization had observed and identified “suspicious activity” in the hosting environment that managed WordPress. The IT Security team undertook immediate action, but the malicious actor had at their disposal almost two months to establish a rigid presence by that time. GoDaddy stated that anybody using WordPress currently should assume as compromised if not proved otherwise.
Phishing has long been one of the most common types of cybersecurity threats for enterprises. Even though most enterprises operating in the digital mode deploy anti-phishing tools, threat actors have developed a new invasive method of attack, called HTML smuggling. Regardless of the size and industry of your enterprise, it makes sense to draw a line of defense against phishing emails. HTML smuggling serves as an attack mechanism that provides a channel to gain initial access to the system. Subsequently, the attackers can deploy other attacks, such as banking malware, ransomware payloads, and remote administration Trojans.
Google influences many of our buying decisions each day, having an estimated 85-90% of the search engine market share worldwide. Fraudsters find the online advertising world attractive because it involves massive sums of money. Besides, the transactions are impersonal with a complex and opaque supply chain mechanism that add to the anonymity factor. A mighty challenge associated with online ad frauds is that no one knows the magnitude of the scam unless it hits them. Google Ads Impersonation Scams that start with a simple phishing email have become one of the biggest challenges for organizations, advertisers, and publishers.
Tech support teams assist users in overcoming various technical challenges they might be facing while operating a computer or a laptop. Many organizations have dedicated technical support teams to mitigate such eventualities, while many outsource to specialized service providers. Malicious actors often disguise themselves as online technical helping hands and illegally access confidential information, taking advantage of this vulnerability. They may also urge individuals to spend a considerable amount of money by fear-mongering. Victims are often unaware of the technicalities concerning their systems and fall for this trap. Therefore, it is imperative to approach only the genuine technical support teams for any action that might be needed to overcome technical faults and issues.
During the past year, users have come across several attacks that leveraged the technique of Excel 4.0 Macros, also known as XLM macros, through phishing emails to infect the users’ systems with malware. It is essential to get acquainted with this excel file weaponizing technique to keep your critical data from falling into the hands of cyber adversaries.
Smishing, a relatively new form of cyberattack, is threatening millions of small businesses and consumers worldwide. Smishing is a phishing attack that uses text messages instead of emails to entice the recipients to click on phony links. The links draw them to websites which either download malware or exchange personal information.
The Internationalized Domain Name (IDN) consists of a combined Unicode character set with similar Latin and Cyrillic alphabets, making the domain look identical to the Daily ASCII domain. Unicode domain names could be problematic from a security point of view, as many Unicode characters are hard to distinguish from regular ASCII characters. Phishing attacks with Internationalized Domain Names (IDNs) using Unicode characters and non-Latin character sets such as Cyrillic and Greek look like typical Latin characters.
Phishing is one of the oldest forms of social engineering, which malicious actors use to extract critical information from users. And online payments have their share of phishing threats to handle. While many businesses move to the virtual world to reach more customers and make transactions smoother, malicious actors find a massive opportunity in it to exploit associated data. As organizations use more sophisticated anti-phishing solutions, threat actors also develop bolder methods to take advantage of the payment systems.
With advancements in technology, crimes like cyber theft, phishing, and scamming have increased over the years. American citizens lost over US$50 million due to phishing attacks in 2020, and for businesses, the figure is in billions.
Spear-phishing is one of the most perilous cyber-attacks methods that many organizations face in today’s world. Although phishing awareness at large has increased, spear-phishing victims often don’t realize that they have been targeted till they notice some unusual activity in their bank accounts or anywhere else. Spear phishing is not a stagnant form of a cyber-attack; it keeps evolving from time to time. Hence, it is inevitable that one is aware of the latest trends of spear phishing and how to manage the menace.
According to a recent report, 85% of all organizations have been targets of phishing attacks. Like other phishing attacks, adversaries also use mobile phishing to trick users into sharing personal or critical organizational information. It is gradually becoming the most preferred mode of phishing by threat actors as there has been a significant increase in the use of mobile devices over the years.
Social engineering is the technique of employing psychological methods and communication skills, generally by competitors and adversaries, to gather information about their competition or potential targets. However, with the advent of technology, sophistication has increased too. Modern-day phishing exercises are elaborate and require a concerted effort by security teams to create a firewall against them. Falling into phishing traps often leads the organization to catastrophic consequences. These activities are generally directed towards disrupting the network by planting malware or stealing information for future misuse.
Domain squatting, also known as cybersquatting, can be understood as an intentional act of registering a domain in the name of an already existing organization that has a registered trademark but does not have a website in its name. The primary objective of doing so is to park the domain name of a reputable business with no website. When the business entity wants to use the domain name for its website in the future, the cybersquatters make a profit by selling the domain name to the organization. Some phishers also use similar-looking domain names to send phishing emails for fraudulently obtaining sensitive information about the user or organization. Therefore, it is helpful to learn how domain squatting and phishing works, their different types, and protective measures.