Today’s phish-of-the-week is nothing special, but there are two lessons to learn. At first glance, it’s a very plain and straightforward phishing email (Figure 1) attempting to steal user credentials by portraying itself as a closing document. Nothing out of the ordinary, yet it came with a lot of other emails and with perfect timing …Read more
One email, four different attack vectors. I’ve covered the different elements in the past, but it was interesting to see multiple techniques combined. The email (1) immediately meets the definition of spam/phish: obscure sender, no recipient, no greeting and a real estate-relevant attachment name. The first red flag is the attachment extension. Html is a …Read more
Here’s on old trick with a new twist. We’ve talked about how cybercriminals are abusing encrypted email communications. They’ve been adding headers and footers that include “encrypted email” to try and convince you that the message is trustworthy. Most of them include a (malicious) link within the instructions. Recently, for the first time, we saw …Read more
Cybercriminals follow our every move. With every countermeasure we put in place, they create a workaround shortly thereafter. This week I picked an interesting email to demo. At first glance, nothing is out of the ordinary in this email. It meets all the qualifications of a typical spam or phishing email: unrecognized sender, no recipient …Read more
Apple released iOS 13 for iPhone Thursday, September 27. Here are a few highlights you were waiting for. Better performance Dark mode – This is an alternative color scheme designed to reduce eye strain. It can be triggered manually or be set up to adjust on a schedule (dusk-to-dawn, for example). Many app developers have …Read more
CD. Two simple letters define the phishing flavor of the week. Specifically, we’re talking about subject lines that contain CD. We continue to see more and more targeted (spear) phishing attacks that combine resonating subject lines with names of banks, lenders, title companies and other recognizable partners. Of the 58 reports of emails with CD …Read more
This week’s example of a phishing email is nothing out of the ordinary. It’s another easy-to-spot, poorly written email used to phish for personal information. Most of you who received it either discarded or reported it already. Still, the sender email caught my attention and I thought it was a good time to explain how …Read more
In previous posts, we’ve talked about free email platforms (Gmail, Outlook), multi-factor authentication, spoofed sender email addresses and malicious websites that steal credentials. Those are all important, but it’s time to add to your phishing tool belt. The phish we received this week (1) is as authentic as it gets. It came from joann@jardinjewelry.com, who …Read more
Today I want to talk about a “gift” that keeps on giving. Your favorite Security team discovered a new attack vector that we haven’t seen before. Let’s call it “a blast from the past.” In this particular example, the story begins in our Hempstead, TX office at the end of December 2018. Nothing out of …Read more
How often do you reconcile your checkbook? Studies show that most of us don’t check our bank account often enough and that there is a significant part of the population who still use checks to pay bills. Yet, we still don’t realize the amount of effort it takes to deal with a compromised bank account. …Read more