Phishing emails meant to steal email credentials continues to get through our mailboxes. In our industry, anything to do with closing files gets the easy catch – familiar words used in subject lines, body copy, and attachments. Hackers know and use our timing to their advantage; they know the ends of the week and month …Read more
Hackers – they’re both smart and sloppy at the same time. Previously we’ve talked about cybercriminals using tool kits and automated scripts to streamline their operations. This week, your favorite security team found another method being used: Steganography. Steganography is the practice of concealing a file, message, image or video within another file, message, image …Read more
If you haven’t heard about “Zoom bombing” yet, you’re probably not using Zoom conferencing. Here’s what you need to know. The usage of Zoom video conferencing exploded when more people started working remotely due to the outbreak of COVID-19 (Coronavirus). Because of Zoom’s limited free licensing, the platform has become popular among companies for video …Read more
If you haven’t fallen for the $5,000 COVID-19 vaccine, $400 COVID-19 self-testing test kit or the $150 bottle of Lysol scams, then congratulations, you’ve stood your ground. But now is not the time to let your guard down – new tricks are coming to defraud you. On March 27, the president signed a bill to …Read more
In the past, I’ve revealed that one evasion technique cybercriminals use to avoid being blocked by email security technologies, is using legitimate (Microsoft) websites. This week Threatpost.com shared this new interesting twist: attackers are using YouTube and redirect features to get you to click on malicious links. Redirector URLs are commonly used by legitimate organizations …Read more
Criminals are no different from the rest of us, at least when it comes to what’s top of mind. They’re thinking about whatever’s in the news. For the last few months, that’s been Coronavirus. Hackers always play on the victim’s curiosity, fear or anxiety, and COVID-19, by nature, checks all those boxes. Communities around the …Read more
Today’s phish-of-the-week is nothing special, but there are two lessons to learn. At first glance, it’s a very plain and straightforward phishing email (Figure 1) attempting to steal user credentials by portraying itself as a closing document. Nothing out of the ordinary, yet it came with a lot of other emails and with perfect timing …Read more
One email, four different attack vectors. I’ve covered the different elements in the past, but it was interesting to see multiple techniques combined. The email (1) immediately meets the definition of spam/phish: obscure sender, no recipient, no greeting and a real estate-relevant attachment name. The first red flag is the attachment extension. Html is a …Read more
Here’s on old trick with a new twist. We’ve talked about how cybercriminals are abusing encrypted email communications. They’ve been adding headers and footers that include “encrypted email” to try and convince you that the message is trustworthy. Most of them include a (malicious) link within the instructions. Recently, for the first time, we saw …Read more
Cybercriminals follow our every move. With every countermeasure we put in place, they create a workaround shortly thereafter. This week I picked an interesting email to demo. At first glance, nothing is out of the ordinary in this email. It meets all the qualifications of a typical spam or phishing email: unrecognized sender, no recipient …Read more