Image overlay is when a hacker creates a blurred image of a document that resembles a form you would recognize and overlays it with a login prompt. The image is designed to pique your interest or create a sense of importance or value. The concept of image overlay isn’t new, but today it has a …Read more
While cloud services like OneDrive, Box and Dropbox give us endless possibilities to share files, we sometimes still find ourselves sending and receiving ZIP attachments when multiple files are involved. ZIP files would be okay except sometimes they can be dangerous. You may be thinking, “What about password-protected ZIP files?” Well, cybercriminals most commonly send …Read more
Phishing emails meant to steal email credentials continues to get through our mailboxes. In our industry, anything to do with closing files gets the easy catch – familiar words used in subject lines, body copy, and attachments. Hackers know and use our timing to their advantage; they know the ends of the week and month …Read more
Hackers – they’re both smart and sloppy at the same time. Previously we’ve talked about cybercriminals using tool kits and automated scripts to streamline their operations. This week, your favorite security team found another method being used: Steganography. Steganography is the practice of concealing a file, message, image or video within another file, message, image …Read more
If you haven’t heard about “Zoom bombing” yet, you’re probably not using Zoom conferencing. Here’s what you need to know. The usage of Zoom video conferencing exploded when more people started working remotely due to the outbreak of COVID-19 (Coronavirus). Because of Zoom’s limited free licensing, the platform has become popular among companies for video …Read more
If you haven’t fallen for the $5,000 COVID-19 vaccine, $400 COVID-19 self-testing test kit or the $150 bottle of Lysol scams, then congratulations, you’ve stood your ground. But now is not the time to let your guard down – new tricks are coming to defraud you. On March 27, the president signed a bill to …Read more
In the past, I’ve revealed that one evasion technique cybercriminals use to avoid being blocked by email security technologies, is using legitimate (Microsoft) websites. This week Threatpost.com shared this new interesting twist: attackers are using YouTube and redirect features to get you to click on malicious links. Redirector URLs are commonly used by legitimate organizations …Read more
Criminals are no different from the rest of us, at least when it comes to what’s top of mind. They’re thinking about whatever’s in the news. For the last few months, that’s been Coronavirus. Hackers always play on the victim’s curiosity, fear or anxiety, and COVID-19, by nature, checks all those boxes. Communities around the …Read more
Today’s phish-of-the-week is nothing special, but there are two lessons to learn. At first glance, it’s a very plain and straightforward phishing email (Figure 1) attempting to steal user credentials by portraying itself as a closing document. Nothing out of the ordinary, yet it came with a lot of other emails and with perfect timing …Read more
One email, four different attack vectors. I’ve covered the different elements in the past, but it was interesting to see multiple techniques combined. The email (1) immediately meets the definition of spam/phish: obscure sender, no recipient, no greeting and a real estate-relevant attachment name. The first red flag is the attachment extension. Html is a …Read more