What is smishing? How phishing via text message works
Smishing definition Smishing is a cyberattack that uses misleading text messages to deceive victims. The goal is to trick you into believing that a message has arrived from a trusted person or organization, and then convincing you to take action that gives the attacker exploitable information (like bank account login credentials, for example) or access…
SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT
Between late March and mid-April 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a phishing campaign targeting small businesses that appears to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which contain subjects and attachments related to the need for small businesses to apply for disaster relief loans or provide…
5 steps to create a security incident response plan
The only thing worse than getting hit with a cyberattack is getting hit with a cyberattack and not having a strong security incident response plan in place. Sophisticated Advanced Persistent Threat (APT) attacks are typically aimed at high-value targets like credit card companies, banks, retailers, healthcare facilities and hotel chains that store large volumes of…
Apple Is Top Pick for Brand Phishing Attempts
Apple was the brand most commonly used in spoofing attacks during the first quarter of 2020, when 10% of all brand phishing attempts related to the tech giant, researchers report. Check Point’s “Brand Phishing Report” for the first quarter of 2020 highlights the brands that cybercriminals most frequently imitate to steal personal and financial data….
Beware of fake COVID-19-themed emails from President Trump
As US citizens wait for President Trump’s final decision about whether quarantine will be over by Easter, malware peddlers have already “decided”: quarantine will be prolonged until August 2020. Phishing emails point to malware Researchers with anti-phishing startup Inky have spotted two phishing emails purportedly coming from the White House, “signed” by President Trump. Both…
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
Cybercriminals are increasingly relying on SSL certificates to lull people into a false sense of security when clicking malicious links. The assumption that HTTPS links and the accompanying lock icon protect employees from attack can threaten businesses without sufficient SSL inspection. Nearly 52% of the top 1 million websites were available over HTTPS in 2019,…
Phishers Try ‘Text Direction Deception’ Technique to Bypass Email Filters
Scammers can be pretty innovative when it comes to finding new ways to sneak phishing messages past secure email gateways and other filtering mechanisms. One example is “text direction deception,” a tactic where an attacker forces an HTML rendering engine to correctly display text that has been deliberately entered backward in the code — for…
Cyber crooks continue to exploit COVID-19 for their malicious schemes
A time of chaos is a time for opportunity for unscrupulous individuals and groups, and COVID-19 is seemingly an unmissable boon for cyber crooks. We’ve already covered a variety of COVID-19-themed scams, phishing attempts, hoaxes and malware delivery campaigns, but new and inventive approaches are popping up daily. The latest schemes and scams that exploit…
6 security metrics that matter – and 4 that don’t
One of the most challenging executive tasks for CISOs is quantifying the success and the value of the cybersecurity function. Indeed, security leaders and their organizations have used a myriad of metrics over the years. Yet, many executives and board members have complained that those measures failed to provide them with adequate insight or understanding…
Corporate cybersecurity concerns and spend continue to rise, but so do breaches
More than 50 percent of security and IT leaders agree that they are very concerned about the security of corporate endpoints given the prevalence of sophisticated attack vectors like ransomware, disruptionware, phishing and more, according to a survey from RSA Conference 2020 by Absolute. Cybersecurity spending on the rise According to recent industry reports, 2019…