46,000 new phishing sites are created every day
An average of 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data collected by Webroot shows today’s phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are…
Equifax Sent Breach Victims to Fake Website
Equifax has made another blunder following the massive data breach suffered by the company – it advised some customers on Twitter to access a fake support website set up by a security researcher. Equifax staff advised breach victims on Twitter at least 8 times to access securityequifax2017.com instead of equifaxsecurity2017.com, the website created by the credit reporting agency…
Iranian Hackers Target Aerospace, Energy Companies
A cyber espionage group linked by security researchers to the Iranian government has been observed targeting aerospace and energy organizations in the United States, Saudi Arabia and South Korea. The threat actor, tracked by FireEye as APT33, is believed to have been around since at least 2013. Since mid-2016, the security firm has spotted attacks…
Phishers targeting LinkedIn users via hijacked accounts
A new phishing campaign has been spotted hitting LinkedIn users via direct messages and the LinkedIn InMail feature. They are sent from legitimate LinkedIn Premium accounts that have been hijacked by the phishers, thus increasing the likelihood that recipients will trust the message and click on the link. The messages/emails say that the sender has…
How Large Businesses Approach Cybersecurity Today
Over 90% of large US companies with 500+ employees have a cybersecurity policy in place to protect them from both real and anticipated threats. Clutch surveyed over 300 corporate IT decision-makers about what to include in a cybersecurity policy and found security software, data back-up and storage and scam detection are the most common areas…
Google wants iOS Gmail users to think twice about following suspicious links
Google has announced the rollout of new anti-phishing checks for the iOS Gmail app: in less than two weeks, all users will be confronted with two warnings if they attempt to follow a suspicious link from within the app. The first one is a pop-up, warning generally about untrusted nature of the site they are…
Obscuring malicious Facebook links using the Open Graph Protocol
Most users click on links popping up in their Facebook News Feed without thinking twice about it, but it’s good to keep in mind that they can lead to malicious sites. Here’s an example of one flagged by the SANS ISC (Internet Storm Center):
Phishers’ techniques and behaviours, and what to do if you’ve been phished
Once a user has been phished, how long does it takes for the phishers to misuse the stolen credentials? To discover the answer to that question and many others, Imperva researchers went undercover by creating 90 personal online accounts, including email and file sharing accounts with Google and Dropbox. Once the so-called honey pot accounts…
Man stole bitcoin by phishing individuals on the dark web
Michael Richo, a 35-year-old from Connecticut, had the brilliant idea of stealing bitcoin from people involved in illegal deals through dark web marketplaces. Perhaps he thought that he would be safe from law enforcement if he stuck to robbing potential criminals but, as it turns out, he was wrong. Richo’s modus operandi was as follows:…
Something’s phishy: How to detect phishing attempts
Dear you, It appears you need to update your information. Click here to tell us all your secrets. No really, it’s totally safe. We’re not going to steal your identity, we swear. If only phishing attempts were that obvious. Instead, these days it’s hard to tell a phish apart from a foul, if you catch…