A new kind of Voice Phishing – “please say yes”

Voice-Phishing-Vishing-Attack-Targeting-Numerous-of-Banks
A new kind of Voice Phishing is circulating - the ‘can you hear me?’ phone scam has been reported in US, UK, and Australia. This is a little different to the traditional Vishing or Voice Phishing methods that directly attempt to steal account credentials and personal information. The scammer records [...]

by

Read More

Analysis of browser plugins to provide phishing protection

browserPlugin
Phishing protection, protecting the business and end user victims, requires a layered approach. Although we have discussed the limitation of end user protection at the browser level, we still recommend User use this point of protection. Browser plugins provide protection against phishing sites. In this article, we review some common [...]

by

Read More

The era of Fake News – beware all Executives.

fake-news
Fake News impacts business Executives and organisation brand. We have entered a new era of “Fake News” which can have a direct impact on all business Executives and brand protection strategies.  Fake News is real news – if you believe it. Fake News is being spread on dubious websites, specifically [...]

by

Read More

Two new malware (financial Trojans) – Corebot and Shifu

shutterstock_83488540-680x400
Cybercriminals have a large range of tools and resources to launch phishing and malware attacks against online platforms. The dark web provides fertile grounds for criminals to opening discuss methodologies and trade new malware variants, types and processes. From well-established banking malware, such as Dyre, ZeuS and Kronos, to more [...]

by

Read More

A new year, an old threat – traditional phishing

2017
It may be a new year but we can be sure that phishing will again be upon us. So far in the first two days of 2017 we have seen the usual suspects being targeted, Apple, PayPal, Amazon, Scotia Bank, ANZ, HSBC, Facebook, the list of targeted phishing is endless…. [...]

by

Read More

Email remains the default vector for distributing phishing and malware content.

shutterstock_155857484
Cybercriminals still use emails to launch the social engineering component of a phishing or malware attack. Email content uses a “call to action’ such as a security update, web payment or refund to lure victims into clicking on the embedded link. Users are routed to fake web content or to [...]

by

Read More

An alternative flavour of SMiShing

istock_000019988830xsm-smish
SMiShing attacks often leverage a trusted brand to route the victim to a phishing site. An alternative variant of SMiShing is where the spam message contains only a call back number. The message maybe as simple as “Please urgently call back xxxx xxxx xxxx to update your account details” and [...]

by

Read More

Vishing – a persistent type of Voice Phishing

vishing-arm
Vishing, a term that relates to “Voice – Phishing” is a type of social engineering attack that has a high degree of variety.  Vishing takes the form of a criminal using a telephone to make a social engineering attempt against the victim to conduct fraud. Vishing maybe as simple as [...]

by

Read More

Ransomware: the new kind of malware

ransomware_blog
Ransomware is one of the greatest emerging cybercrime challenges. Ransomware is the largest malware taxonomy and most phishing emails in 2016 contain ransomware. The tactic of ransomware is to hold the victim to extortion by encrypting the victim’s documents, files or disks until the person pays a ransom fee via [...]

by

Read More

Phishing spam sent from specifically registered domain names bypasses email authentication

domain-name-spaming
Phishing spam is often sent from specifically registered domain names and domain zones to increase the efficacy of the phishing attack. This means that current email authentication systems are readily bypassed. Phishing spam forms the first component of the social engineering attempt. The phishing message must appear like it has [...]

by

Read More

Bolek malware– the latest generation of financial Trojan

index
Bolek malware is a new generation of financial trojan with an increased level of sophisitcation and stealth. Bolek was documented by the Polska CERT team in 2016 and named after a local cartoon character - "Bolek", but this is no children's show. Bolek's primary function is targeting banks to steal [...]

by

Read More

Carberp malware – the precursor to many modern financial Trojans

agentx-623x426
Carberp malware, a financial Trojan, is the precursor to many new malware families such as Sofacy and Bolek. Carberp is an older malware, however, it is well worth our time to review as at it’s time of release it was highly sophisticated. Carberp was originally a Russian financial Trojan that [...]

by

Read More

Top 4 Malware – Financial Trojans – Zeus, Carberp, Citadel and SpyEye.

citadel
Let us introduce the Top 4 Malware – Financial Trojans - Zeus, Carberp, Citadel and SpyEye. Later in this series of articles we will look into each malware (financial Trojan) in greater detail but allow us to make the formal introductions.   Zeus Zeus is not only the Grecian God [...]

by

Read More

APWG – Phishing Trends Activity Report – Q2 2016 : Summary of Findings

apwg-report4
Anti-Phishing Working Group - Phishing Trends Activity Report - Q2 2016   Summary of Findings: The Retail/Service sector remained the most- targeted industry sector during the second quarter of 2016, suffering 43% of attacks The number of brands targeted by phishers in the second quarter remained consistent – ranging from [...]

by

Read More

Real Time Phishing is Man in the Middle (MitM) attack

man-in-the-middle-iphone-680x400
Real Time Phishing is a Man-in-the-Middle (MitM) attack that allows the criminal to commit real time fraud. Stolen credentials from the phishing site are used to access the internet bank session in real time. Real time phishing allows the criminal to readily bypass banking authentication protocols. Traditional or classic phishing [...]

by

Read More

Trademark and Copyright enforcement to protect digital assets

copyright-full
Trademark and Copyright enforcement to protect digital assets. In an online world the digital assets of the business are open to a large range of fraud and abuse. Digital assets can be legally protected via Trademark and Copyright ownership claims. Examples of trademark and copyright infringement are fake websites and [...]

by

Read More

Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.

emailmessage
Criminals use spoofed email domain from addresses to launch Spear Phishing and Advanced Persistent Threat malware attacks. The “FROM” address of the sender’s email is maliciously changed to the victim’s domain. From the recipients point of view the email looks and feels like an internal email. The criminal can use [...]

by

Read More

Browser blocking of phishing sites – how effective?

soln3100fig1-1
Browser blocking of phishing sites - does the browser provide a phishing solution?  iZOOlogic threat detection and analysis engines are sifting through vast amounts of phishing intelligence and malicious data – sourcing literally thousands of new phishing sites each day. All day and every day. iZOOlogic provides a swift response [...]

by

Read More

WHALING – Big Game Spear Phishing

2016-03-15_56e7f67737688_Whaling
Whaling is a type of spear phishing that targets high-profile end users such as C-level corporate executives. Similar to traditional based phishing, whaling leverages social engineering against the victim and uses some technological play in the background. The social engineering component aims to trick the target via a messaging, usually [...]

by

Read More

Zeus the sky and thunder god of malware

maxresdefault

Zeus malware is a financial Trojan targeting online banking. Zeus malware steals banking information by man-in-the-browser attacks, keystroke logging and form grabbing methods. Zeus was developed to target the Windows OS and has been around for almost 10 years now. Zeus is spread mainly through drive-by downloads and phishing schemes. […]

by

Read More

New Financial Malware – Banking Trojans

dreamstime_m_33228233
New Financial malware - banking Trojans -  are increasing in functionality with new families and variants responsible for fraud losses. There has been a number of reports from our Security vendor partners, plus iZOOlabs analysis, where we are observing a recent upshift in attacks. iZOOlogic clients in disparate countries from [...]

by

Read More

DNS Hijacking and Spoofing

DNS Hijacking and DNS Spoofing
DNS Hijacking and Spoofing DNS Hijacking, Spoofing and Pharming are phishing type relate fraud techniques. DNS hijacking or spoofing is a cybercrime attack that re-routes web traffic to a malicious web site. The attacker hijacks or infects the DNS query to insert an incorrect result to re-direct the web traffic [...]

by

Read More

Business Email Compromise a blended Spear Phishing attack.

index
Business Email Compromise (BEC) attacks   Business Email Compromise (BEC), formerly known as Man-in-the-Email scams are a blended Spear-phishing attack. BEC attacks follow similar traits to phishing, technical subterfuge with social engineering. BEC threats actually compromise legitimate business email accounts in order to conduct unauthorised transfer of funds to criminal [...]

by

Read More

Evolving Banking Malware and Transaction Authentication

index
Banking malware families and variants are constantly evolving, bank transaction authentication methods are also evolving. It is a cat and mouse game where the user expects convenience and with an ease of use. As malware flavors continue to chart new territory from the days of Spyeye, Zeus & Citadel to [...]

by

Read More

Puddle Phishing, a variant of Spear Phishing, is a resurgent threat.

images
  Puddle Phishing, a variant of Spear Phishing, is a resurgent threat. Phishing is a broad term to describe the type of attack that combines some technological components with social engineering. Traditional or classical phishing has been previously discussed in this blog, and is well documented across security blogs and [...]

by

Read More

Top Level Domain Abuse – gTLD abuse observations

images
gTLDs Phishing, Fraud, Abuse Observations - Top Level Domains (TLDs), such as .com, .org, .biz, .net, a part of the domain name that is installed in the root zone, now come in many different variations and flavours - such as generic TLDs (gTLDS), Country-Code TLDs (ccTLDS). These new TLDS have [...]

by

Read More

Spear Phishing – a variant of the phishing attack – APT attack

Spear Phishing
Spear phishing is a variant of the traditional phishing attack that is highly targeted. The phishing message, usually an email, is sent to a discrete audience, a small group of employees, a specific individual or a high profile executive within a targeted business. Similar to classic and traditional based phishing [...]

by

Read More

SMiShing – a resurgent phishing based threat.

SMiShing
SMiShing - a phishing based threat against the Mobile Channel. SMiShing is a phishing based attack that leverages the Short Message Service (SMS) or phone based text message. SMiShing or Smishing has been around for many years now so it is not a new threat but a persistent threat that [...]

by

Read More

APWG – Phishing Activity Trends Report, 1st Quarter 2016

APWG Report Q1 2016
Phishing Crimeware APWG Quarter 1 2016 Report The following is an extract of the most recent APWG Report Q1 2016. The full APWG report can be viewed at - http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf Phishing Report Scope The APWG Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, [...]

by

Read More

Domain Shadowing

domain shadowing
Domain shadowing Domain shadowing provides the cybercriminal a series of methodologies to manipulate a genuine domain registrant account allowing the creation of fake subdomains and disrupting DNS configurations for malicious purposes.   Our resources show that domain shadowing has now become a greater challenge amongst our client’s and their peers [...]

by

Read More

Spear Phishing

Screenshotpass
Spear phishing scams have been around for decades and despite all our best efforts in terms of user education, we continue to see a rise this kind of phishing in terms of volumes and sophistication – it is only the high-profile phishing make headlines. Spear phishing has evolved and continues [...]

by

Read More

Social Media Threats

Unbenannt
Social Media presents a new set of challenges for the business and is a growing area of online brand abuse and fraud. Social Media provides a new mechanism for cybercrime affording the opportunity to distribute phishing and malware content. Social engineering is a key component of Advanced Persistent Threats — [...]

by

Read More

Mobile App Threats

mobile-pic
Mobile applications afford a seamless user experience, however, Unofficial, Unauthorised, Rogue, Malicious Mobile Apps provide an emerging threat for cybercrime and brand abuse. Phishing and malware attacks have evolved to target the mobile device and Mobile Apps are a main vector in the delivery of phishing based apps and the [...]

by

Read More

Brand Monitoring

pictures
Electronic channels are a highly efficient mechanism of delivering online services, capabilities and transacting with the end user customer presenting many favourable outcomes for the organisation as well as the end user. However, the electronic channel is open to range of abuse and fraud, ranging from benign to malicious activity. [...]

by

Read More

Categories