Blog

Spear-phishing attack

Business Email Compromise a blended Spear Phishing attack

Business Email Compromise (BEC) attacks Business Email Compromise (BEC), formerly known as Man-in-the-Email scams are a blended Spear-phishing attack. BEC attacks follow similar traits to phishing, technical subterfuge with social engineering. BEC threats actually compromise legitimate business email accounts in order to conduct unauthorised transfer of funds to criminal controlled bank accounts. Essentially the employee of...
Continue Reading
Banking Malware

Evolving Banking Malware and Transaction Authentication

Banking malware families and variants are constantly evolving, bank transaction authentication methods are also evolving. It is a cat and mouse game where the user expects convenience and with an ease of use. As malware flavors continue to chart new territory from the days of Spyeye, Zeus & Citadel to the likes of Prime,Dridex, Gozi, Tinba,...
Continue Reading
Puddle Phishing, not of Spear Phishing, is a resurgent threat a variant

Puddle Phishing, not of Spear Phishing, is a resurgent threat a variant

Puddle Phishing, a variant of Spear Phishing, is a resurgent threat. Phishing is a broad term to describe the type of attack that combines some technological components with social engineering. Traditional or classical phishing has been previously discussed in this blog, and is well documented across security blogs and research whitepapers. Let us take a look...
Continue Reading
Domain Name Monitoring

Top Level Domain Abuse – gTLD abuse observations

gTLDs Phishing, Fraud, Abuse Observations – Top Level Domains (TLDs), such as .com, .org, .biz, .net, a part of the domain name that is installed in the root zone, now come in many different variations and flavours – such as generic TLDs (gTLDS), Country-Code TLDs (ccTLDS). These new TLDS have opened up the Domain Name system...
Continue Reading
Spear Phishing attacks

Spear Phishing – a variant of the phishing attack – APT attack

Spear phishing is a variant of the traditional phishing attack that is highly targeted. The phishing message, usually an email, is sent to a discrete audience, a small group of employees, a specific individual or a high profile executive within a targeted business. Similar to classic and traditional based phishing attacks spear phishing leverages social engineering...
Continue Reading
SMiShing

SMiShing – a resurgent phishing based threat.

SMiShing – a phishing based threat against the Mobile Channel. SMiShing is a phishing based attack that leverages the Short Message Service (SMS) or phone based text message. SMiShing or Smishing has been around for many years now so it is not a new threat but a persistent threat that is evolving. With SMiShing the criminals...
Continue Reading
APWG Phishing Solution

APWG – Phishing Activity Trends Report, 1st Quarter 2016

Phishing Crimeware APWG Quarter 1 2016 Report The following is an extract of the most recent APWG Report Q1 2016. The full APWG report can be viewed at – http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf Phishing Report Scope The APWG Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the...
Continue Reading
Phishing Solution

Domain Shadowing

Domain shadowing provides the cybercriminal a series of methodologies to manipulate a genuine domain registrant account allowing the creation of fake subdomains and disrupting DNS configurations for malicious purposes. Our resources show that domain shadowing has now become a greater challenge amongst our client’s and their peers over the previous 12 months. This is a disturbing...
Continue Reading
Spear phishing scams

Spear Phishing

Spear phishing scams have been around for decades and despite all our best efforts in terms of user education, we continue to see a rise this kind of phishing in terms of volumes and sophistication – it is only the high-profile phishing make headlines. Spear phishing has evolved and continues to evolve. Cybercriminals are using social...
Continue Reading
Social Media Monitoring

Social Media Threats

Social Media presents a new set of challenges for the business and is a growing area of online brand abuse and fraud. Social Media provides a new mechanism for cybercrime affording the opportunity to distribute phishing and malware content. Social engineering is a key component of Advanced Persistent Threats — APT attacks and often infrastructure breaches...
Continue Reading
Mobile App Threats

Mobile App Threats

Mobile applications afford a seamless user experience, however, Unofficial, Unauthorised, Rogue, Malicious Mobile Apps provide an emerging threat for cybercrime and brand abuse. Phishing and malware attacks have evolved to target the mobile device and Mobile Apps are a main vector in the delivery of phishing based apps and the delivery of malicious payloads. Mobile Apps...
Continue Reading
Online Brand Abuse - Brand Monitoring

Brand Monitoring

Electronic channels are a highly efficient mechanism of delivering online services, capabilities and transacting with the end user customer presenting many favorable outcomes for the organisation as well as the end user. However, the electronic channel is open to range of abuse and fraud, ranging from benign to malicious activity. The following is an outline of...
Continue Reading
1 16 17 18