Blog

Trademark and Copyright enforcement to protect digital assets

Trademark and Copyright enforcement to protect digital assets

Trademark and Copyright enforcement to protect digital assets. In an online world the digital assets of the business are open to a large range of fraud and abuse. Digital assets can be legally protected via Trademark and Copyright ownership claims. Examples of trademark and copyright infringement are fake websites and phishing sites, unauthorised social media accounts,...
Continue Reading
Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.

Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.

Criminals use spoofed email domain from addresses to launch Spear Phishing and Advanced Persistent Threat malware attacks. The “FROM” address of the sender’s email is maliciously changed to the victim’s domain. From the recipients point of view the email looks and feels like an internal email. Cybercriminals can easily send an email to anyone within the...
Continue Reading
How effective is browser blocking against phishing sites

Browser blocking of phishing sites – how effective?

Browser blocking of phishing sites – does the browser provide a phishing solution?  iZOOlogic threat detection and analysis engines are sifting through vast amounts of phishing intelligence and malicious data – sourcing literally thousands of new phishing sites each day. All day and every day. iZOOlogic provides a swift response to those phishing sites that are...
Continue Reading
WHALING – Big Game Spear Phishing

WHALING – Big Game Spear Phishing

Whaling is a type of spear phishing that targets high-profile end users such as C-level corporate executives. Similar to traditional based phishing, whaling leverages social engineering against the victim and uses some technological play in the background. Whaling content – messaging and website are very personalised – this is personal – one on one – phishing....
Continue Reading
Zeus the sky and thunder god of malware

Zeus the sky and thunder god of malware

Zeus malware is a financial Trojan targeting online banking. Zeus malware steals banking information by man-in-the-browser attacks, keystroke logging and form grabbing methods. Zeus was developed to target the Windows OS and has been around for almost 10 years now. Zeus is spread mainly through drive-by downloads and phishing schemes. Why are we talking about an...
Continue Reading
New Financial Malware – Banking Trojans

New Financial Malware – Banking Trojans

Denis Makrushin, a security expert at Kaspersky Lab. has published findings – “Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom. Another example is...
Continue Reading
DNS Hijacking and DNS Spoofing

DNS Hijacking and Spoofing

DNS hijacking and spoofing DNS is the underlying directory framework of the Internet. It turns a web address into an IP address that ultimately directs the user to legitimate website. If this DNS gets hijacked or taken over by a hacker group, the web address can be redirected to a completely different website. This malicious website...
Continue Reading
Spear-phishing attack

Business Email Compromise a blended Spear Phishing attack

Business Email Compromise (BEC) attacks Business Email Compromise (BEC), formerly known as Man-in-the-Email scams are a blended Spear-phishing attack. BEC attacks follow similar traits to phishing, technical subterfuge with social engineering. BEC threats actually compromise legitimate business email accounts in order to conduct unauthorised transfer of funds to criminal controlled bank accounts. Essentially the employee of...
Continue Reading
Phishing Solution

Evolving Banking Malware and Transaction Authentication

Banking malware families and variants are constantly evolving, bank transaction authentication methods are also evolving. It is a cat and mouse game where the user expects convenience and with an ease of use. As malware flavors continue to chart new territory from the days of Spyeye, Zeus & Citadel to the likes of Prime,Dridex, Gozi, Tinba,...
Continue Reading
Puddle Phishing, not of Spear Phishing, is a resurgent threat a variant

Puddle Phishing, not of Spear Phishing, is a resurgent threat a variant

Puddle Phishing, a variant of Spear Phishing, is a resurgent threat. Phishing is a broad term to describe the type of attack that combines some technological components with social engineering. Traditional or classical phishing has been previously discussed in this blog, and is well documented across security blogs and research whitepapers. Let us take a look...
Continue Reading
Phishing Solution

Top Level Domain Abuse – gTLD abuse observations

gTLDs Phishing, Fraud, Abuse Observations – Top Level Domains (TLDs), such as .com, .org, .biz, .net, a part of the domain name that is installed in the root zone, now come in many different variations and flavours – such as generic TLDs (gTLDS), Country-Code TLDs (ccTLDS). These new TLDS have opened up the Domain Name system...
Continue Reading
Spear Phishing attacks

Spear Phishing – a variant of the phishing attack – APT attack

Spear phishing is a variant of the traditional phishing attack that is highly targeted. The phishing message, usually an email, is sent to a discrete audience, a small group of employees, a specific individual or a high profile executive within a targeted business. Similar to classic and traditional based phishing attacks spear phishing leverages social engineering...
Continue Reading
SMiShing

SMiShing – a resurgent phishing based threat.

SMiShing – a phishing based threat against the Mobile Channel. SMiShing is a phishing based attack that leverages the Short Message Service (SMS) or phone based text message. SMiShing or Smishing has been around for many years now so it is not a new threat but a persistent threat that is evolving. With SMiShing the criminals...
Continue Reading
APWG Phishing Solution

APWG – Phishing Activity Trends Report, 1st Quarter 2016

Phishing Crimeware APWG Quarter 1 2016 Report The following is an extract of the most recent APWG Report Q1 2016. The full APWG report can be viewed at – http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf Phishing Report Scope The APWG Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the...
Continue Reading
Phishing Solution

Domain Shadowing

Domain shadowing provides the cybercriminal a series of methodologies to manipulate a genuine domain registrant account allowing the creation of fake subdomains and disrupting DNS configurations for malicious purposes. Our resources show that domain shadowing has now become a greater challenge amongst our client’s and their peers over the previous 12 months. This is a disturbing...
Continue Reading
Phishing | iZOOlogic

Spear Phishing

Spear phishing scams have been around for decades and despite all our best efforts in terms of user education, we continue to see a rise this kind of phishing in terms of volumes and sophistication – it is only the high-profile phishing make headlines. Spear phishing has evolved and continues to evolve. Cybercriminals are using social...
Continue Reading
Social Media Threats

Social Media Threats

Social Media presents a new set of challenges for the business and is a growing area of online brand abuse and fraud. Social Media provides a new mechanism for cybercrime affording the opportunity to distribute phishing and malware content. Social engineering is a key component of Advanced Persistent Threats — APT attacks and often infrastructure breaches...
Continue Reading
Mobile App Threats --Mobile App Monitoring

Mobile App Threats

Mobile applications afford a seamless user experience, however, Unofficial, Unauthorised, Rogue, Malicious Mobile Apps provide an emerging threat for cybercrime and brand abuse. Phishing and malware attacks have evolved to target the mobile device and Mobile Apps are a main vector in the delivery of phishing based apps and the delivery of malicious payloads. Mobile Apps...
Continue Reading
Brand Abuse | iZOOlogic

Brand Monitoring

Electronic channels are a highly efficient mechanism of delivering online services, capabilities and transacting with the end user customer presenting many favourable outcomes for the organisation as well as the end user. However, the electronic channel is open to range of abuse and fraud, ranging from benign to malicious activity. The following is an outline of...
Continue Reading
1 7 8 9

Categories