Personalized Phishing

Personalized Phishing
Sophisticated Spear Phishing: Customized Phishing Attacks Our Phishing Intelligence team noticed that sophisticated phishing attacks are more likely to occur these days targeting corporate employees and their contacts in their email addresses. This is commonly known as Spear Phishing. Basically this type of phishing attack is devised by doing a thorough [...]

by

Read More

Phish Under The IOS Environment

Apple ID password | iZOOlogic
Surprised? A Phishing modus designed to take your Apple ID password from you. A lot of people still claims that the iOS is Malware proof and/or attack proof that is what majority of the people know since most users just want the simplicity of using their phones from their pockets. Advertisements [...]

by

Read More

Cybersecurity Mitigation and Phishing

Cybersecurity and Attack Mitigation (Phishing) We can all agree that prevention is better than cure in any situation whether it be critical or not. After all who wants to deal with a problem just because there were no precautions done? Especially in today’s cyberspace, digital crimes do happen left and [...]

by

Read More

Not Petya Strikes Back as Bad Rabbit Ransomware

Not Petya Strikes Back as Bad Rabbit Ransomware
Fake News? What’s worse is a Ransomware to Ruin Your Day. People whose job is to gather information, do general research on current events may have been previous victims of fake news from Fake News Sites. Believing in false information could harm you intellectually and socially. What’s worse that could [...]

by

Read More

Rouge Employees on Corporate Cybercrime

Rouge Employees on Corporate Cybercrime | iZOOlogic
The common misconception regarding cybercrime in layman’s perception is individuals and small businesses are targeted often, and big corporations are not heavily victimized due to the perception that they can afford reliable and powerful security systems. Think twice before rationalizing the thought above. Big corporations may have the most sophisticated [...]

by

Read More

Cybersquatting Domain Profiteering

izoologic
The Cyber world of Today The World Wide Web is a huge space where a lot of people gather, interact, educate, and etc. With a lot of activities which feed people’s minds and the ability to conduct a lot of transactions in the internet space, it is a pretty convenient [...]

by

Read More

Freeloading With Malware Is Not Free

Phishing Prevention | iZOOlogic
Phishing Prevention is hard to if we ever intend to buy free software products in a non legit way. Have you ever wanted most of your licensed software for free in a non-legit way? Especially when you think it is too expensive for you to purchase? At some point in [...]

by

Read More

Growing Impact of Cybercrime

Growing Impact of Cybercrime | iZOOlogic
How deeply rooted is cybercrime? Cybercrime has been rampant since the computer age started, from petty crimes such as performing weird functions on your computer to defacing, and now critical theft where even a country could even make an economy out of it. The first massive cybercrime attacks were back [...]

by

Read More

Massive Breach On Online Credentials

online credentials breach protection | iZOOlogic
After Equifax What’s Next The rampant carnage of cybercriminals on your private information does not end with Equifax which is unfortunate for law-abiding businesses and casual users of the internet. Why? Because such crimes are still ongoing, and this will not be easily stopped. What happened? Fresh from the shelves [...]

by

Read More

The Equifax Data Breach Surprise

Equifax Data Breach | iZOOlogic
Equifax Data Breach Lately, a major consumer credit reporting company was attacked by hackers which resulted in a massive data breach. The data breach affected those who had a credit history in the US, UK, and Canada. An estimated 143 million people were affected by the breach. Equifax recently announced [...]

by

Read More

Android Based Botnet launches DDoS Attacks

Android Based Botnet launches DDoS Attacks
On the 17th of August, a lot of content providers and delivery network companies were attacked by a botnet called WireX. A multitude of Android devices was being used to launch the attack to the targeted victims through malicious applications on the devices that are running in the background and [...]

by

Read More

Social Media Account Take Over

Social Media Account Take Over
Social Media use nowadays is commonplace, along with its popular use comes a great risk of identity theft and other abuse and fraud. Maintaining secure social networks is challenging  due to the diversity of communities and the ability to create accounts and identities with minimal verification and authenitication. Currently social [...]

by

Read More

Bitcoins for Cyber Criminals? Goodbye BTC-E

Bitcoinsfor Cyber Criminals? Goodbye BTC-E
What happened? Recently a known Bitcoin exchange which is BTC-E has been shut down and seized by 6 US law enforcement agencies, due to the exchange’s involvement in the theft of 2.21 billion USD from two well-known Bitcoin exchanges Bitcoinica and Mt. Gox. The founder of BTC-E who is named [...]

by

Read More

Cyber Data Theft: How it could affect your business

Hacking
Lately the popular cable and satellite TV network HBO has fallen victim to hacking, as a result a total of 1.5 TB of data were stolen which is quite alarming because this is the biggest data theft incident yet that happened ever since Sony leaks happened last 2014. The hackers [...]

by

Read More

Goodbye Alphabay and Hansa Market

Dark Web Monitering
The Fall of Alpha and Hansa In case you haven’t heard about Alphabay and Hansa market; these are two well-known marketplaces that used to exist on the Darknet. They are popular for the reason that most vendors are legitimate in a sense that scams are less likely to happen, due [...]

by

Read More

Introduction to the Deep and Dark Web

dark web
The Dark Web First let’s define the internet “The internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide”. Now we know what the internet is, and we have been enjoying the benefits and convenience in our today’s life. However most users are only [...]

by

Read More

A new kind of Voice Phishing – “please say yes”

Voice-Phishing-Vishing-Attack-Targeting-Numerous-of-Banks
A new kind of Voice Phishing is circulating - the ‘can you hear me?’ phone scam has been reported in US, UK, and Australia. This is a little different to the traditional Vishing or Voice Phishing methods that directly attempt to steal account credentials and personal information. The scammer records [...]

by

Read More

Analysis of browser plugins to provide phishing protection

browserPlugin
Phishing protection, protecting the business and end user victims, requires a layered approach. Although we have discussed the limitation of end user protection at the browser level, we still recommend User use this point of protection. Browser plugins provide protection against phishing sites. In this article, we review some common [...]

by

Read More

The era of Fake News – beware all Executives.

fake-news
Fake News impacts business Executives and organisation brand. We have entered a new era of “Fake News” which can have a direct impact on all business Executives and brand protection strategies.  Fake News is real news – if you believe it. Fake News is being spread on dubious websites, specifically [...]

by

Read More

Two new malware (financial Trojans) – Corebot and Shifu

Shutterstock izoologic
Cybercriminals have a large range of tools and resources to launch phishing and malware attacks against online platforms. The dark web provides fertile grounds for criminals to opening discuss methodologies and trade new malware variants, types and processes. From well-established banking malware, such as Dyre, ZeuS and Kronos, to more [...]

by

Read More

A new year, an old threat – traditional phishing

2017
It may be a new year but we can be sure that phishing will again be upon us. So far in the first two days of 2017 we have seen the usual suspects being targeted, Apple, PayPal, Amazon, Scotia Bank, ANZ, HSBC, Facebook, the list of targeted phishing is endless…. [...]

by

Read More

Email remains the default vector for distributing phishing and malware content.

Shutterstock izoologic
Cybercriminals still use emails to launch the social engineering component of a phishing or malware attack. Email content uses a “call to action’ such as a security update, web payment or refund to lure victims into clicking on the embedded link. Users are routed to fake web content or to [...]

by

Read More

An alternative flavour of SMiShing

istock izoologic
SMiShing attacks often leverage a trusted brand to route the victim to a phishing site. An alternative variant of SMiShing is where the spam message contains only a call back number. The message maybe as simple as “Please urgently call back xxxx xxxx xxxx to update your account details” and [...]

by

Read More

Vishing – a persistent type of Voice Phishing

vishing-arm izoologic
Vishing, a term that relates to “Voice – Phishing” is a type of social engineering attack that has a high degree of variety.  Vishing takes the form of a criminal using a telephone to make a social engineering attempt against the victim to conduct fraud. Vishing maybe as simple as [...]

by

Read More

Ransomware: the new kind of malware

ransomware izoologic
Ransomware is one of the greatest emerging cybercrime challenges. Ransomware is the largest malware taxonomy and most phishing emails in 2016 contain ransomware. The tactic of ransomware is to hold the victim to extortion by encrypting the victim’s documents, files or disks until the person pays a ransom fee via [...]

by

Read More

Phishing spam sent from specifically registered domain names bypasses email authentication

Domain name spaming
Phishing spam is often sent from specifically registered domain names and domain zones to increase the efficacy of the phishing attack. This means that current email authentication systems are readily bypassed. Phishing spam forms the first component of the social engineering attempt. The phishing message must appear like it has [...]

by

Read More

Bolek malware– the latest generation of financial Trojan

Bolek malware
Bolek malware is a new generation of financial trojan with an increased level of sophisitcation and stealth. Bolek was documented by the Polska CERT team in 2016 and named after a local cartoon character - "Bolek", but this is no children's show. Bolek's primary function is targeting banks to steal [...]

by

Read More

Carberp malware – the precursor to many modern financial Trojans

Carberp malware
Carberp malware, a financial Trojan, is the precursor to many new malware families such as Sofacy and Bolek. Carberp is an older malware, however, it is well worth our time to review as at it’s time of release it was highly sophisticated. Carberp was originally a Russian financial Trojan that [...]

by

Read More

Top 4 Malware – Financial Trojans – Zeus, Carberp, Citadel and SpyEye.

Top 4 Malware – Financial Trojans – Zeus, Carberp, Citadel and SpyEye
Let us introduce the Top 4 Malware – Financial Trojans - Zeus, Carberp, Citadel and SpyEye. Later in this series of articles we will look into each malware (financial Trojan) in greater detail but allow us to make the formal introductions.   Zeus Zeus is not only the Grecian God [...]

by

Read More

APWG – Phishing Trends Activity Report – Q2 2016 : Summary of Findings

APWG – Phishing Trends Activity Report
Anti-Phishing Working Group - Phishing Trends Activity Report - Q2 2016   Summary of Findings: The Retail/Service sector remained the most- targeted industry sector during the second quarter of 2016, suffering 43% of attacks The number of brands targeted by phishers in the second quarter remained consistent – ranging from [...]

by

Read More

Real Time Phishing is Man in the Middle (MitM) attack

Real Time Phishing is Man in the Middle (MitM) attack
Real Time Phishing is a Man-in-the-Middle (MitM) attack that allows the criminal to commit real time fraud. Stolen credentials from the phishing site are used to access the internet bank session in real time. Real time phishing allows the criminal to readily bypass banking authentication protocols. Traditional or classic phishing [...]

by

Read More

Trademark and Copyright enforcement to protect digital assets

Trademark and Copyright enforcement to protect digital assets
Trademark and Copyright enforcement to protect digital assets. In an online world the digital assets of the business are open to a large range of fraud and abuse. Digital assets can be legally protected via Trademark and Copyright ownership claims. Examples of trademark and copyright infringement are fake websites and [...]

by

Read More

Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.

Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.
Criminals use spoofed email domain from addresses to launch Spear Phishing and Advanced Persistent Threat malware attacks. The “FROM” address of the sender’s email is maliciously changed to the victim’s domain. From the recipients point of view the email looks and feels like an internal email. The criminal can use [...]

by

Read More

Browser blocking of phishing sites – how effective?

Browser blocking of phishing sites – how effective?
Browser blocking of phishing sites - does the browser provide a phishing solution?  iZOOlogic threat detection and analysis engines are sifting through vast amounts of phishing intelligence and malicious data – sourcing literally thousands of new phishing sites each day. All day and every day. iZOOlogic provides a swift response [...]

by

Read More

WHALING – Big Game Spear Phishing

WHALING – Big Game Spear Phishing
Whaling is a type of spear phishing that targets high-profile end users such as C-level corporate executives. Similar to traditional based phishing, whaling leverages social engineering against the victim and uses some technological play in the background. The social engineering component aims to trick the target via a messaging, usually [...]

by

Read More

Zeus the sky and thunder god of malware

Zeus the sky and thunder god of malware

Zeus malware is a financial Trojan targeting online banking. Zeus malware steals banking information by man-in-the-browser attacks, keystroke logging and form grabbing methods. Zeus was developed to target the Windows OS and has been around for almost 10 years now. Zeus is spread mainly through drive-by downloads and phishing schemes. […]

by

Read More

New Financial Malware – Banking Trojans

New Financial Malware – Banking Trojans
New Financial malware - banking Trojans -  are increasing in functionality with new families and variants responsible for fraud losses. There has been a number of reports from our Security vendor partners, plus iZOOlabs analysis, where we are observing a recent upshift in attacks. iZOOlogic clients in disparate countries from [...]

by

Read More

DNS Hijacking and Spoofing

DNS Hijacking and DNS Spoofing
DNS Hijacking and Spoofing DNS Hijacking, Spoofing and Pharming are phishing type relate fraud techniques. DNS hijacking or spoofing is a cybercrime attack that re-routes web traffic to a malicious web site. The attacker hijacks or infects the DNS query to insert an incorrect result to re-direct the web traffic [...]

by

Read More

Business Email Compromise a blended Spear Phishing attack.

Fraud Alert
Business Email Compromise (BEC) attacks   Business Email Compromise (BEC), formerly known as Man-in-the-Email scams are a blended Spear-phishing attack. BEC attacks follow similar traits to phishing, technical subterfuge with social engineering. BEC threats actually compromise legitimate business email accounts in order to conduct unauthorised transfer of funds to criminal [...]

by

Read More

Evolving Banking Malware and Transaction Authentication

Phishing Solution
Banking malware families and variants are constantly evolving, bank transaction authentication methods are also evolving. It is a cat and mouse game where the user expects convenience and with an ease of use. As malware flavors continue to chart new territory from the days of Spyeye, Zeus & Citadel to [...]

by

Read More

Puddle Phishing, a variant of Spear Phishing, is a resurgent threat.

Phishing Solution
  Puddle Phishing, a variant of Spear Phishing, is a resurgent threat. Phishing is a broad term to describe the type of attack that combines some technological components with social engineering. Traditional or classical phishing has been previously discussed in this blog, and is well documented across security blogs and [...]

by

Read More

Top Level Domain Abuse – gTLD abuse observations

Phishing Solution
gTLDs Phishing, Fraud, Abuse Observations - Top Level Domains (TLDs), such as .com, .org, .biz, .net, a part of the domain name that is installed in the root zone, now come in many different variations and flavours - such as generic TLDs (gTLDS), Country-Code TLDs (ccTLDS). These new TLDS have [...]

by

Read More

Spear Phishing – a variant of the phishing attack – APT attack

Spear Phishing
Spear phishing is a variant of the traditional phishing attack that is highly targeted. The phishing message, usually an email, is sent to a discrete audience, a small group of employees, a specific individual or a high profile executive within a targeted business. Similar to classic and traditional based phishing [...]

by

Read More

SMiShing – a resurgent phishing based threat.

SMiShing
SMiShing - a phishing based threat against the Mobile Channel. SMiShing is a phishing based attack that leverages the Short Message Service (SMS) or phone based text message. SMiShing or Smishing has been around for many years now so it is not a new threat but a persistent threat that [...]

by

Read More

APWG – Phishing Activity Trends Report, 1st Quarter 2016

APWG Phishing Solution
Phishing Crimeware APWG Quarter 1 2016 Report The following is an extract of the most recent APWG Report Q1 2016. The full APWG report can be viewed at - http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf Phishing Report Scope The APWG Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, [...]

by

Read More

Domain Shadowing

Phishing Solution
Domain shadowing Domain shadowing provides the cybercriminal a series of methodologies to manipulate a genuine domain registrant account allowing the creation of fake subdomains and disrupting DNS configurations for malicious purposes. Our resources show that domain shadowing has now become a greater challenge amongst our client’s and their peers over [...]

by

Read More

Spear Phishing

Phishing Solution
Spear phishing scams have been around for decades and despite all our best efforts in terms of user education, we continue to see a rise this kind of phishing in terms of volumes and sophistication – it is only the high-profile phishing make headlines. Spear phishing has evolved and continues [...]

by

Read More

Social Media Threats

Unbenannt
Social Media presents a new set of challenges for the business and is a growing area of online brand abuse and fraud. Social Media provides a new mechanism for cybercrime affording the opportunity to distribute phishing and malware content. Social engineering is a key component of Advanced Persistent Threats — [...]

by

Read More

Mobile App Threats

Phishing Solution
Mobile applications afford a seamless user experience, however, Unofficial, Unauthorised, Rogue, Malicious Mobile Apps provide an emerging threat for cybercrime and brand abuse. Phishing and malware attacks have evolved to target the mobile device and Mobile Apps are a main vector in the delivery of phishing based apps and the [...]

by

Read More

Brand Monitoring

Phishing Solution
Electronic channels are a highly efficient mechanism of delivering online services, capabilities and transacting with the end user customer presenting many favourable outcomes for the organisation as well as the end user. However, the electronic channel is open to range of abuse and fraud, ranging from benign to malicious activity. [...]

by

Read More