A few of the MFA lookalike domains we've detected recently. These target a large bank in the Czech Republic (csob[.]sk):
csob-sso-sk[.]net, online-csob-sso-sk-moja[.]com, csob-sso-sk[.]com
The PDF file attached to this email is malicious. You don’t even have to open it to know it should be deleted immediately. Outlook shows the “from” information, and this email didn’t come from Intuit.
The criminal who sent this email is an amateur. Be aware that the “from” information can be much more deceptive than we see in this email example. Sometimes you have to know how to examine the email header to see where the email is really from.
There are a lot of malicious emails that are of poor quality and easy to identify, like this one. By being informed and on guard, you can save yourself from a lot of trouble.
A company I consulted for emailed me asking for info for my 1099.
The email was sent by a 3rd-party service claiming to be acting on their behalf.
I started filling out the form, but when I got to the SSN field, it occurred to me, "How do I know this is legit? Also, didn't I give them my SSN already?"
I closed the form and emailed my contact there asking him to confirm the request.
A few days later I got my 1099 from the 3rd-party service. They indeed had my SSN already. #privacy#phishing
Because I read something along those lines often: the fact that some legitimate emails look like phishing is caused by phishers mimicking real emails, not the other way round. The problem are garbage phishing detection rules, not the legitimate emails phishers try to mimic.
Phishing detection rules cannot be set in stone but depend highly on the environment and "email culture" you inhabit. If you filter out legitimate stuff because of your rules, your rules suck.
Example: "Don't open attachments" is stupid advice if you have to open email attachments every day for your regular job. Rather tell people to upload files sent with automated emails or unknown senders to either virus total or let them get checked by local antivirus. Or implement encryption policies where unencrypted files are suspicious by default.
Bottom line: setting the same standards for everyone won't work. Consider your environment and act accordingly.
📢Watch out for malicious QR Codes🚨 QR Code Phishing Soars 587% - Check Point's Live Cyber Threat Map identified 20,000 instances of QR code attacks within two weeks.
what's the word for when: the phishers who are stealing from the organized crime phishers that you are researching realize that you know they are fake (organized crime) and take down their entire infrastructure and social media presence in a few hours? i was going with "wow" but it doesn't seem quite the right word. i also tried "bummer". #dns#phishing#cybercrime#infoblox
@jsrailton Only FIDO2 and Passkeys are protecting against #phishing attacks.
Caution: #Passkeys might copy your secret into the service provider's cloud for convenience and backup purposes.
IMHO, #FIDO2 hardware tokens are the only non plus ultra for authentication security since they protect your secrets in hardware without the possibility of "backups" to the cloud.
We saw #malware uploads to Codeberg increase in the past weeks. Although our users are likely not the target audience of these files, we still want to remind you:
Watch out and stay secured. Do not run files from untrusted authors.
On Codeberg, double-check the project's legitimacy (e.g. user age, stars / issues / activity) or the source code itself.
Visit the project's homepage and use official download sources.
Never let emails panic you, consider if it's part of a #phishing campaign.
📢🚨 #Microsoft has warned of an Israel-Hamas-themed phishing scam, accompanied by the use of a custom backdoor called #MediaPI, carried out by the Iranian Mint #Sandstorm APT.
Research from cyber security firm Egress found that 94% of organizations globally have experienced a serious email security incident in the past 12 months, and 4 out of 10 employees responsible for email security breaches over the last year have been sacked.
If four in ten are being fired for email security breaches, then maybe it's not the employees who should be fired but those at the top who haven't invested in solutions that do not rely on or require human beings to be perfect detectors of phishing attempts, BEC, or other social engineering attacks involving email? Or who haven't just accepted that shit will happen? And now that AI is making such attacks even more convincing or difficult to detect, firing employees for falling prey is even less justifiable or effective.
More or less every company has guidance that users shouldn't click links in emails to prevent phishing and other email based attacks. So why do all email clients enable clickable links? There doesn't even seem to be an option to disable such links from incoming emails. 🤔 #infosec#email#phishing#security