More Tax Time Scams

Every year, attackers try to find some way to innovate and steal more money come tax time. Last year, attackers took advantage of e-filing, which led TurboTax to put a halt on all refunds due to a surge in fraudulent state tax returns. Here is a screenshot of a phishing email that the attackers are using to try and obtain W2’s for all employees:

Figure 1

Figure 1. Screenshot of phishing email used by attackers

Be on the lookout for these types of scams! Snapchat recently fell victim to one of these scams and did the responsible thing by notifying the affected parties and called on the assistance of the FBI. HMRC related phishing is something to watch out for as well, as well as anything else tax-themed around tax time. Stay alert!

PhishMe Unveils Fully Integrated Phishing Defense Solution to Combat Multi-Billion Dollar Phishing Problem

Human Conditioning, Intelligence and Incident Response Overcome Failing Automation Technology Patchwork

LEESBURG, VA & SAN FRANCISCO — March 1, 2016— PhishMe® Inc., the leading provider of human phishing defense solutions, today announced during RSA Conference 2016 that it has fully integrated its powerful product suite comprised of Simulator, Reporter, Triage and Intelligence. The integration delivers customers with a comprehensive solution for attack identification, human-verified intelligence and incident response that turns employees into the most powerful line of defense against phishing. As the top attack vector in use today, spear phishing is responsible for more than 90 percent of all breaches – costing the world economy hundreds of billions of dollars annually.

PhishMe® Triage Integrates with Recorded Future’s® OSINT Platform for Investigative Incident Response

Phishing Incident Response – Back to the Past, Present, and Recorded Future

Attackers like to boast about their accomplishments as well as announce their plans. They leave trails of evidence across the open web just waiting to be discovered, if you’re looking in the right places. Similarly, as events occur, researchers and those attacked begin to share information. Employees within our organizations are a primary target of attackers with well-crafted spear phishing emails and some of which may stem from over sharing or whatever is personally newsworthy. Indicators of compromise (IOCs) help security teams in their incident response process. Has this been seen before? When did it start? Are there any indicators that this attack will be used again? This is valuable information to help determine the validity of the attack and what may be next.

PhishMe Blazes Extraordinary Pathway for Enterprise Phishing Defense as Finalist in the 2016 Tech Trailblazer Awards

We’re excited to announce that PhishMe has been named a finalist for the 2016 Tech Trailblazer Awards in the “Security Trailblazer” category. This prestigious award recognizes both established and up-and-coming startups.

At PhishMe, we strive to provide companies with a comprehensive, enterprise-class phishing defense solution – one that proactively engages every employee in the fight against phishing attacks and malware. Human targets, such as employees, are the number one attack target for hackers because of the level of network access they can provide, making phishing attacks one of the most prolific threat vectors used today. Without building a human layer of defense through the behavioral conditioning of employees to recognize potential threats, security teams cannot keep pace with increasingly sophisticated onslaught of attacks.

PowerPoint and Custom Actions

We’ve recently observed a Phishing attack which uses PowerPoint Custom Actions instead of macros to execute a malicious payload. Although using PowerPoint attachments is not new, these types of attacks are interesting as they generally bypass controls that assert on macro enabled Office attachments.

Locky – New Malware Borrowing Ideas From Dridex and Other Ransomware

On February 16, 2016, PhishMe’s Intelligence team identified a number of significantly large sets of emails delivering Word documents containing macro scripts used to download a malware payload. This malware delivery technique has been ubiquitous among many threat actors over the past year but has been most prolifically used by threat actors delivering the Dridex financial crimes trojan. The scope of Locky’s delivery in its first full day of deployment is staggering. As our friends at Palo Alto Networks have shown, over 400,000 endpoints around the world were affected by this encryption ransomware in mere hours. As we pointed out in our recent piece on Dridex, nearly three quarters of Dridex samples in 2015 where delivered using some form of Office documents using macro scripts as a download tool.