When we think of Greek-themed malware, the trojan family generally comes to mind. Not anymore, Sigma is a new ransomware delivered via phishing email.
Part 2 In part 1, we looked at the trend of phishing attacks targeting the real estate business, including home buyers who unwittingly wired money (millions) to criminals. Recently, CNBC reported the story and followed up with an interview of PhishMe® CEO and Co-founder Rohyt Belani.
Recently, PhishMe® recorded suspicious messages that spoofed bnm.gov.my, the domain for the central bank of Malaysia, Bank Negara. The emails concerned a Funds transfer. Figure 1 Initial phishing message Red Flags Right Away The spoofed sending address belongs to a U.S.-based employee account on a high-reputation .ORG domain. (Red Flag number 1: The friendly portion of sender name does not match the email address.) Addresses on .ORG and addresses on university (.EDU) domains are frequently used to bypass spam filters that are set to allow messages through only when they appear to be coming from a sending domain with a...
Back in June, PhishMe® launched our free computer-based training module on GDPR compliance. The feedback has been great, including urgent requests to make the training available in other languages.
Recently, CNBC reported on phishing scams in real estate, following up with an interview of PhishMe® CEO and Co-founder Rohyt Belani. Real estate is a bullseye for enterprising phishers. Often, the scammer is attempting wire fraud, trying to induce someone to make an electronic transfer of funds.
Less than a week after a Sensepost blog highlighted how to abuse Microsoft Office functionality to deliver malware to systems via phishing messages, PhishMe® observed attackers abusing this feature of Microsoft Windows. This highlights how quickly malicious actors capitalize on such revelations, outpacing many organizations’ abilities to understand and respond to emerging threats.
Petya. NotPetya. Now BadRabbit. Ransomware keeps evolving and wreaking havoc worldwide. There’s no evidence that phishing emails have delivered Bad Rabbit, the new ransomware strain which hit Russian, Eastern European and some U.S. networks this week. But nonetheless at PhishMe, BadRabbit has caught our eye.
It’s fitting that National Security Awareness Month ends on Halloween. It’s the time to contemplate scary things, whether ghouls, men in lederhosen stumbling about with steins or the real deal, phishing emails loaded with ransomware.
BY MIKE SAURBAUGH AND GEOFF SINGER Visualize Phishing Relationships with PhishMe Intelligence™ and Maltego Fishing (without the “P”) is not a lot of fun when you just drop a line in the water and hope for the best. When fishermen want to see where the fish are, they look to the fish finder on the bridge to “look underwater” to find schools of fish. Similarly, when an analyst is looking to “catch” a phishing campaign, correlating the attacker’s campaigns and their payloads can benefit by being able to visually graph and link phishing threats. PhishMe Intelligence combined with Maltego can...
Do we really need another Halloween-themed security blog? Yep. We do. Not because our edgiest holiday triggers more cyber threats. No, Halloween season is scary because it’s been absorbed by the winter holidays—the spendiest, cyber-riskiest time on the retail calendar, beginning in mid-September and lasting until…it ends, right?