You have to look at the totality of an email to determine whether it is a phishing attack or not. I’ll admit it, I’m guilty. When I get a phishy-looking email, the first thing I do is hover over the URL to see if it is legitimate-looking or not. And, most phishing emails do contain […]
Healthcare Sector Still Sustains Phishing Campaigns
No one should take too seriously the high-minded things criminals sometimes say about how they’re restraining themselves during the pandemic, and that they’re going to avoid hitting hospitals and biomedical research organizations. If anything, attacks on such targets have increased in recent months, and phishing is the usual approach. The goal of the phishing attacks […]
Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource
A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code. I’ve written about phishing attacks targeting GitHub users previously. But this month, users of GitHub partner DeepSource were notified of a security incident in which at least one of DeepSource’s employee credentials […]
Pyongyang’s Phishing with Job Offers
An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, according to researchers at ESET. The campaign, which the researchers call “Operation In(ter)ception,” used social engineering attacks on LinkedIn to trick employees into opening malware-laden documents. […]
U.S. Government Issues Warning About Possible Iranian Cyberattacks
Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. Gen. Qassim Suleimani was killed by a U.S. airstrike at the Baghdad airport in Iraq. “Given recent developments, re-upping our statement from the summer,” Krebs said in a rare […]
WIRED: “The Decade Big-Money Email Scams Took Over”
Excellent article in WIRED, where they observed that In the last few years, the “Nigerian prince” scams have gotten a major upgrade. Here is an extract and a link to the full article: “For a long time cybercriminals believed that the money was within the masses,” says Crane Hassold, senior director of threat research at […]
Whaling: Like Phishing, but After Bigger Game
Organizations have to acknowledge their responsibility for ensuring their employees are able to recognize targeted phishing attacks, according to James McGachie, Legal Director of DLA Piper Scotland. Writing in The Herald, McGachie explains that sophisticated spear phishing attacks designed to steal large amounts of money (also known as “whaling”), should be of special concern to […]
Spear Phishing in the Royal Canadian Mint
The Royal Canadian Mint, which produces Canada’s coins, nearly sent an employee’s paycheck to an attacker following a spear phishing attack, CBC News reports. The attacker sent an email to the Mint’s HR department while posing as an employee and requested that the department change the employee’s bank account details. The HR worker who received […]
Google Sent 12K Nation-State Phishing Warnings In Three Months
Google’s Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported. TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog […]
Click Confessions of a Security Expert
As a “human security” expert, I used to take a lot of pride in my well-honed security hygiene. Yeah… that all ended back in early 2017 when I joined KnowBe4. You see, up until that time, I’d received a number of simulated phishing, attempted real phish, and I’d even run my own simulated phishing programs […]