The Google Docs Hoax: What Have We Learned?

It has been a couple of weeks since the Google Docs hoax spread across the Internet like wildfire.  What have we learned about this exploit?

Originally this appeared to be a phishing campaign, but phishing emails are spoofed clever replicas.  These emails were the genuine article, and were sent from Google mail servers, from the hijacked Google accounts of people you were likely to know.  This made the exploit difficult to detect, ...

Continue Reading →
0

US-CERT Warns About Airline Phishing Scams

What if there was a new phishing scam that had an open rate of 90%.  That’s right, this phishing email is so believable, 90 out of 100 recipients open the the attachment or click on the link without a second thought.

These attacks begin with the scammer researching the target victim.  These targets usually work at companies where there is a lot of air travel. ...

Continue Reading →
0

New Exploit Uses Office Documents

A new exploit is using Microsoft Office documents to deliver malware.  This is different from the reanimated macro exploits.  If this exploit, the target will receive an Office document, such as a Word file, as an email attachment.  Opening the attachment causes a malicious HTML application to be downloaded from the attackers C2 server.  This is executed as an .hta file, disguised as an RTF file.  The result is the attacker ...

Continue Reading →
0

Scam Claims Your Tax Preparer Was Breached

We heard about a new twist all the Income Tax refund scam that is popular with cyber-criminals this time of year.  A March 27th email from the Minnesota Society of CPAs, warns about a scam that is appearing on the east coast, but could spread anywhere in the US.

“…the email scam claims a tax preparer has been victimized [or breached] and asks users to open a PDF ...

Continue Reading →
0

Protecting Your Financial Assets

Almost all cyber-crime is about making money for the crooks.  Often this involves stealing valuable information that can be sold.  But many criminal gangs are going straight for the cash, and often this involves bank and financial account fraud or financial account access.

Below we have a list of strategies you can use to protect your financial resources.

  • Use a credit card ...
Continue Reading →
0

Keeping Your Personal Data Safe – Is It Impossible?

Believe it or not, two out of three people in the United States have had their personal information stolen by cyber-criminals.  The likelihood is that this has already happened to you, and if not, it will happen eventually.  And if it has happened, it will probably happen again.  Why is this?

Even if you never click on a phishing email, and ...

Continue Reading →
0

Top Cyber Threats for 2017

2017 is promising to be another difficult year for cyber-defenders who are protecting company and government networks from attack.  Here are what I think will be the top attack vectors this year.

Business Email Compromise

CEOs and other C suite officers will increasingly be targeted for email account hijacking.  This is an easy exploit to run because high ranking employees and officers often are ...

Continue Reading →
0

Should You Use Domain Privacy?

I will start out by admitting that I hate Domain Privacy.  But I just read a story in Naked Security on February 9th that is causing me to reevaluate my opinion.  It turns out that the new White House press secretary, Sean Spicer, has a personal website at www.seanspicer.com.   The website has been turned into a private site, but the WHOIS record ...

Continue Reading →
0
Page 6 of 7 «...34567