How Web Addresses Are Spoofed

One of the tactics that I am seeing more often is the clever use of web address spoofing in the web sites and landing pages used in phishing emails.  This sort of spoofing has been used successfully even against people who have been training to detect phishing emails, and to check link destinations (using the hover trick) and double check web addresses in the browser address bar.

Here are some techniques that ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


 

IC3 Releases Alert on Gift Card Scams

08/02/2017 10:08 PM EDT Original release date: August 02, 2017

The Internet Crime Complaint Center (IC3) has released an alert warning consumers of music gift card scams. This type of scam targets victims, gains their confidence, and tricks them into providing gift card information.

To stay safer online, review the IC3 alert on Continue Reading →

0

Not All Attacks Are Cyber Attacks – Watch For Phone Scams Too

As long as we are on the subject of telephone fraud, here is a post inspired by a recent article from Naked Security.  It reminded me that not all attacks are high-tech cyber-attacks.  The phone is still an effective tool used by criminals to extract cash from their victims, and the losses can be in the thousands.

Here are some different scams run by these scammers:

  • Tech support scam:  Callers ...
Continue Reading →
0

Email Account Hijacking – Part 4 Prevention and Dectection

Last week we went deep on the subject of just how bad losing control of your email account can be.  Today we are wrapping up the four-part series with solutions to help you prevent email account compromise from happening, how to detect if it has already happened to you, and how to recover if that is the case.

Prevention is the best solution.  Your email account is one of the crown jewels ...

Continue Reading →
0

Email Account Hijacking – Part 3 Extending the Exploit

On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker.  Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.

They have already proven that you are susceptible to phishing and other social engineering exploits.  So sending the victim other phishing emails that allow more access ...

Continue Reading →
0

What Can I Do With A Hijacked Email Account? Part 2

On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password.  Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.

I consider email account compromise to be one of the most personally harmful cyber-exploits.  When another person has access to your email ...

Continue Reading →
0

What Can I Do With A Hijacked Email Account? Part 1

Let’s say I just hijacked your email account.  What can I do with it?

First thing, a hijacker would not announce his or her presence in your account.  Staying undetected is important so you do not change your password.  Depending on what the attacker is doing with your email account, there is a significant probability that you would not know your account was compromised for several days, weeks, or even years!

In order ...

Continue Reading →
0

Speaking at 2017 ISSA International Conference

I am honored to be presenting at the 2017 ISSA International Conference, October 9-11 in San Diego, CA. This year’s theme is “Digital Danger Zone.” Please join me for networking, education, and fun.

I will be presenting “Shields Up for WordPress Web Sites and Blogs.”  This presentation covers the threat of website hijacking, what an attacker wants to do with your website, ...

Continue Reading →
0

Ransomware is not Dead Yet

Toward the end of last year I made a pair of bold predictions.  The first, that ransomware exploits would start declining, because anti-malware software companies were bringing products online that would prevent the encryption from taking place.  The second, there would be an increase in Business Email Compromise (BEC) exploits, as cyber-criminals turned to new income streams.  I was only half right.

BEC exploits have increased, because the potential returns are so ...

Continue Reading →
0
Page 3 of 4 1234