One of the tactics that I am seeing more often is the clever use of web address spoofing in the web sites and landing pages used in phishing emails. This sort of spoofing has been used successfully even against people who have been training to detect phishing emails, and to check link destinations (using the hover trick) and double check web addresses in the browser address bar.
Here are some techniques that ...
Continue Reading →Most of us have been using web addresses for years without really understanding how they work. Today we are going to try to demystify the web address for you. Web addresses are basically “rented” for a period of time from a Domain Name Registrar, and are part of the Domain Name System (DNS). DNS changes the easy alphanumeric domain names we use into numerical IP addresses that computers and web ...
Are you are the owner of a business, or the CEO or other C-level employee? You are prime target for cyber-criminals. Specifically, your email account is a highly desirable target that can be used to impersonate you for invoicing, payment interception, or wire transfer fraud.
If you think you are too small to be a target, you are wrong. I worked on a case of a seven-person company whose owner had an MSN email account. They sent an invoice by email ...
Continue Reading →
According to a recent article on Naked Security, not at all hard. While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.
Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400. And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system ...
Continue Reading →
Last week we went deep on the subject of just how bad losing control of your email account can be. Today we are wrapping up the four-part series with solutions to help you prevent email account compromise from happening, how to detect if it has already happened to you, and how to recover if that is the case.
Prevention is the best solution. Your email account is one of the crown ...
Continue Reading →On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker. Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.
They have already proven that you are susceptible to phishing and other social engineering exploits. So sending the victim other phishing emails that allow more ...
Continue Reading →On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password. Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.
I consider email account compromise to be one of the most personally harmful cyber-exploits. When another person has access to your ...
Continue Reading →Let’s say I just hijacked your email account. What can I do with it?
First thing, a hijacker would not announce his or her presence in your account. Staying undetected is important so you do not change your password. Depending on what the attacker is doing with your email account, there is a significant probability that you would not know your account was compromised for several days, weeks, or even years!
In ...
Continue Reading →FBI Releases Article on Protecting Business Email Systems
05/31/2017 07:45 PM EDT
(***Watch for our 4 part series on Email Account Hijacking starting Monday***)
The Federal Bureau of Investigation (FBI) has released an article on Building a Digital Defense with an Email Fortress. FBI warns that scammers commonly target business email accounts with phishing and social engineering schemes. Strategies for preventing email compromises include avoiding the use of free web-based email accounts; using multi-factor ...
Continue Reading →I recently gave a presentation titled “Email Security – Resist That Click” on May 23 2017 at the Phipps Theatre in Hudson WI. This event was sponsored by First State Bank and Trust of Bayport MN. I was also asked to present this topic at the MnCCC Conference (Minnesota Counties Computer Consortium) in Alexandria MN on Wednesday June 7, 2017. This presentation was titled “The War for Tour Inbox.”
First State Bank and Trust had my presentation video recorded, and it ...
Continue Reading →