Friday Phish Fry

Phishing Email Alerts

Catch of the Day: Top Attack Vector
Chef’s Special:  Speedy Ransomware
Also serving:  Polyglot Phish

Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

Phishing Tops the List as the Most Costly Initial Attack Vector in Data Breaches

After you come to grips with the massive average cost of a data breach to an enterprise organization measured in the millions, it’s time to look at the factors that increase – and lower – that cost.

According to IBM’s recently-released 18th edition of their Cost of a Data Breach Report, we find that this year’s average cost is $4.45 million. That’s a staggering number, but what about the contributing factors? What can orgs learn beyond “don’t become a victim – it’s expensive”?

Let’s take a look at the initial attack vectors to see how they affect the average cost. According to the report, data breaches that began with phishing – on the average – are more expensive, coming in at $4.76 million. Phishing represented the initial attack vector in 16% of the studied cases for this report, putting it in first place for the most common initial attack vector.

[BLOG POST CONTINUED] with IBM graph showing cost and frequency of data breach by initial attack vector:

Speed of Ransomware Attacks Increased Significantly in 2023

Sophos’s 2023 Active Adversary report for Tech Leaders has found that the speed of ransomware attacks has increased significantly since the beginning of 2023: “One key finding in the report is that the time available to respond to a ransomware attack has dwindled to nearly half of what it was at the start of the year.

“The median dwell time in ransomware attacks dropped from nine days in 2022 to just five days in the first half of 2023. With adversaries accelerating the execution of their attacks, defenders have less time to detect and stop them before files are encrypted.”

The report also found that in all types of attacks, the average time to gain control of Active Directory is just sixteen hours. OUCH.

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file.

The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

“A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF,” researchers Yuma Masubuchi and Kota Kino said. “If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors.”

Such specially crafted files are called polyglots as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC).



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.