Phishing Email Alerts
Catch of the Day: RAT Phish
Chef’s Special: Tricky Phish
Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet.
I would be delighted to accept suspicious phishing examples from you. Please forward your email to firstname.lastname@example.org.
My intention is to provide a warning, examples of current phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your own inbox. If the pictures are too small or extend off the page, double-clicking on them will open them up in a photo viewer app.
“In November 2020 Doctor Web virus analysts detected a phishing attack targeting corporate users. The emails in question contained trojan malware that covertly install and launch Remote Utilities software — a tool for remotely accessing another computer.”
By Roger Grimes. People often wonder, why are they being phished? Why are they being phished by a hacker in the first place? What does their organization have that some hacker decided they were noteworthy enough to be targeted in the first place?
Targeted vs. Random
Most organizations are hit by phishing randomly without special targeting. The originating phishing sender had the recipient’s email address, usually from buying or downloading a large bulk list of email addresses or the involved email address was scraped from some other hapless victim who was previously compromised.
The hacker and his/her phishing scam didn’t especially pick out a particular victim. They obtained tens of millions or even hundreds of millions of potential victims and their email addresses to send to all of them at the same time and/or over several phishing campaigns.
Email addresses from your organization just happened to be on the list. That is how the vast majority of phishing emails end up in an inbox.
The opposite possibility is that your organization was especially targeted, on purpose, by a hacker. For a variety of possible reasons, a hacker decided your company had a reason to be targeted, be it money, intellectual property, nation-state objective, and some other justification. Targeted spear phishing attacks are far less common, but harder to defend against.
This article by Roger Grimes is continued here:
Get inside the mindset of your adversaries to increase your chances of spotting a phish.
Here’s the latest Naked Security video – watch now (and please share with your friends)!