US-CERT Warns of Continuous Exposure to Zero-Day Phishing Campaigns

Share Button

zero-day phishing On August 1st, US-CERT published an advisory titled, “TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations”. One of the vulnerabilities leveraged in these new phishing campaigns is a use-after-free (UAF) vulnerability in Adobe Flash (CVE-2015-5119). This vulnerability is particularly interesting because it was leaked as a result of the hack and subsequent dump of HackingTeam’s email and source code. What is interesting here is not the existence of the vulnerability, but how this case underlines the massively asymmetric situation that defenders find themselves in. Read more

Advisory: Fake Japanese E-Commerce Sites Used for Fraud

Share Button

We have discovered a new fraud trend taking place in Japan and China. The scheme consists of completely fake e-commerce sites, solely created with the intention of stealing credit card information from the buyers (victims). These sites don’t actually sell anything – they are designed for the sole purpose of capturing credit card data, to be used fraudulently elsewhere.

The following images capture different shopping sites, featuring products with a wide range of prices and brands, advertising different payment methods, including major credit cards like Visa and Mastercard, as well as alternative methods like Western Union.

Read more

New Version of Browsing Solution Includes Splash Screens, User Identifier Capture

Share Button

keyloggerDetect Safe Browsing (DSB), our secure browsing solution, now makes it even easier to defend users against the advanced malware that enables man-in-the-middle and man-in-the-browser attacks. Previous editions of Detect Safe Browsing enabled organizations to get real-time visibility into the security of the end-user device, including information on whether the device contained any malware that might give cybercriminals the ability to perform fraudulent transactions. Read more

How Can You Make Your Anti-Fraud Program More Effective?

Share Button

Anti-fraud programAccording to a recent study, 62% of companies were subject to payments fraud in 2014, with 19% of organizations losing more than $250,000. In addition to tangible losses, there’s negative impact that can’t be measured including stockholder trust, employee morale and most importantly, the reputation of the company and its ability to gain and/or retain business. Read more

Why Are Phishing Attacks Still Effective? And What to Do

Share Button

Phishing attacks still effectiveThe e-mail reads, “Click here to download your report.” It appears to be from a credible source, but the link leads to a website created solely for the purpose of information theft. Cybers-cammers strike again using phishing e-mails to trick recipients into clicking on links and typing in their personal information. In most instances the user has no idea they have walked right into a trap. According to findings recently released by Intel Security, 97% of people globally are unable to correctly identify phishing e-mails. Read more

FORTUNE: Banks Put Hacked Credit Cards on Watch Lists to Help Reduce Fraud Costs

Share Button

hacked credit cardsFortune Magazine penned an article recently, on how banks are putting hacked credit cards on ‘watch lists’, rather than canceling them immediately, thereby helping banks (and therefore their end users), reduce the overall cost of fraud to an organization. Read more

Leveraging DMARC to Combat Growing Spear Phishing and Insider Attacks

Share Button

growing spear phishingFor the greater part of 2015, both the FBI and the U.S. Secret Service have issued warnings that 2015 could be the year of Spear Phishing. Recently, the U.S. Secret Service issued a new bulletin, warning again that they are seeing a “significant increase in the frequency, sophistication, and fraud losses” associated with these new attacks. Read more

New .bank gTLD Launching Today Requires DMARC—Will It Matter?

Share Button

.bank gTLDAfter much effort on behalf of a coalition of organizations and individuals to build security requirements around the generic top-level domain (gTLD) “.bank”, banks will be able to register their unique gTLD starting today (June 24). Now it’s up to the financial services institutions themselves to ensure that customers and organizations benefit from the domain, which advocates assert is more secure than .com. Read more

Silver Linings to LastPass Hack

Share Button

LastPass HackLast night, password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users’ email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords.

 

Read more

OPM Breach: From Bad to Worse

Share Button

OPM BreachLast week, millions of government employees were probably quite nervous to hear that their personal data had been stolen by hackers (likely from China), who gained access to a trove of data from the Office of Personnel Management. This week, the same office is opening up even more government employees to more risk, based on their response to the breach. The OPM announced that they will notify all impacted individuals by email, which makes not only the affected individuals, but also anyone else who is worried that they might be affected, now a ripe target for a phishing attack.

Read more