Category Archives: Cyber Attacks


Amazon Survey Phishing Emails Ramping Up

It’s time to be careful during the holidays, Amazon Survey Phishing Emails Ramping Up. If they are hard to belive stay away. Most of these survey phishing, emails are trying to scam you from your Personal Identifiable Information or Amazon Logins.

 

Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL. Here Are A Few Email TIPS

 

Read the rest

Top Email Phishing Scams

Email phishing scams have evolved to a point that makes it very difficult to tell which are real and which are fake. These days phishing emails are imitating legitimate brands and people to trick victims into providing money or providing credentials over an email or a fake landing page.

Roughly one in four Americans in constantly online.  According to Research, Email Phishing scams this is now the most likely place for identity theft to occur. Often, ID fraud can begin with the wrong click on a scam email.

Now you have been a victim or you want to know the best way to avoid online scams? Rule of thumb is question everything. Even emails from known peers. They may have been hacked and the hacker is sending scam emails in their behalf. We have reviewed the latest email scan types used to date that that just might fool even the … Read the rest


Identity Thieves Pushing New Chase Phishing Scams

Identity thieves continually develop new ways to obtain your personal information. I personally have gotten the latest Phishing email scam these thieves are using. Looks like these Hackers didnt stop at just hacking Chase but now also taking advantage of the Chase breach to do more harm to people. This email is not legitimate. If you get any emails like these, don’t respond to them. 

Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL. Here Are Read the rest


TrickBot phishing scams for 2019 tax season

Hackers are once again using the TrickBot banking trojan to exploit the tax season by pushing malicious Microsoft Excel spreadsheet documents via spam campaigns. IBM noticed a few different types of phishing emails are pretending to be from ADP and Paychex which are malicious emails spreading the TrickBot trojan.

“Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig. “Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”

An IBM security person mentioned:

“Once TrickBot is installed on a potentially vulnerable device and can reach other devices on the network, it can further spread and pivot,” researchers with IBM X-Force warned in a Monday

Read the rest

The 2019 Threat Report

The new norm with cybersecurity is discovering new attack methods and new threats which emerge daily and new vectors that are being tested by cyber criminals, according to the 2019 Webroot Threat Report.

According to the Webroot Threat Report:

  • 40 percent of malicious malware were found on good domains. , “Since legitimate websites are frequently compromised to host malicious content. Those who use intermediary devices without SSL inspection capabilities should be aware of potential loopholes in their security policies due to this behavior.”

 

  •  Home users are more than twice as likely be infected.
    Home users are not immune; their routers serve as the hub for networks and smart home devices (IoT), yet most users can’t log into their Linux-based routers to see what they are doing. Meanwhile a hacker can learn everything about a user’s environment, can redirect URLs, carry out man-in-the-middle attacks, and even inject cryptojacking scripts.
Read the rest

New Phishing Trick That Can Bypass Email URL Filters

There is a new Phishing trick that hackers have come up with, this trick is to make Office documents carrying malicious links undetectable by many email security services. They go about deleting the links from the document’s relationship file (xml.rels). This phishing trick has been seen by security professionals during email spam campaigns, these URL’s direct victims to a credential harvesting login page.

How does it work?

What makes up an office document? “Office documents (.docx.xlsx.pptx) are made up of a number of XML files that include all the font, image, formatting, and object information which make up the document,” Avanan researchers explain.

These xml.rels file maps the relationships within these doc files and with resources outside of the them. When the document includes web links, they are added to the xml.rels files.

How does your spam filter or antivirus goes about … Read the rest


Trickbot can now obtain your remote access credentials

The Banking Trojan called Trickbot has an updated ability and can now harvest your username and passwords from remote access type applications. This would allow the hacker to remote into systems using the username and password obtained.

TrendMicro Analysts stated “The malware arrives via an email disguised as a tax incentive notification from a major financial services company. This email includes a macro enabled (XLSM) Microsoft Excel spreadsheet attachment (detected as Trojan.W97M.MERETAM.A) that purportedly contains the details of the tax incentive. However, as these attachments usually go, this macro is malicious and will download and deploy Trickbot on the user’s machine once activated.”


The figure below is the email that someone will receive with the malware payload disguised as an attached excel document. Please be vigilant, don’t open an attachment unless you know who it is from & are expecting it.

 

You can be more safe by following the best Read the rest


Top Scam Emails You Should Be Vigilant About

Scam emails have evolved to a point that make it very difficult to tell which are real and which are fake. These days phishing emails are imitating legitimate brands to trick victims into providing credentials over a fake landing page.

Roughly one in four Americans in constantly online.  According to Research, Email Phishing scams this is now the most likely place for identity theft to occur. Often, ID fraud can begin with the wrong click on a scam email.

Now you have been a victim or you want to know the best way to avoid online scams? Rule of thumb is question everything. Even emails from known peers. They may have been hacked and the hacker is sending scam emails in their behalf. We have reviewed the latest email scan types used to date that that just might fool even the most experienced web surfer.

So What Are Most Common

Read the rest

Phishing Campaign Delivers A Double Hitter

A phishing attack is being sent with Word attachments that deliver both the Gandcrab ransomware and Ursnif executable.  This phishing campaign was detected by researchers at Carbon Black, this attack has hit infected systems with a lethal attack combination that harvests credentials, gathers system and process information and afterwards it encrypts data in order to extort payments from victims.

Jared Myers, senior threat researcher for Carbon Black stated “The campaign appears to be ongoing, as we are seeing additional payloads being posted on pastebin.com that are almost identical to the payloads that were leveraged to data extracted from our analysis of these samples.”

The Attack

The initial phishing emails included a Microsoft Word document that delivers the early stages of the attack. “The overall attack leverages several different approaches, which are popular techniques amongst red-teamers, espionage-focused adversaries and large-scale criminal campaigns,” said Carbon Black researchers in a Thursday analysis.

Read the rest