Phishing Archives - Infinity Network Solutions

[Heads-Up] Warn Your Employees. This Is the Year That Sextortion Spear Phishing Is Skyrocketing..

Jayne — Tue, 07 Aug 2018 14:01:32 +0000

[Heads-Up] Warn Your Employees. This Is the Year That Sextortion Spear Phishing Is Skyrocketing…

Intrepid cyber-investigative reporter Brian Krebs noticed that a story published on his blog July 12 about a new sextortion-based spear phishing scheme—which uses a real password used by each recipient—had become his most-read piece since his site launched in 2009.

He commented: “And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack).

But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale.

And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.”

Krebs is right, this is only the start and most of these passwords were old. Cyber criminals test scams like companies test marketing campaigns and if the response rate is high enough in the beta, they go full-scale.

The Problem: 50% of Casually Dating Men Watch Porn Weekly

The Institute for Family Studies recently confirmed what everyone more or less already knew, but since last year there are hard numbers. Men are more likely than women to view pornography, and this is particularly true of viewing porn regularly on a daily or weekly basis.

A whopping 50% of casually dating men watch porn weekly, and this percentage only drops to 40% when they are seriously dating, and 20% for engaged or married.

Unfortunately, looking at this from a “criminal marketing perspective” the total addressable extortion market is massive.

Cyber gangs will start using fresh hacks, with recent and real passwords, highly likely combined with other personal data that was sourced from the dark web and appended to the record using big data technology. This method is also going to be used by the tech support scam artists in a variety of ways.

It’s almost a matter of: “What took you so long?”, I have been warning you here for a while that this was imminent.

Phishing Continues to Be on the Rise in 2018

The Anti-Phishing Working Group (APWG) most recent report (link to PDF in blog) covers the phishing trends found in Q1 of 2018.
https://blog.knowbe4.com/phishing-continues-to-be-on-the-rise-in-2018

The highlights of the report included:

Over 11,000 phishing domains were created in Q1
The total number of phishing sites increased 46% over Q4 2017
The use of SSL certificates on phishing sites continues to increase to lull visitors into a false sense of security and site legitimacy.

All three of these trends add up to one thing – the bad guys are rapidly becoming more sophisticated. The higher the threat levels they can establish through targeted spear phishing attacks which leverage very private information, the more successful the campaign.

I suggest you send the following to your employees. You’re welcome to copy, paste, and/or edit. You might want to coordinate with HR on this one.

Sextortion is a serious internet crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.

Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.

Turn off [and/or cover] any web cameras when you are not using them.

If you receive an email that claims they have video of you viewing pornography, do not answer, delete the scam email and do not pay any amount in any form.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).

Full blog post with links to articles. Please forward this one to your peers:
https://blog.knowbe4.com/heads-up-warn-your-employees.-this-is-the-year-that-sextortion-spear-phishing-is-skyrocketing?

The post [Heads-Up] Warn Your Employees. This Is the Year That Sextortion Spear Phishing Is Skyrocketing.. appeared first on Infinity Network Solutions.

Attacks Evolving – Phishing via XPS Files

Jayne — Fri, 13 Jul 2018 20:28:13 +0000

Uptick in Phishing Attempts via XPS file extensions

We’ve seen it time after time, malicious actors routinely attempt to confuse recipients of messages with obscure or lesser-utilized file extensions.

Over the past month, some phishing attempts using xps files instead of the typical pdf or doc/docx formats have been captured by our filters. The xps file format is Microsoft’s alternative to pdf files. Windows machines with Vista or later operating systems natively support this extension with Windows xps file viewer. Actors have started taking advantage of this lesser-utilized format for their phishing campaigns.

Phishing Examples

Our SecureTide email filtering has captured a wide range of these phishing messages. So far, they appear to be attributed to threat actors currently conducting Business Email Compromise (BEC) attacks. Attacks originate from legitimate (compromised) senders with the similar techniques, tactics, and procedures. Below is an example which could easily dupe unsuspecting users.

Viewing the XPS File

Users should not open or view unsolicited attachments, even from a known sender without intense scrutiny and/or verification. Scammers do exploit the trust that known contacts share. Hopefully a user will never see one of these, however, this is what these attached files look like when opened in an isolated test environment.

Linked Phishing Portals

If the user happens to click on the link in the attached xps file (pictured above), below is an example web phishing portal they might encounter. For this particular one, the first screen requests their email address. If they proceed with entering it, the next image shows the resulting page requesting their email credentials.

After entering email address:

Filter Evasion Techniques

Malicious actors are attempting to use filter evasion techniques. They break up the suspicious phishing text via canvas clip mappings inside deeply embedded fpage files. An image portion below displays how they used multiple canvas clip mappings to stitch together the words, “open with your professional email login credentials.”

Minimal Anti-Virus Signatures for XPS Files

Most anti-virus engines do not have many phishing rules setup for the xps extensions like they would for more commonly used ones. We can see this example received 0/60 hits when processed thru a popular anti-virus engine aggregator.

AppRiver Protection

There is no shortage of spam, malware, phishing, or nefarious websites AppRiver’s staff and systems continuously protect and defend against. Malicious actors work around the clock, therefore, we at AppRiver work even harder to stay one step ahead. Our team is here 24/7 365 days a year protecting and supporting clients and partners from security threats.

POSTED BY DAVID PICKETT IN DIGITAL DEGENERATE, PHISHING, SECURETIDE, SECURITY RISKS, TECH NEWS

https://blog.appriver.com/2018/05/bec-attacks-evolve-to-phishing-via-xps-files-appriver

The post Attacks Evolving – Phishing via XPS Files appeared first on Infinity Network Solutions.

Why Phishing Attacks Persist Despite Increased Awareness

wanda@mchargmarketing.com — Fri, 27 Nov 2015 15:26:13 +0000

Phishing attacks are not going away.

They remained a steady tactic used by cybercriminals throughout the first half of 2017, according to the Phishing Activity Trends Report recently released by the Anti-Phishing Working Group (APWG), an international coalition of industry, government, law enforcement and nongovernmental organizations.

In phishing attacks, scammers use fraudulent websites and false emails. Perpetrators attempt to steal personal data, most commonly passwords and credit card information.

The number of unique phishing email campaigns averaged around 98,000 per month in the first half of 2017, with a spike of 121,000 in March. The spike may have been tied to an upswing in the W-2 email phishing scam that the IRS warned about in February. The APWG report contained a number of interesting insights on phishing activity so far this year.

Those launching phishing attacks continued a years-long trend of focusing on only a few hundred companies at a time. This limited scope reflects the additional time and money needed to carry out a successful phishing attack.

Those organizations in the bullseye are attacked on a regular basis from every few weeks to every day, with a small group of firms being targeted more intermittently.

The Industries Targeted Most by Phishing

Among industries targeted by phishing cybercriminals, the payment industry was in the crosshairs 45 percent of the time, with the financial industry and Software as a Service/webmail industry filling out the top three at 16 percent and 15 percent, respectively.

This is a big upsurge in focus on the payment industry, which accounted for only 11 percent of phishing attacks in the fourth quarter of 2016, according to an earlier APWG report.

Attackers are increasingly using free hosting providers as one of the resources to build their campaigns, notes APWG contributor Crane Hassold, manager of threat intelligence for PhishLabs.

“These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site,” Hassold says in the APWG report.

While the total numbers of free hosting-based attacks increased from 1,323 in January to 1,939 in June, the use of free hosting services continued to trend at about 10 percent of the total number of attacks each month.

APWG contributor Axur, a digital risk monitoring company located in Brazil, notes the heavy use of social media platforms such as Facebook, Instagram, LinkedIn and YouTube as phishing attack vectors in South America. Many of these attacks involve users being served up fake login pages that collect username and password information. These platforms accounted for about 39 percent of all phishing attacks among Latin American countries in the second quarter of 2017.

Alexander Slagg, Biz Tech, www.biztechmagazine.com

The post Why Phishing Attacks Persist Despite Increased Awareness appeared first on Infinity Network Solutions.