Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Email Security

Spear Phishing: Everything You Need to Know

By now, pretty much anyone who uses email is familiar with the term “phishing,” and is aware of the prevalence of phishing scams. However, the term “spear phishing”—and what it means exactly—might be a bit more elusive. Essentially, spear phishing is a more targeted and socially engineered version of a spray-and-pray, bait-and-hook, phishing email.

BEC in 60sec - Business email compromise

In this video, we’ll provide an in-depth explanation on business email compromise. Learn more about BEC here: Business email compromise, or 'BEC', presents a growing problem for organisations of all sizes. In fact, over 6,000 businesses are targeted each month, making the UK the second most targeted region (26%) after the US (39%). That's why you and your colleagues should be aware of the tell-tale signs of a BEC attack and what you can do to avoid falling prey to phishing attempts. Do you have any questions about business email compromise? Let us know in the comments section below!

Dissecting a Phishing Campaign with a Captcha-based URL

In today’s environment, much of the population are doing their bank or financial transactions online and online banking or wire transfers have become a huge necessity. Recently, we received a phishing email that is targeting PayPal accounts. The email header contains an alarming subject and the From: address is a spoofed PayPal-like domain. The Message-Id is also highly suspicious as it uses web hosting site DreamHost which is not related to PayPal.

The Attack of the Chameleon Phishing Page

Recently, we encountered an interesting phishing webpage that caught our interest because it acts like a chameleon by changing and blending its color based on its environment. In addition, the site adapts its background page and logo depending on user input to trick its victims into giving away their email credentials. We see an email with the “initial” URLs in the example below: Figure 1. The raw phishing email showing the URLs, purporting to be a fax message that needs to be accessed.

Five worthy reads: New names, similar games-The evolution of phishing

Illustration by Derrick Deepak Roy Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore phishing attacks and how they’ve evolved in recent times. Way back in the 1990s, or so the story goes, users unwilling to pay for access to the internet would hunt for others’ login credentials to keep browsing for free.

New Formbook Campaign Delivered Through Phishing Emails

Since the beginning of 2022, the unfolding geopolitical conflict between Russia and Ukraine has resulted in the discovery of new malware families and related cyberattacks. In January 2022, a new malware named WhisperGate was found corrupting disks and wiping files in Ukrainian organizations. In February 2022, another destructive malware was found in hundreds of computers in Ukraine, named HermeticWiper, along with IsaacWiper and HermeticWizard.

Phish.ly is in your corner, scanning suspicious emails with Tines and urlscan.io

Phishing remains a problem for everyone and any tool that helps is valuable. This post was prompted by the ongoing usage of our free Phish.ly service that we see every day, as people discover the tool and derive enormous benefit from it. If you want to evaluate a suspicious email right now, you need read no further. Just forward that email immediately to scan@phish.ly to get a response quickly from the service.