dcsimg

What Google learned from 1 billion evil email scams

Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. “Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk” looked at more than a billion mails. The results were then fed into a presentation at the Internet Measurement Conference. After digging in to … [Read more...]

November spam roundup: Stalkers, property tips, porn, stern words and PayPal

Today we’re rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatever’s lurking in your mailbox. A full house of spam Whether by accident or design, you may see spam land in your inbox … [Read more...]

QBot Trojan delivered via malspam campaign exploiting US election uncertainties

This blog post was authored by Jérôme Segura and Hossein Jazi. The 2020 US elections have been the subject of intense scrutiny and emotions, while happening in the middle of a global pandemic. As election night ended and uncertainty regarding the results began to creep in, threat actors decided to jump in on it too. Those tracking the threat landscape know very well that major world events … [Read more...]

Malspam campaign caught using GuLoader after service relaunch

They say any publicity is good publicity. But perhaps this isn’t true for CloudEye, an Italian firm that claims to provide “the next generation of Windows executables’ protection”. First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to distribute malware on a large scale. In June, CloudEye was exposed by … [Read more...]

It’s baaaack: Public cyber enemy Emotet returns to terrorize more victims

This blog post was authored by Jérôme Segura and Hossein Jazi After over four months of absence, the dreaded Emotet has returned with a vengeance. Following several false alarms over the last few weeks, a spam campaign was first spotted on July 13 showing signs of a likely comeback. The Emotet botnets started pushing malspam actively on Friday, July 17, using the same techniques as before. … [Read more...]

When the coronavirus infodemic strikes

Social media sites are stepping up their efforts in the war against misinformation… specifically, the coronavirus/COVID-19 infodemic. There’s a seemingly endless stream of potentially dangerous misinformation flying around online related to the COVID-19 pandemic, and that could have fatal results.It’s boomtown in fake-news land riding high on the wave of people being left with their tech … [Read more...]

Discord users tempted by bots offering “free Nitro games”

The last few weeks have seen multiple instances of problematic bots appearing in Discord channels. They bring tidings of gifts, but the reality is quite a bit different. Given so many more young kids and teens are at home during the current global lockdown, they may well see this scam bouncing around their chat channels. Worried parents may want to point them in this direction to learn about the … [Read more...]

Coronavirus Bitcoin scam promises “millions” working from home

In the last week, we’ve seen multiple coronavirus scams pushed by bad actors, including RAT attacks via fake health advisories, bogus e-books working in tandem with Trojans, and lots of other phishing shenanigans. Now we have another one to add to the ever-growing list: dubious coronavirus Bitcoin missives landing in your inbox. Reworking a classic spam tactic This is a retooling of an older spam … [Read more...]

Spear phishing 101: what you need to know

Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means of initiating a breach against individuals and organizations, even in 2020. The tactic is so effective, it has spawned a multitude of sub-methods, including smishing (phishing via SMS), pharming, and the technique du jour for this blog: spear phishing. But first, a quick parable. A … [Read more...]

Sextortion scammers getting creative

We’ve covered sextortion before, focusing in on how the core of the threat is an exercise in trust. The threat actor behind the campaign will use whatever information available on the target that causes them to trust that the threat actor does indeed have incriminating information on them. (They don’t.) But as public awareness of the scam grows, threat actors have to pivot to less … [Read more...]