Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means of initiating a breach against individuals and organizations, even in 2020. The tactic is so effective, it has spawned a multitude of sub-methods, including smishing (phishing via SMS), pharming, and the technique du jour for this blog: spear phishing. But first, a quick parable. A … [Read more...]
January 29, 2020
November 26, 2019
September 23, 2019
Emotet malspam campaign uses Snowden’s new book as lure
Exactly one week ago, Emotet, one of the most dangerous threats to organizations in the last year, resumed its malicious spam campaigns after several months of inactivity. Based on our telemetry, we can see that the botnet started becoming chatty with its command and control servers (C2), about a week or so before the spam came through. Figure 1: Communications with Emotet C2s over 90 … [Read more...]
September 16, 2019
Emotet is back: botnet springs back to life with new spam campaign
After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control (C2) server activity. But this morning, the Trojan started pumping out spam, a clear indication it’s ready to jump back into action. The malicious … [Read more...]
June 5, 2019
Not Today, Scammer!
A brief glance through my Spam folder in MDaemon Webmail today reminded me of the need for on-going education on the topic of phishing and Business Email Compromise (BEC) scams. Because businesses have already lost millions of dollars to these scams and continue to fall victim every day, it bears repeating that, while spam filters and email gateways continue to improve, no solution is 100% … [Read more...]
February 20, 2019
Another day, another attempt to scam me – but I know a phishing attempt when I see one!
It’s just a fact of life: If there’s email, there will always be spam. Now, how much spam you have to deal with will depend on how good your spam filtering solution is. Here at MDaemon Technologies, we use our own products – MDaemon and Security Gateway, to filter out spam, malware, phishing attempts, and all of the other junk that often floods inboxes of users whose email server … [Read more...]
February 13, 2019
Businesses: It’s time to implement an anti-phishing plan
Businesses: phishers aren’t just coming for you. They’re coming for your employees and your customers, too. Phishing attacks are on the rise this year, thanks in part to massive Emotet and TrickBot campaigns, which make use of phishing emails to deliver their payloads. If you don’t already have one in place, then it’s time to implement an anti-phishing plan. Where phishes are … [Read more...]
February 11, 2019
December 11, 2018
Data scraping treasure trove found in the wild
We bring word of yet more data exposure, in the form of “nonsensitive” data scraping to the tune of 66m records across 3 large databases. The information was apparently scraped from various sources and left to gather dust, for anyone lucky enough to stumble upon it. What is data scraping? The gathering of information from websites either by manual means, which isn’t time optimal, or by automated … [Read more...]
December 11, 2018
Seedworm Operation Spreads Malware via Phishing Attacks
2018 has been a busy year for new threats spread via email, with spear-phishing and Business-Email-Compromise (CEO fraud) the rising star for cyber-criminals intent on draining your bank account. Recent victims include Google and Facebook ($100 million lost), McEwan University (almost $12 million lost), a New York judge ($1 million), and a Dutch cinema chain (over $21.5 million). These threats … [Read more...]
