PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

URL Shorteners are the Fraudster’s Friend

BY Heather McCalley IN Malware Analysis

URL shorteners are a great tool to share a web address without a lot of typing. PhishMe Intelligence™ recently observed malicious actors using these services to evade security controls. They use these services to conceal the actual URL and bypass controls put in place to block known malicious domains.

READ MORE

0 comments

Microsoft Word DDE Abuse Tactics Spreads to Locky, Trickbot, and Pony Malware Campaigns

BY Mollie Holleman IN Malware Analysis

In a recent Strategic Analysis, we outlined how malicious actors leveraged Microsoft Office’s Dynamic Data Exchange (DDE) protocol functionality to compromise victims with Chanitor malware within days of SensePost publicly disclosing the risks. PhishMe® has since observed the weaponization of this tactic to deliver other types of malware in several campaigns that support some of the most lucrative current online criminal operations.

READ MORE

0 comments

“But It Looked Like It Came from IT!” – Focusing on Credential Phishing Trends

BY Heather McCalley IN Malware Analysis

Phishing websites are designed to steal usernames, passwords, and additional PII when unsuspecting victims are enticed to log in. Credential phishing intelligence is used to hunt, detect, and block access attempts to spoofed sites as well as to raise awareness about the latest tactics, techniques, and procedures used with credential and malware phishing campaigns. The new credential phishing feature from PhishMe Intelligence™ delivers additional information to help defend against credential-gathering attacks. The credential phishing intelligence is available via the PhishMe Intelligence API and portal. This blog is the first in a series about credential phishing in the enterprise. Credential Phishing…

READ MORE

0 comments

Black Friday Spam Alert: How to Shop Safe Online this November

BY Gary Warner IN Internet Security Awareness

As Black Friday draws near, it seems that every company with anything to sell is sending emails to advertise their specials. Consumers can expect to see emails from all sorts of major retailers: Amazon, Dell, Fry’s, Home Depot, Khol’s, Microsoft, and everyone under the sun, with some really great deals. However, mixed into this pile of email are a tremendous number of messages touting shady deals that could lead consumers to give up personal information, money, or just land them with fake products instead of what they were shopping for. Here are two major categories of trouble that you might…

READ MORE

0 comments

Vulture Stealer: What Banload Misses, Chrome Extension Receives

BY Max Gannon IN Malware Analysis

PhishMe Intelligence™ has uncovered a phishing campaign that delivers a new loader/browser plugin combination that we have dubbed Vulture Stealer. Vulture Stealer is a two-stage data stealer that includes a version of Banload banking trojan malware. However, paired with an extensive secondary stealer it can target and gather information beyond Banload’s reach within Google Chrome—effectively gathering any information entered within the compromised Chrome browser.  This campaign, which uses Portuguese-language phishing messages, may be targeting Brazilian banks and their customers. This is the first time PhishMe® has observed Banload coupled with a malicious browser extension.

READ MORE

0 comments

Be Careful Who You Trust: Impersonation Emails Deliver Geodo Malware

BY Marcel Feller IN Malware Analysis, Phishing Defense Center

Over the past weeks, the Phishing Defence Centre has observed several reports that pretend to come from an internal sender. While this impersonation tactic is not new, we have only recently observed an influx in emails used to deliver the Geodo botnet malware. Figure 1 demonstrates an example of an email we have received.

READ MORE

0 comments

Threat Actors Put a Greek Twist on Ransomware with Sigma

BY Chase Sims IN Malware Analysis, Phishing Defense Center

When we think of Greek-themed malware, the trojan family generally comes to mind. Not anymore, Sigma is a new ransomware delivered via phishing email.

READ MORE

0 comments

Real Estate Phishing Scams…Part 2

BY Heather McCalley IN Malware Analysis

Part 2 In part 1, we looked at the trend of phishing attacks targeting the real estate business, including home buyers who unwittingly wired money (millions) to criminals. Recently, CNBC reported the story and followed up with an interview of PhishMe® CEO and Co-founder Rohyt Belani.

READ MORE

0 comments

“All-in-One” Phish Gives Malaysians a Choice…of Phony Sites

BY Heather McCalley IN Malware Analysis

Recently, PhishMe® recorded suspicious messages that spoofed bnm.gov.my, the domain for the central bank of Malaysia, Bank Negara. The emails concerned a Funds transfer. Figure 1  Initial phishing message Red Flags Right Away The spoofed sending address belongs to a U.S.-based employee account on a high-reputation .ORG domain.  (Red Flag number 1: The friendly portion of sender name does not match the email address.)  Addresses on .ORG and addresses on university (.EDU) domains are frequently used to bypass spam filters that are set to allow messages through only when they appear to be coming from a sending domain with a…

READ MORE

0 comments

More Languages? Czech. Our CBT’s Are Truly Global.

BY phishme IN Internet Security Awareness

Back in June, PhishMe® launched our free computer-based training module on GDPR compliance. The feedback has been great, including urgent requests to make the training available in other languages.

READ MORE

0 comments

Real Estate Phishing Scams Turn American Dreams into Nightmares

BY Heather McCalley IN Malware Analysis

Recently, CNBC reported on phishing scams in real estate, following up with an interview of PhishMe® CEO and Co-founder Rohyt Belani. Real estate is a bullseye for enterprising phishers. Often, the scammer is attempting wire fraud, trying to induce someone to make an electronic transfer of funds.

READ MORE

0 comments

Microsoft Office Features Abused to Deliver Malware

BY Mollie Holleman IN Malware Analysis

Less than a week after a Sensepost blog highlighted how to abuse Microsoft Office functionality to deliver malware to systems via phishing messages, PhishMe® observed attackers abusing this feature of Microsoft Windows. This highlights how quickly malicious actors capitalize on such revelations, outpacing many organizations’ abilities to understand and respond to emerging threats.

READ MORE

0 comments

BadRabbit is not Petya. But…

BY Brendan Griffin IN Malware Analysis, Ransomware

Petya. NotPetya. Now BadRabbit. Ransomware keeps evolving and wreaking havoc worldwide. There’s no evidence that phishing emails have delivered Bad Rabbit, the new ransomware strain which hit Russian, Eastern European and some U.S. networks this week. But nonetheless at PhishMe, BadRabbit has caught our eye.

READ MORE

0 comments

Here’s How to Make Every Month Security Awareness Month

BY phishme IN Internet Security Awareness

It’s fitting that National Security Awareness Month ends on Halloween. It’s the time to contemplate scary things, whether ghouls, men in lederhosen stumbling about with steins or the real deal, phishing emails loaded with ransomware.

READ MORE

0 comments

Viewing Phish with a Payload using PhishMe Intelligence and Maltego

BY phishme IN Cyber Incident Response, Threat Intelligence

BY MIKE SAURBAUGH AND GEOFF SINGER Visualize Phishing Relationships with PhishMe Intelligence™ and Maltego Fishing (without the “P”) is not a lot of fun when you just drop a line in the water and hope for the best. When fishermen want to see where the fish are, they look to the fish finder on the bridge to “look underwater” to find schools of fish. Similarly, when an analyst is looking to “catch” a phishing campaign, correlating the attacker’s campaigns and their payloads can benefit by being able to visually graph and link phishing threats. PhishMe Intelligence combined with Maltego can…

READ MORE

0 comments

Don’t Go In the Attachment: 5 Security Reminders in Honor of Halloween

BY John Robinson IN Internet Security Awareness, Malware Analysis

Do we really need another Halloween-themed security blog? Yep. We do. Not because our edgiest holiday triggers more cyber threats. No, Halloween season is scary because it’s been absorbed by the winter holidays—the spendiest, cyber-riskiest time on the retail calendar, beginning in mid-September and lasting until…it ends, right?

READ MORE

0 comments

Oh Behave! – Simulation Analysis

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

When considering your organization’s response to a simulated phish, it is critical to understand that we are emulating / practicing for real life events with the purpose of conditioning appropriate response patterns in our user base. 

READ MORE

0 comments

PhishMe Named a Consecutive Leader in the 2017 Gartner Magic Quadrant

BY phishme IN Cyber Incident Response, Internet Security Awareness, Malware Analysis, Phishing

PhishMe has been named a consecutive leader in Gartner’s 2017 Security Awareness Computer-Based Training Magic Quadrant. It’s the second year we’ve been recognized as a leader and positioned highest in “ability to execute.”

READ MORE

0 comments

Sage Ransomware Distinguishes Itself with Engaging User Interface and Easy Payment Process

BY Brendan Griffin IN Internet Security Awareness, Malware Analysis, Phishing

In early 2017, the Sage ransomware distinguished itself with a fresh take on the business model for criminal ransomware operations. Built with an engaging, intuitive user interface for requesting the ransom payment, it also reinforced the fact criminals are willing to invest in developing new versions of established ransomware tools.  Sage has reasserted itself as a relevant player on the already-saturated ransomware threat landscape with version 2.2.

READ MORE

0 comments

Fake Swiss Tax Administration Office Emails Deliver Retefe Banking Trojan

BY Marcel Feller IN Malware Analysis, Phishing, Phishing Defense Center

PhishMe®’s Phishing Defence Centre has observed multiple emails with a subject line that includes a reference to tax declarations in Switzerland (Original subject in German: “Fragen zu der Einkommensteuerklaerung”) as shown in Figure 1. The sender pretends to be a tax officer working for the tax administration (Eidgenoessische Steuerverwaltung ESTV) and is asking the victim to open the attached file to answer questions about the tax declaration.

READ MORE

0 comments