PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

.NET Keylogger: Watching Attackers Watch You

BY PhishMe IN Blog

Throughout life, there are several things that make me smile. Warm pumpkin pie, a well-placed nyan nyan cat, and most of all – running malware online – never fail to lift my mood. So imagine my surprise to see, after running a malware sample, that the attackers were watching me. Here’s a screenshot of a phishing email we received, which contained a keylogger written in .NET.

READ MORE

0 comments

National Cybersecurity Awareness Month 2014

BY Allan Carey IN Blog

With National Cyber Security Awareness month (NCSAM) upon us, the national spotlight is on best practices to stay safe and protect your data online. Thanks to the support of the National Cyber Security Alliance, Department of Homeland Security, and the White House , the month of October will feature a number of initiatives designed to increase the knowledge base about cyber security issues with the general population and promote DHS’ “Stop. Think. Connect.” program to empower individuals to be safer online. PhishMe is proud to participate by being a 2014 NCSAM champion, and have made a number of resources available to…

READ MORE

0 comments

Bash Vulnerability CVE-2014-6271 – Worm-able and Possibly Worse Than Heartbleed

BY PhishMe IN Blog

Post Updated 9/30/2014 Several months ago, the Internet was put to a halt when the Heartbleed vulnerability was disclosed. Webservers, devices, and essentially anything running SSL were affected; as a result, attackers were able to collect passwords, free of charge. With Heartbleed, the exploit made a splash and many attackers started to use the vulnerability. One of the more high-profile attacks of Heartbleed was the CHS attack, where the attackers siphoned 4.5 million patient records by attacking a Juniper device, then hopping onto their VPN. So how can something be bigger than Heartbleed? I’m glad you asked.

READ MORE

0 comments

PDF Exploits: A Deep Dive

BY PhishMe IN Blog

On Friday, several of our users received phishing emails that contained PDF attachments, and reported these emails through Reporter. The PDF attachment is a slight deviation from the typical zip-with-exe or zip-with-scr; however, it’s still delivering malware to the user.

READ MORE

0 comments

An IRS Rebate That Isn’t Worth It: Phishing Tactics Repeat Themselves

BY PhishMe IN Blog

It’s about the time of year when people should be receiving tax refunds from the IRS, which gives attackers a great opportunity to craft phishing emails. PhishMe users recently reported a round of phishing emails purporting to be from the IRS about tax refunds:

READ MORE

0 comments

2nd Annual Phish Throwdown Contest Results

BY PhishMe IN Blog

The results are in… and we have a winner! After much deliberation among our panel, we’re pleased to announce Gareth Stanyon as our 2nd Annual Phish Throwdown winner. Gareth’s email “Corporate Information Security Breach” addressed a recipient who supposedly violated company policy regarding social media use. To respond to the allegations, the email directs the recipient to click on a link. The email is personalized with the recipient’s name, organization, and department.

READ MORE

0 comments