PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Phishing Attacks Target Google Users with Weakness in Chrome: What You Need to Know

BY PhishMe IN Internet Security Awareness

If your employees are users of Google Chrome and/or Mozilla Firefox, your network could be vulnerable to a unique phishing attack targeting the two most widely-used browsers in the world. Several media outlets are covering the uniform resource identifiers (URI) exploit, which Google Chrome and other web browsers utilize in order to display data. This attack, which is difficult to identify via traditional methods, allows cybercriminals to gain access to Google Play, Google+ and Google Drive. This means that any sensitive information stored within each of those areas is up for the taking. In the case of Google Play that means…

READ MORE

0 comments

Abusing Google Canary’s Origin Chip makes the URL completely disappear

BY Aaron Higbee IN Internet Security Awareness

Canary, the leading-edge v36 of the Google Chrome browser, includes a new feature that attempts to make malicious websites easier to identify by burying the URL and moving the domains from the URI/URL address bar (known in Chrome as the “Omnibox”) into a location now known as “Origin Chip”. In theory, this makes it easier for users to identify phishing sites, but we’ve discovered a major oversight that makes the reality much different. Canary is still in beta, but a flaw that impacts the visibility of a URL is typically something we only see once every few years. We’ve discovered…

READ MORE

0 comments

Numbers of Victims of Cybercrime are Soaring

BY PhishMe IN Internet Security Awareness

Reports from law enforcement agencies around the world show that there have been even more victims of cybercrime in the past 12 months than in any other year. Attacks are being conducted alarmingly frequently, and cybercriminals are becoming even more brazen. However, cybercrime is still not dealt with in the same way as other types of crime. Say you leave home, only to return to your front door kicked in. Everything of value has been stolen. What would you do? You’d call the police immediately, right? Now pretend you get an email from what looks to be your bank. They…

READ MORE

0 comments

Phishing with a malicious .zip attachment

BY PhishMe IN Phishing

A few weeks ago, we received a round of phishing emails with malware that seemed a little more special than your run-of-the-mill ZeuS, so we decided to give it some analysis. The email was reported by a user at PhishMe. We really do drink our own kool-aid. Figure 1 shows a screenshot of the email that is being analyzed.

READ MORE

0 comments

HTML Attachment Phishing: What You Need to Know

BY PhishMe IN Phishing

Are you aware of HTML attachment phishing? It is one of the latest trends with cybercriminals. Instead of emailing downloaders that contact C7C servers to download crypto malware, Troijans, or other nasties, HTML attachments are being sent. HTML attachment phishing is less well known, and as a result, many people are falling for phishing scams. Even though this past weekend was a holiday weekend for many, there is a good chance that you still checked your email fairly often. If you are like me, you typically use your phone or another mobile device to check your email on the go….

READ MORE

0 comments

Watering Holes vs. Spear Phishing

BY PhishMe IN Phishing

Watering-hole attacks have been established as an effective attack technique for a while now. As the industry has analyzed some prominent examples, many have come to the conclusion that watering-holes present an alternative to spear phishing. The recently released Symantec Internet Security Threat Report highlights this viewpoint, as it concluded: “Targeted attacks no longer rely as heavily on spear-phishing attacks in order to penetrate an organization’s defenses. More recently the attackers have expanded their tactics to include watering-hole attacks, which are legitimate websites that have been compromised for the purpose of installing targeted malware onto the victim’s computer.” FireEye also…

READ MORE

0 comments