PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Breaking the Myths of Social Engineering

BY Rohyt Belani IN Internet Security Awareness, Phishing

Last week, a Washington Post article by Robert O’Harrow offered an interesting look at the most common attack vector used by cybercriminals to penetrate enterprises today: spear phishing. While we applaud (loudly) the thrust of the article – that enterprises need to educate users on the dangers of spear phishing – there are some very real challenges in user education that the article does not address.

READ MORE

0 comments

LinkedIn password leak: What it means for phishing

BY Aaron Higbee IN Phishing

Spoiler: LinkedIn password leak: What it means for phishing?  Answer:  Not Much! When people talk to us about phishing, they often want to know “What’s next in phishing? What else are you seeing?” This gets asked a lot, and is one of my least favorite questions because the truth is, email based spear phishing works as-is It has no reason to evolve right now.

READ MORE

0 comments

Educause 2012 SPC: Quick Review

BY Aaron Higbee IN Internet Security Awareness

Last week I attended the Educause Security Professionals Conference 2012 in Indianapolis Indiana and was lucky enough to co-present with Emory University to discuss the phishing problems higher education face. This event had an entire track devoted to Awareness & Training and of course a major topic for discussion was phishing.

READ MORE

0 comments

Anatomy of a vulnerability based spear phishing attack

BY PhishMe IN Phishing

Anatomy of a vulnerability based phishing attack This week SC Magazine named  the Chrome vulnerabilities the Threat of the month.  So, how would an attacker use this vulnerability in a spear phishing scam you ask? They know their audience Advanced threats know who they want to target, it doesn’t matter that your Skype handle is @kukubunga998 – they know you work for the organization they are targeting.  They also deduce (the same way a marketer does) that you are a Chrome user, or that you have it installed for some reason or another.  They know that your organization is big…

READ MORE

0 comments

2011 – The year of spear phishing And spear phishing

BY Aaron Higbee IN Phishing

An odd title for a blog post but something that has been on my mind for a while now. We get a fair amount media requests for comments or perspective on phishing stories.  This is a good thing. It’s nice to have recognition in your field. Of course 2011 was no shortage of phishing related news. (What’s up RSA, I’m looking at you. I’ve noticed you frequent our website a lot. How about a demo. Couldn’t hurt?)

READ MORE

0 comments

Spear Phishing with Password Protected Zip Files

BY PhishMe IN Phishing

The Slashdot headline this morning reads: Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms What is it about? Simple, the poison ivy trojan wrapped in a password protected ZIP file so it can get past filtering.  Symantec has an excellent analysis of these attacks in a paper titled: The Nitro Attacks: Stealing Secrets from the Chemical Industry by Eric Chien and Gavin O’Gorman.  You can read the entire paper here. “The most recent attacks focusing on the chemical industry are using password-protected 7zip files which, when extracted, contain a self-extracting executable. The password to extract the 7zip file is included in…

READ MORE

0 comments