Security News

Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.

This week we discuss the stalkerware app that spilled bucketloads of ultrapersonal data, a double-whammy ransomware attack on a homeless charity, and an Amazon Prime-themed phishing attack with a skull-and-crossbones twist. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

The total number of phishing sites detected by the Anti-Phishing Working Group worldwide in October through December 2019 was 162,155, following the all-time-high of 266,387 attacks recorded in July through September 2019. APWG contributor OpSec Security saw attacks against more than 325 different brands per month in Q4. Stefanie Wood Ellis, Anti-Fraud Product & Marketing Manager at OpSec Security, noted that the most frequent targets of phishing attacks continued to be Webmail, payment, and bank sites, but that "Phishing against Social Media targets grew every quarter of the year, doubling over the course of 2019.".

"Phishing continues to be one of the primary breach vectors in the healthcare industry. It is cheap, effective and profitable to the cyber-criminal element," says Rich Curtiss, director of healthcare risk assurance services at security consultancy Coalfire. "Health records command a hefty price on the 'dark web' and are relatively easy to acquire through phishing attacks. Phishing is an organizational threat and not an IT problem. Addressing the threat must be a strategic imperative and, to be truly effective, must be part of the organizational culture."

Phishing attacks have become one of the business world's top cybersecurity concerns. Hackers have evolved their methods, from regular phishing attacks to spear phishing, where they use email messages disguised as coming from legitimate sources to dupe specific individuals.

If the email is true, you can simply go to the Amazon site yourself, or use the Amazon app - the online location of Amazon isn't a secret. We don't know whether the crook who sent us the phishing email made a mistake, and used the wrong URL, or whether a second crook had arrived in the interim and then taken over the hacked server from the original hackers.

The phishing campaign apparently started earlier this year and has since slowed down, according to IBM. SMS Phishing. In their report, IBM researchers attribute the increasing spread of Emotet to a group that they refer to as the "Mealybug gang." After a lull of several months, Emotet resurfaced in September 2019, and it has been spreading rapidly since.

The warning from WHO confirms earlier reports from security firms such as Sophos that scammers were attempting to use images, graphics, and realistic-looking domains as part of various phishing and others malicious campaigns. On Tuesday, security firm Check Point published a report about a spike in the number of domains being registered related to coronavirus.

Cybercriminals targeted mobile banking users by sending malicious SMS messages to their smartphones as part of a phishing campaign to steal account holders' information, including usernames and passwords, according to the cybersecurity firm Lookout. More than 3,900 mobile banking app users of several Canadian and American banks fell victim to the SMS phishing attacks, which started in June 2019 and apparently recently ended, researchers at Lookout say in their new report.

Another option is to report the email to Microsoft for analysis via the Outlook add-in called Report Message or a specific Microsoft address. You can use the process to report a "False negative," meaning a spam message that should have been identified as spam but was not.