Tag Archives: Phishing

Decoding pickpockets and malware

Decoding pickpockets and malware - the most dangerous online threats of 2017

Malware attacks can seem as random as a pickpocket cleaning out your pocket in the city center – these things happen and you just happened to be there. While pickpockets are a great metaphor for cybersecurity – neither pickpockets nor malware are completely random events. Pickpockets aren’t just taking a random walk in the park […]

The post Decoding pickpockets and malware appeared first on Avira Blog.

Read More

Total eclipse (of the device)

Total eclipse (of the device)

The total eclipse of the sun taking place August 21 across much of the North American hemisphere has triggered a mass migration of millions, as people journey to the narrow swath of the country where the moon will completely black out the sun. But while millions are presently en route to their prime chosen destination, […]

The post Total eclipse (of the device) appeared first on Avira Blog.

Read More

Gmail for iOS Adds Anti-Phishing Feature that Warns of Suspicious Links

gmail-phishing-alert

Phishing — is an older style of cyber-attack but remains one of the most common and efficient attack vectors for attackers, as a majority of banking malware and various ransomware attacks begin with a user clicking on a malicious link or opening a dangerous attachment in an email.

Phishing has evolved than ever before in the past few years – which is why it remains one of those threats that we have been combating for many years.

We have seen phishing campaigns that are so convincing and effective that even tech-savvy people can be tricked into giving away their credentials to hackers. And some that are “almost impossible to detect” and used to trick even the most careful users on the Internet.

To help combat this issue, Google has introduced a security defence for it’s over a billion users that will help users weed out phishing emails from their Gmail inbox.

Google has rolled out new anti-phishing security checks for its Gmail app for iPhone users that will display a warning about potential phishing attempts when users click on a suspicious link from within the app on their iPhone or iPad.

This new feature will take nearly two weeks before it is available everywhere.

According to the tech giant, when a user clicks on a link that Google thinks could be suspicious, they will be displayed a pop-up, warning of an untrusted nature of the website they are attempting to visit.

Suspicious link
This link leads you to an untrusted site. Are you sure you want to proceed to example.com?

If the user ignores this first warning and continue, the Gmail app will display another warning with more detailed information about the suspected malicious website that the company finds it to be a malicious phishing page.

Warning – phishing (web forgery) suspected

The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal or other sensitive information.

You can continue to example.com at your own risk.

A similar feature has already been made available in the Gmail app for Android since May of this year.

Although the feature would surely not detect every phishing attempt that could compromise your credentials, we believe it will help users combat such attacks to much extent.

So, always exercise caution over what links you click mentioned in your emails or attachments you open.

Additionally, Gmail users need to enable two-factor authentication, so even if attackers have access to your credential, they will not be able to proceed further without your phone or the USB cryptographic key in order to access your account.

Powered by WPeMatico

Top 10 Email Subjects for Company Phishing Attacks

George is in his office responding to his morning emails when he notices an unusual message. The subject is concise: “Security Alert”. Obviously, he wants to know what’s going on. He opens it, reads the first paragraph to see what the problem is, then clicks the link ostensibly taking him to the company page where he will have to confirm his data to stay protected. Without knowing it, he has just fallen into a trap. He has been directed to a page infected with malware that will steal his identity. George has become a victim of phishing. But he is not the only one — some of his co-workers have also been duped. But George is not alone in this. In fact, 21% of phishing attacks resort to the alarming “Security Alert” subject line in order to deceive its victims.

Share this list with your employees

It is important that employees be wary of any email they receive with any of the following subject lines. According to a study by KnowBe4, these are the ten most common email subjects that have led to a phishing incident:

  1. Security Alert – 21%
  2. Revised Vacation & Sick Time Policy – 14%
  3. UPS Label Delivery 1ZBE312TNY00015011 – 10%
  4. BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
  5. A Delivery Attempt was made – 10%
  6. All Employees: Update your Healthcare Info – 9%
  7. Change of Password Required Immediately – 8%
  8. Password Check Required Immediately – 7%
  9. Unusual sign-in activity – 6%
  10. Urgent Action Required – 6%

Although the number of attack vectors is multiplying (through social networks, for example), email is still the channel preferred by cybercriminals to launch this type of attack. The reason is obvious: it is more effective to send a fraudulent email than to try to get the user to fall into the trap on a random website or to dupe them on a social network. The most common method is to impersonate a legitimate company or person requesting certain information and redirecting the recipient to a fake website: a shipping company that wants to confirm shipment of a package, a human resources employee requesting that you update your personal information…

Even employees at large technology companies have been victims of phishing: employees at Google and Facebook were tricked into transferring more than $100 million they thought was intended for Quanta Computer, an electronics manufacturer.

How to prevent phishing

Given that 91% of cyberattacks start with a simple phishing email, it is important to take action to minimize the risk of our company being attacked.

In addition to building basic cybersecurity awareness regarding such practices as never clicking links contained in emails from untrusted senders, or browsing only through secure websites (those starting with ‘https://’), it is crucial to have solutions that protect your business from possible phishing incidents.

Traditional antivirus protection is no longer sufficient. Identity theft is becoming more sophisticated, and cyberattacks aiming to steal valuable data are increasingly able to bypass the barriers of traditional security solutions. With this in mind, the best option is to opt for advanced security solutions that monitor and categorize 100% of processes in execution to anticipate any type of malicious behavior, and thus reduce the possibility of becoming the victim of an attack to zero.

The post Top 10 Email Subjects for Company Phishing Attacks appeared first on Panda Security Mediacenter.

Read More