Expert(s):
Security Advocatefeature_status*/ ?>
DomainTools

Comments Dotted : 5
January 15, 2021

Expert Insight On Classiscam Expands To Europe
It would be best to validate special offers by searching for them manually, rather than trusting a promotion appearing on a website ad.

If it ain’t broke, don’t fix it! There is no incentive for cybercriminals to abandon a technique that still offers them substantial rewards with relatively small effort. The premise of Classiscam is fairly simple, but some groups have gone to the length of appointing fake customer service representatives to add credibility to their operations, which attests to their determination. We can expect that Classicscam cybercrime operations will try to replicate their success in the West,

.....Read More

If it ain’t broke, don’t fix it! There is no incentive for cybercriminals to abandon a technique that still offers them substantial rewards with relatively small effort. The premise of Classiscam is fairly simple, but some groups have gone to the length of appointing fake customer service representatives to add credibility to their operations, which attests to their determination. We can expect that Classicscam cybercrime operations will try to replicate their success in the West, given the consistent monetary returns that they seem to be yielding for the cybercriminals behind them.

 

The best thing users can do to protect themselves from this kind of fraud is to follow the principle that whenever something seems too good to be true, it probably isn’t. It would be best to validate special offers by searching for them manually, rather than trusting a promotion appearing on a website ad – especially if the page it appears on is not particularly secure. Just like phishing scams, these ad-based operations have a strong social engineering component, and the increased recognition of security awareness training as a defense tool is bound to make it a lot harder for attackers to trick users.

 
 
 
  Read Less
January 04, 2021

Expert Advise On PayPal Smishing Campaign
Cybersecurity awareness training can help prevent these attacks from being successful.

Thanks to advancing knowledge in cybersecurity, most workplaces do a great job of protecting employees from phishing attacks. However, as much as we advance, so do cybercriminals. As we up our game, so do they. And in order to get around our more robust gateways, they build more creative and targeted attacks, such as scam text messages campaigns – smishing.

 

In this case, the exponential increase in online shopping during the lockdown might have made PayPal an even more appealing brand to

.....Read More

Thanks to advancing knowledge in cybersecurity, most workplaces do a great job of protecting employees from phishing attacks. However, as much as we advance, so do cybercriminals. As we up our game, so do they. And in order to get around our more robust gateways, they build more creative and targeted attacks, such as scam text messages campaigns – smishing.

 

In this case, the exponential increase in online shopping during the lockdown might have made PayPal an even more appealing brand to impersonate. A text saying the account has been limited creates an understandable sense of urgency, and while users have learnt to be wary of fraudulent emails, their attention might be lower with text messages, especially given that many brands now communicate with their users via text.

 

When it comes to protecting your organisation and safeguarding against cybercriminals’ tactics, you need to think like them. Cybersecurity awareness training can help prevent these attacks from being successful. To diffuse the risk from this type of campaigns, teach your employees to always visit websites from a browser, rather than by clicking on the link provided in an email… or a text message!

  Read Less
November 25, 2020

Spoofed FBI Domains Pose Risk Of Cybercrime And Disinformation
The FBI is right to advise the public about the risks posed by spoofed domains.
The FBI is right to advise the public about the risks posed by spoofed domains. Cyber criminals use various methods to get the attention of their intended victims, and the letters F-B-I do get people’s attention. Part of being security-aware, which every individual needs to be, is becoming familiar with common abuse patterns. In this case, many of the illegitimate domains use various other words in conjunction with “fbi,” which is a common practice by malicious actors. But, since.....Read More
The FBI is right to advise the public about the risks posed by spoofed domains. Cyber criminals use various methods to get the attention of their intended victims, and the letters F-B-I do get people’s attention. Part of being security-aware, which every individual needs to be, is becoming familiar with common abuse patterns. In this case, many of the illegitimate domains use various other words in conjunction with “fbi,” which is a common practice by malicious actors. But, since legitimate organizations do own variations on their own domain names, Internet users also need to consider the context of any link they are presented with. For example, if a link referring to the FBI (or other government agency) arrives as an unsolicited text message, there is a high likelihood of fraud. When in doubt, users should type the simplest version of the domain name (such as fbi.gov) into the browser, and navigate around the site to find the content they seek.  Read Less
November 25, 2020

Experts Warning And Advice On Black Friday Threats
While this does not mean that other shoppers can rest easy, it does indicate that Amazon customers may be the ones most at risk of phishing attacks.
Cybercrime does not exist in a vacuum, and this focus on Amazon from threat actors is reflective of just how dominant the retailer has become. While this does not mean that other shoppers can rest easy, it does indicate that Amazon customers may be the ones most at risk of phishing attacks. For this reason, we would recommend exercising extreme caution in the run-up to Black Friday and Cyber Monday, double-checking the sender’s email address, and the domain names in linked URLs, before.....Read More
Cybercrime does not exist in a vacuum, and this focus on Amazon from threat actors is reflective of just how dominant the retailer has become. While this does not mean that other shoppers can rest easy, it does indicate that Amazon customers may be the ones most at risk of phishing attacks. For this reason, we would recommend exercising extreme caution in the run-up to Black Friday and Cyber Monday, double-checking the sender’s email address, and the domain names in linked URLs, before clicking on any links or attachments, and cross-referencing this with known correspondence from Amazon—or whichever retailer you are shopping with.  Read Less
October 22, 2020

Montreal’s Société De Transport De Montréal (STM) Public Transport System Hit With A RansomExx Attack
Phishing remains the main vector through which ransomware groups are able to make their way into their targets' systems.
Unfortunately for Montreal's STM public transport system, RansomExx ransomware actors are amongst the threat groups that have upgraded their attacks to both encrypt and steal victims' data. This evolution of ransomware attacks is known as 'double-extortion' because criminals are effectively able to ask for a double payment - one to decrypt the files, and the other to stop the stolen data from being made public. The advice for organisations is to put in place defenses that will allow them to .....Read More
Unfortunately for Montreal's STM public transport system, RansomExx ransomware actors are amongst the threat groups that have upgraded their attacks to both encrypt and steal victims' data. This evolution of ransomware attacks is known as 'double-extortion' because criminals are effectively able to ask for a double payment - one to decrypt the files, and the other to stop the stolen data from being made public. The advice for organisations is to put in place defenses that will allow them to spot the traffic generated by the data being redirected to threat actors' servers - this can be done with DNS firewalling. It is also worth remembering that phishing remains the main vector through which ransomware groups are able to make their way into their targets' systems. For this reason, there is really no excuse not to have an effective email filtering system in place and a cybersecurity awareness program for all employees – up to and including incentives and rewards for successfully identifying a phishing email and flagging it to your security teams. Your staff are often viewed as your biggest risk factor from a security perspective, but sensible policy can turn them into your greatest asset.  Read Less