go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

Search results for "phishing"

Go to Homepage, contents or to navigation menu

There is a 47 percent increase in Phishing in Q1 2021 says Phishlabs

We covered the Phishing Trends report from Phishlabs in last podcast, and there’s another article that has some highlights.

From their data, there are 5 different targets for industries. They are:

  1. Social Media
  2. Financial
  3. Webmail & Cloud Services
  4. Ecommerce
  5. Telecommunications

Social media is first, and I suppose we shouldn’t be surprised by this because it is heavily used by quite a number of people. The actors know this, and they’ll stop at nothing to get their attacks out there which include pointing people to things using platforms like Twitter and Facebook as their place to start.

According to this article, more than half of the accounts are fraudulent.

Of the phish targeting the social media industry in Q1, 21% targeted messaging apps. This allowed threat actors to connect with potential victims in real time, giving the impression that the communication was legitimate. Believing they are interacting with a benign individual, victims are more inclined to perform requested tasks such as clicking a link or divulging sensitive information.  

Also according to the article, Single Sign on may be part of the problem now, as you have one set of credentials for everything, but it is better productive wise to have something like it. There are links within the article that cover lots of these things.

There are other aspects of this article that I found of interest too.

The Financial sector has been hit hard, and the 5 types of financial institutions included:

  1. National Banks
  2. Payment Services
  3. Credit Unions
  4. Regional/Community Banks
  5. Brokerage/Investments

There’s definitely more including cryptocurrency accounts also being an attractive target.

Again, the article is titled 47% Phishing Increase in Q1 and its well worth the read. Thanks so much for reading!

Comments (0)

Wetransfer has now joined the services that can be and has now been abused for Phishing Lures

I guess we can add wetransfer, the newest file transfer program that I was made aware of to the list of services that criminals are using to get their wares out.

https://we.tl/t-ZR52D6sDAm is a link to the last available technology podcast which was number 359 of that series. I had been meaning to record, but other things came up and of course the Security Box came up.

According to a recent article, there is a different type of link that the actors are using to get their wares out.

According to the legitiment wetransfer email, the sender matches what you’d get from wetransfer. The subject line has the email address sent you files using wetransfer.

The legitiment file transfer will explain what the file is by giving you the description of the file like you’ll see through the clickable link.

The link in this article will not be linked but it is: hxxps://wetransfer[.]com/downloads/52d55eeb42591d9ebbffe5326326858320210218183005/8b80cbbd9c1b8f7695b8de69e995ebee20210218183005/8c0cd5?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email and is a lot longer than the URL that is linked above.

The download button is on the web page of wetransfer’s legitament links, not on the llink like you see here.

The other two domains used are box.com and Google Documents just to add to insult to injury.According to box.com, they’re a collaberation tool, nd of course we know well about Google Documents which has been used for things like this for many years.

ZLoader was known for being a banking trojan, but it seems now to be picking up where other malware families got dropped.

Want to learn more? Surge in ZLoader Attacks Observed is the article. It is written by Phish Lab’s Jessica Ellis. Do read the article, it is definitely worth the read and thanks for listening and reading!

P.S. The link to podcast 359 linked here expires in one week.

Comments (0)

This phishing scam left thousands of stolen passwords exposed through Google search | ZDNet

This is one that is hard to quote and really write about, but I saw it while preparing for the news notes and wanted to read it. ZDnet is full of adds, but not harmful, but makes this hard to read. The content however is of importance, and should be viewed as this can happen to any sector or business.

Source: This phishing scam left thousands of stolen passwords exposed through Google search | ZDNet

Comments (0)

Are block lists effected in phishing attacks?

I read a very interesting article dealing with phishing and blocklists from … you guessed it … Phishlabs. Limited Impact of Phishing Site Blocklists and Browser Warnings is the article and I found it quite interesting.

One of the things this article talks about is the blocklists from Google Safe and Microsoft to prevent people from getting hit. People ignore these warnings, according to the article, and get taken anyhow. Sometimes, although I doubt I’ll be doing this anymore, I would cauciously look to see why it is blocked. I am not interested in getting hit with potential ransomware, so I’ve decided if I got curious and I saw the warnings that I’d get the hell out.

Headings in the article include:

  • Detection Early in the Phishing Lifecycle
  • Mitigating Phishing Sites and Minimizing Impact
  • Additional Resources:

The last one is at the end and links to other things that might be of interest. Our smarts need to play a part in this, and sadly, I think thats the only way to win this. Have other thoughts after reading this one? I’d love to hear from you.

Comments (0)

We’ve got some good news, two people charged with phishing and vishing and scams to boot

We’ve got two charged in some phishing attempts and vishing attempts and schemes to boot

We’ve covered phishing and vishing on the Security Box, and I recently came across an article from Brian Krebs that talked about two guys being charged in this field. I’m also going to link in the upcoming security box to this, but it is always good to talk about some of these things, even if the show notes mention it in passing.

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts
by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information.

The article also names the two:

Prosecutors say Jordan K. Milleson, 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A. Bryan hijacked social media and bitcoin accounts
using a mix of voice phishing or “vishing” attacks and
SIM swapping,”
a form of fraud that involves bribing or tricking employees at mobile phone companies.

This is how some of these attacks happen. They get started this way, and it can esculate to whatever the attacker wants to do.

To add insult to injury, the end of the article says:

The indictment alleges Bryan swatted his alleged partner in retaliation for Milleson failing to share the proceeds of a digital currency theft. Milleson
and Bryan are facing charges of wire fraud, unauthorized access to protected computers, aggravated identity theft and wire fraud conspiracy.

This reminds me of the Kansas case of 2018 going in to 2019 where swatting was part of the ordeal when people got picked up.

For further information, why not read the article by Brian entitled Two Charged in SIM Swapping, Vishing Scams and sending in your comments?

Due to changes needing to be done on the blog, if you want an account, please let us administrators know, and we’ll set one up for you if you can’t comment on your own. We want registered users who want to comment on material, so we’ll be happy to help! Thanks again for checking out the blog, and thanks so much for listening to the program and reading what interests you.

Comments (0)

URL tracking systems being abused for phishing and other attacks

In the final NCSAM article this year, yes, I haven’t posted that many this year, we’re going to talk about URL tracking systems are abused.

First of all, the Jared Rimer Network does not uuse these systems at all. Such systems may include podcast tracker services, Google add words or google add cents. I’ve never used them as I can provide my own links, and even though Sendspace gives me a download count on files, I don’t know where it is downloaded and I don’t really want to know.

Widely-used URL tracking systems are often abused in phishing attacks. The domains used by these systems are commonly known and trusted, making them attractive
carriers for phishing URLs. To illustrate how it works, this post breaks down a recently-observed phishing attack that uses Google Ads’ tracking system
to evade email filters. 

Even the URL shorteners like is.gd and others through the years I don’t use either. One service I talked about in podcast 318 was a site still operating called cutt.us. I do like them because you can check the URL and see where it really goes and get stats. The shortener bit.ly does the same thing, and I’m sure many others do too with an account.

I’ve always been in the belief of showing my visitors exactly where they are going. If it’s shortened, its shortened by services like twitter through their shortener which is checked for bad URLS and they disable those URL sites and not leave it up to others. Even Facebook shortens links at times, but its mainly used for twitter where the messages needed to be much shorter.

URL tracking systems use parameters to pass through various pieces of information for managing advertising campaigns. One of these parameters is typically
the final URL that the ad service should redirect users to after they have clicked on the tracking link.  For Google Ads, this is the adurl parameter. 
By replacing adurl value with a phishing link, threat actors can easily subvert a legitimate Google Ads tracking URL and use it in attacks.  
To demonstrate this, we took a Google Ad tracking URL, and modified the adurl value to our website:

While the URL given was a sample and leads to Phishlabs, this method can’t be trusted anymore and for one, I won’t ever use it. I understand these services pay pennies to the click anyway, so I never was on board with using such a service to make money.

There are several services that are abused besides google and one of them is Verizon Wireless’s site. The actors go where this is set up and abuse something that can be used for good.

Phishlabs has more on this, but I want to talk about the fact that I don’t use them, and if I do, it’ll be on request by the sender or if the URL is so long it just breaks. That’s why I build my sites with not so long URL’s. It is going to be a better trip for me in the long run as long URL’s would be flagged if people uploaded such things to my pages.

Want to learn more about this? How URL Tracking Systems are Abused for Phishing is the article and it is written by Sean Bell. I hope you enjoy reading this article and my thought on this topic.

Comments (0)

Phishing won’t stop, just because of the election

In our title piece dealing with Phishing, we wanted to highlight the aspect of phishing and the fact that actors are stopping at nothing to get their wares out.

In an October 2nd article on Threatpost, Lindsey O’Donnell talks about the rise in Phishing due to the fact that voters need to submit their information on who they want to vote for and other aspects of the election via the mail. This article shows and demonstrates how the actors are perporting to copy portions of one site, but mass mail it to people not even in that state. As you continue to read the article, it shows you what the Phish may look like including the misspellings. It also talkss about the recent attack of an email provider which I now can’t find its name but I read it here.

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy is the article and I hope that it finds you well.

Comments (0)

What’s going on with the Phishing Landscape? Plenty, and it isn’t looking good

On podcast 12 of the Security Box, we talked about a blog post that Phish Labs had talking about the APWG trends report. I covered that in a bit of a discussion, but maybe it is time to bring it up now as part of NCSAM’s discussion for this year.

In case you missed the Security Box, podcast 12, here are the show notes for that program.

Now, lets pick apart and discuss some things that got my attention in regards to the article dealing with Phishing.

The article that we’re going to talk about in this blog post is APWG: SSL Certificates No Longer Indication of Safe Browsing. Why specifically this article? Oh don’t worry, we’ll cover other Phishing articles but this one is quite important.

Let us start at the beginning of the Internet, where all we had were text browsers and we connected through Dos. Dos was an operating system that only had text. It did not have fancy graphics, although there may have been some, and it surely didn’t have video and other multimedia. It didn’t have the capability of filling out forms, making online payments, contacting people through forms besides putting other types of things online that we take for granted today.

While there were ways to get files like executables and other types of small files, the protocol has definitely changed. With that, comes the aspect of Phishing.

The protocol in the early days was just called http or hyper text transfer protocol. This protocol was used mainly to serve webb pages and back in the early 90s, and even early decade of the 2000s, that was really all we needed.

As time passed, it became clear that to do credit card transactions and the like, we needed a secure way to do it so they added the “s” for secure. This became the standard with SSL versions and now TLS. SSL is secure sockets layer, TLS is transport layer security. All it does it makes sure that the web sites are secure.

Later on in the last 10 years or less, they came out with firesheep to show that http connections were not safe and https needed to be the standard for true security even if you didn’t do online banking and the like.

Well, when the actors started, their pages were not using https where the S stood for secure. We were taught that if we wanted to put in data such as credit card numbers and other types of info like that online, we need to be on a secure connection. Sighted people looked for a padlock, disabled patrons checked the URL of the web page to hear that it had the S in it.

Examples: http://www.example.com VS https://www.example.com http://example.com vs https://example.com

This is how it has been until recently when the threat actors started to secure their pages thanks to services like Let’s Encrypt.

Without going in to any detail on Let’s Encrypt, let us just say that they do domain validation certificates and I believe they can now work on sites using the control panel we use on Linux boxes which was not the case before.

Let’s fast forward to recent times where recent Phishlabs articles kept indicating that the SSL rate was creeping up, and it was a matter of time.

Under the heading

SSL Abuse Continues to Skyrocket

here is the most important piece of information taken from this article.

PhishLabs, an APWG contributing member, is tracking the increased use of SSL certificates on phishing sites. Threat actors abuse HTTPS certificates to
enhance compromised sites by tricking internet users into believing the site is secure. Alarmingly, almost 80% of phishing sites used SSL certificates
during Q2, meaning users should no longer attribute the certificate as an indicator of safe browsing.

The portion continues:

“The number of phishing sites using TLS continues to increase,” said John LaCour, Founder and CTO of Digital Risk Protection company PhishLabs. “Most web
sites—good and bad—now use TLS. Phishers are hacking into legitimate web sites and placing their phishing files on those compromised sites.”

This exact thing happened to the Jared Rimer Network some years ago, and even effected several sites across my network. Somehow, actors were able to gain access to several of the sites across my network, upload their wares, and we’d be notified about it. I was notified one morning by Phishlabs directly by Email, and I promptly called them at 6:30 am on my way to my day activity. Indicating that I couldn’t get to the page from the email, they indicated that the issue was resolved, which was good news to my ears. I’m sure my provider was notified, cleaned it up, and that was the end of it. This is what needs to happen, because we may not even know that anything is going on.

To the providers credit, they learned quickly. This is because they sent me the reports, and I was to deal with it which I did not have access to do. I get it, its hard to maintain a network when you get reports like this and I did ask for assistance. I definitely thought there was a problem when I was told the passwords were as secure as humanly possible.

Under the section

SSL Growth

it talks about Extended Validation Certificate usage. If you put “Extended Validation Certificate” minus the quotes, a prominent provider named Digicert is mentioned. There are other places to learn about these certificates, and that is not the extent of this article today.

Let’s cover this section under SSL growth for a moment.

In addition, PhishLabs has noted the emergence of phishing sites using Extended Validation (“EV”) Certificates.

“The vast majority of certificates used in phishing attacks — 91 percent — are Domain Validated (“DV”) certificates,” noted LaCour. “Interestingly, we
found 27 web sites that were using Extended Validation (“EV”) certificates.”

In order to be issued an Extended Validation certificate, a site must provide verification of its legal identity. In theory, EV certificates indicate that
a site is more trustworthy, and their presence on phishing sites is significant.

It isn’t surprising that the majority of certificates issued today are domain validated. This is because this is the easiest. You either need to have something on a web server that you put up there, or a trusted authority like the control panel group issue validation certs for the domain which is done daily.

As for organization validated (ov) certs, I am not aware how those work, and that is for your research.

The article goes in to much more detail than I could ever cover in sections and give my thoughts on it. As part of NCSAM, check out this article in full, feel free to ask questions, the worst is that I won’t know the answer. I’d rather tell you that I don’t know than to lead you wrong.

Found this article of value? Why not search NCSAM while you’re here to see what else has been covered? We covered NCSAM last year with many articles linking to stuff, and I’m sure that it may be still of value today. I want to thank each and every one of you for coming by and checking out this blog. I hope you find the info of value, and if you have something to share, please get in touch. See you next time!

Updated 4:10 PM 10/6/2020 to fix a broken link

Comments (0)

Did you know there are tricky forms of phishing?

I recently read an article dealing with tricky forms of phishing on the new Intellegence blog. I found it quite facinating what we can learn.

Many phishing pages are hosted on websites with spoofed domains or pages created through website builders. But recently, creating phishing pages has become
easier through the use of forms — tools that can be configured within only a few minutes.

Lets take a look at this a minute. This is talking about using forms generated by tools such as Microsoft, Google, and even other products that might be developed in the future. I’ve seen different types of Spam lately that link to some sort of Google document URL. Sometimes I’ve gotten curious, and it is a redirector, others I just ignore.

This reminds me of the resume deal where I would receive potential resumes from people. I would open them and it says it can’t be opened. I would send it off to someone who confirmed it couldn’t be opened. I did what any person would do and tell them that the file they sent couldn’t be opened and I need another. They never wrote back, mainly because hings like this are now common where they want to infect you. Maybe my mistake was to respond, but I would’ve kept the resume on file if I had an opening, which I don’t. Now that this can easily be done using online tools, and the documents can contain anything, how can we be so sure? This is going to get interesting.

There are 13 different sites besides the main two I mentioned above according to the article under the question “How are these schemes formed?”

Would you like to read the article and learn more about this so you can be informed like I was? From Trend Micro Research, I bring you the article: Tricky ‘Forms’ of Phishing for you to check out and lets learn together. Thanks so much for reading the blog, and lets learn together!

Comments (0)

The Security Box, podcast 5: Phishing and its various forms

Phishing and its various forms are covered. I didn’t cover it all, just the more familiar ones. Links are given, and we do play some tunes too.

Podcast 5 covered Phishing and its various forms. The main option we used was Wikipedia, but we also link to F-secure and a podcast talking about what this is. There is one aspect we did not cover which I think we should. Our things to ponder segment was a little adult in nature but appropriate in today’s environment of social media and the things that are allowed and not.

The show lasts 3 hours, 32 moinutes, and I hope you enjoy! No major news notes segments.

RSS has the program and its also on mixcloud for your enjoyment.

Have something to say? Contact me!

Comments (0)

Lastpass has an update in regards to their Phishing post earlier

Earlier, Lastpass, the one password you’ll ever need, posted a blog post talking about how people are going around as them asking for master passwords. In a blog post PHISHING ALERT | FRAUDULENT EMAILS REQUESTING MASTER PASSWORD UPDATE lastpass gives some examples on what has gone on that they’ve seen. I’ve been trying to think on how to write this, but I’m not coming up completely blank. The problem is that people are using their name to get information so they can take control of your account. This is one service that even the free users get two-factor options, although there are primium options that they offer as part of the monthly subscription.

This is only one kind of phishing attack, there are many more kinds and samples. Stay safe.

Comments (0)

Phishing emails from lastpass wannabees

I love the fact that Lastpass is being transparent. Here is some news and my thoughts on this, with a link to their blog posted yesterday.

Yesterday, Lastpass blogged about the fact that actors are impersonating them in an attempt to get people to turn over their lastpass master password. The master password allows one to authenticate with the platform to gain access to the passwords and other information that may be in one’s account. In the blog post PHISHING ALERT | FRAUDULENT EMAILS REQUESTING MASTER PASSWORD UPDATE Lauren Christopherson talks about what is happening, and has some bullet points on what people using the service should do to make sure they’re using Lastpass corectly. Please take a look at this if you’re a lastpass user. If you use another manager, you should look at this and see if your mannager has any solutions to keep yourself safe in case you happen to make a mistake and open your account to someone else.

Comments (0)

Phishing web sites are now 3 quarters SSL certificated: any hope?

In no surprise to anyone in this business, Phishlabs has an article talking about the fact that we are now over 3 quarters SSL certificated when it comes to phishing web sites. This means that we can’t rely on the https as part of the URL, like https://www.jaredrimer.net for example.

Usually you can tell it is a phishing site because the domain will not make much sense, like https://www.abmifnt.com for example, or have really long and lengthy URLS that you aren’t expecting to go to.

Some of these phishing sites use short cut services like the one I talked about at one point called cutt.us. Like any service, actors abuse them to get their wares out, and they don’t stop at anything to try and trick each and every one of us in some way or another. If we aren’t careful, we can get bit.

Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing
sites to add a layer of legitimacy, better mimic the target site in question, and reduce being flagged or blocked from some browsers. 

Last year, threat actors hit a significant milestone in this usage when more than 50% of phishing sites included an SSL certificate. Now, just six months
later, our data suggests that nearly three-fourths of all phishing sites, specifically 74%, now abuse HTTPS.

Just sit there and think about this. 74 percent of sites now use HTTPS and its expected to grow. Because of the stay at home orders, and COVID-19 cases now rising once again across the country, we’re still not done. According to the last paragraph, it says:

Previously, the majority of phishing sites have been on non-free domains. In the past year however, we have seen a year-over-year increase in the use of
free domains. Rather than a threat actor having to access a compromised site or purchase a domain, they can more quickly mobilize their phishing attacks
with a free option.

To read the full article, please feel free to visit Phishlabs and read Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites by Elliot Volkman for the full details. This can’t be good, and it’ll be a matter of time before we find that all sites will be secured and we have no hope. Thoughts?

Comments (0)

Corona Virus attacks found to be spear phishing in nature: Indian company only part of the problem

While I try to catch up as I sent myself articles I thought would be relevant, a Google study indicates that spearphishing attacks are now the act of Indiana “hack for hire” firms being a part of the ordeal.

I’m sure that we’ve had dealings with different types of companies with differing experiences. Most of the time, we’re treated well, sometimes not so much. But if you’re any type of company that hires people to do any type of phishing, I believe you need to restructure the company.

There are many types of phishing, and you can learn about those. Not all of the phishing is called phishing, so be aware of terms like BEC attacks, Spearphishing, and other less terms in the phishing relm.

I did find the article quite interesting in regards to this Indian company, but I’m sure that there are other companies that could be engagaging in this type of behavior.

Want to read more? Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes is the article that I read which links to other stuff, so why not give it a look. Maybe you can get something out of it that’ll spark your interest.

Comments (0)

Podcast 345, Cat fishing, Cat Phishing, and Parcel Tracker

Welcome to the technology podcast, podcast 345. On this program, Parcel Track, Catfishing, and Catphishing. Hope you enjoy the program!

Welcome to podcast 345 of the technology podcast series. This time, no covid-19 material as I have quite something different lined up for this podcast. I’m sorry its taken this long to release, I’ve not been feeling well, but the wait is worth it, as you’ll see.

  • What type of app do you use to track your packages? Just before podcast 344’s release, I had a hair, and decided to go searching for a replacement. Parcel Track was found and demoed. Some things including notification fixes were pushed out after the recording, the basic demo will give you an idea on what it is about and how it works. In the first segment, I talk about what I had used before, and introduced Parceltrack. The second segment was the demo itself.
  • Have you heard of terms such as catfishing or catphishing? Yes, thats awesome! I have but not really looked up what it meant until I found a Cyberscoop article talking about a well known figure that does cybersecurity work in the government who was impersonated. I did some looking up, and what I found was quite interesting. Both spellings of fish (phish) are used in this and it was quite facinating. Read the featured post for May 20th, Catfishing, Catphishing, what are they? for more on this, and it links to the Cyberscoop article.

Contact information is available for everyone at the end, and I hope you enjoy the program as much as I have bringing it together for you! Thanks so much for listening md feel free to reach out.


Comments (0)

Catfishing, Catphishing, what are they?

Hello folks,

Today, I want to talk a little bit about something I don’t think we’ve ever covered on any blog or podcast. This is a term entitled catfishing spelled with an F as in the fish you eat. There is also catphishing which is defined with a PH as in the Phishing attempts we’re getting now trying to get information online.

According to Bad romance: catphishing explained they define both of these terms.

You’ve heard or read about some variant of this story before: Girl meets Boy on a dating website. Girl falls in love. Boy claims he does, too. Girl is
excited to meet Boy soon. But at the last minute, Girl finds out that Boy (1) had an accident and broke a hip; (2) has a very sick relative he needs to
look after; (3) is going away to a secluded place to “find himself”—you’re not the problem, he is, right?; or (4) (through a helpful and mournful friend)
is dead.
Suddenly suspect, Girl digs a little deeper. Girl finds out that Boy isn’t the dreamboat he portrays himself to be. Boy is, in fact, her female colleague’s
timid 13-year old son whom she met once at a work function.

Another version covers the PH aspect of catphishing.

Two months ago, Deloitte revealed that it was breached by hackers,
who most likely already had access to compromised servers since November 2016. Around the same time, a cybersecurity staffer at Deloitte was convinced to open a booby-trapped Excel file from a female friend he met on Facebook months before. Her name was “Mia Ash,” a London-based photographer. She was described as
lovely and disarming. She was also 100 percent fake.

Two other names were used in this Scheme, Robin Sage, and Emily Williams.

Something else we need to know which has happened to me. People have come to me on other social media such as Facebook or Twitter and asked for a boyfriend. They have asked me for information about what I do, how much I make, and the like. The most recent was someone who I thought I knew of in the disability community, according to the name.

I asked the person why we meeded to move to hangouts and explained that I’ve been potentially scammed before. They asked why and I explained. I didn’t think it was a big deal, but I knew that going from one platform to another without really knowing them first was a bad idea. Messenger allows for calls, so it wasn’t a big deal. What really tipped me off too was that they claimed to be using their sister’s phone, because their phone was broken.

As disabled people, it is important to talk to the person, not just type to someone, especially if we’re going to have a relationship.

What is catphishing?

Catfishing (spelled with an “f”) is a kind of online deception wherein a person creates a presence in social networks as a sock puppet or a fictional online persona for the purpose of luring someone into a relationship—usually a romantic one—in order to get money, gifts, or attention.

Catphishing (spelled with a “ph”) is similar, but with the intent of gaining rapport and (consequently) access to information and/or resources that the unknowing target has rights to.

The one with an F is to break your heart, the PH wants data

Malwarebytes Accessed May 19, 2020

I’ve talked about numerous instances, the one that sticks out is in podcast 289 where we have a person who started on Twitter and then moved to hangouts. They wanted me to set up a bank account, gbut yet asked for money. You can go to the the RSS feed of this podcast and search for that episode.

Catfishing media has been produced, often centering around victims who wish to identify their catfisher. Celebrities have been targeted,
which has brought media attention to catfishing practices.
catfishing (accessed May 19, 2020)

Why are you talking about this?

There is a very good reason that we’re bringing this up. Cyberscoop has an article that talks about this in light of today.

Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, is a busy man. He oversees vast, technical surveillance
efforts in the U.S. and abroad, while also commanding a military outfit charged with launching cyberattacks.

Emailing random women from an outpost in Syria is probably not on his to-do list.

So when, Susan, a woman from the New York City area, started receiving correspondence from a “Paul Nakasone” this week, she wondered why the self-proclaimed
“head of U.S. Army Cyber Command” was trying to flirt with her.

“I Googled this guy and I’m like, ‘Are you kidding me?’” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious,
but I’m a married woman.”

The article goes on, and the long of the short of it, the actor is able to answer a question that was thrown at them by just “googling it” which “googling it” was termed before the turn of the century or shortly after it.

Meanwhile, Cindy was corresponding with a similar account, claiming to be Stephen Lyons. The emails were of a similar nature: flirtatious messages and
requests to download Google Hangouts.

Susan alerted CyberScoop about the Nakasone email address after being unable to contact Facebook about the Lyons account.

There’s more to this facinating story, and I think people need to read the article that I read on cyberscoop which I’ve quoted some of. We all need to learn about this, and I’ve got experience with this. The article indicates that they’ll start small like gift cards and other items, and then ask for bigger items. The fact that none of these people ever called me, one threatened me with their attorney, and the other most recent dropped off after they said they’d go to their room and do as I said. It never happened folks, none of them. They don’t want to call, they want their money, and that’s the most important thing I can give you.

Someone is trying to catfish women by pretending to be Paul Nakasone was read on May 18, 2020 and portions quoted on May 19th for publication. Let me know what you think of this one. Has this happened to you?

Comments (0)

COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims

As the covid-19 pandemic continues around the world, when you think you’ve seen it all, you haven’t. COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims talks about money mules being used to move stolen money. This isn’t anything new, but the fact that the pandemic is here puts a new twist to an old scheme.

There are links to rior blog posts that I may or may not have posted here in this series Phish Labs is posting.

Seen these? Did you spot these? What did you think?

Comments (0)

COVID phishing trends and campaign updates

I read a very interesting article by Phishlabs, a company tht gathers phishing and intellegance data to share with its customers and us as a whole. Jessica talks about some of the latest campaigns including one going out there that discusses a cure for this very interesting disease.

While we grapple with containing this virus, on top of the attempts also braught up by Today’s Trend Micro webinar that discussed this and other things to keep safe, we know that Spam and Phishing campaigns will attempt to get us to look at what they’re sending because we’re all interested in this particular development right now. I’ve seen spam that say tht we need to buy masks that will protect us from this virus, and I get several of those a day.

There are three different lures that are discussed in this article COVID-19 Phishing Update – Campaigns Exploiting Hope for a Cure which is a must read if you read nothing else today.

Thanks so much for reading!

Comments (0)

48 billion emails blocked in 2019 first half for phishing? This is only the beginning

48 billion emails blocked in 2019 first half for phishing? This is only the beginning

Trend Micro penned an article saying that they blocked 48 billion emails within the first half of 2019 alone. As the Corona Virus contnues to take hold, and we who don’t need to go anywhere stay put unless there is something to do, scammers will go at great lengths to make legitiment looking emails asking for money or other aspects of your life.

The blog post How to Stay Safe as Online Coronavirus Scams Spread has some tips. According to the blog, at the time of posting 174,000 were infected. According to statistics last I heard through Live Wire’s system which are updated hourly, the number was 180,000 globally.

As cases are continuing to come in, including one football coach today, we must stay vigilent and watch what we click. Phishing is now hard to spot because it has legitiment logos and the grammar is more up to snuff.

Have you seen this article? What did you think of what it said even though it is a day old now? Let me know your thoughts.

Comments (1)

Tech podcast 340: NLS news of interest, Apple, Microsoft, Phishing and scams, and SSL

We’ve got a podcast full of stuff. Michael in Indiana is along with Apple and Microsoft Phishing and scam news and experiences, and I’ve got a discussion on SSL/TLS stuff as well.

The entire show notations is below.

Welcome to podcast 340 of the technology blog and podcast series! This is the shows notations, and there’s plenty.

  • Braille Book Review is a magazine put out by the Library of Congress’s National Library Service and there’s probably info that may be of interest to some.
  • Michael in Tennessee and I are to talk about Apple, Microsoft, Phishing, and scams.
  • SSL and TLS can go hand in hand with that discussion because I had an incident with a cert expiring, and so did the domain. Bad combo!

Contact info is found on the podcast both at the beginning and end of the program, and I hope you find this podcast of value. Thanks for listening to the program, and remember to leave those thoughts! They’re very valuable. See you on another edition!

Thanks so much for checking out the blog and podcast, and make it a great day!

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu