- Jun 24, 2016
- 636
Phishing, Vishing, Smishing, & Whaling:
The message appears to be from your bank or the company issuing your credit card. You have to click a link to a Web site that looks extremely similar to your bank's own Web site. On this site, you read that you must enter, complete or check your personal data concerning your accounts, credit cards and codes. This will be for "security reasons", "file checks", "data loss", etc. Sometimes you will also be requested to mail your data directly to a specific person.
According to a latest twitter poll run by Lincolnshire Trading Standards, 91 per cent of people don’t know the difference between phishing, smishing or vishing.
The poll also showed that 46 per cent of people had been targeted by scammers, either via email, post, mail, text or phone.
[SOURCE: gainsboroughstandard.co.uk (ARTICLE DATE: 9th Aug 2016)]
PhishMe grows into cyber security powerhouse:
[SOURCE: loudountimes.com (ARTICLE DATE: 25th Aug 2016)]
Leesburg-based cyber security company PhishMe is making waves against fraudulent emails with a new, innovative approach.
“Ultimately the problem is a human problem. Trying to discern what is legitimate in an email is hard,” said co-Founder and CTO Aaron Higbee. “We develop software that companies use to simulate spearfishing attacks on their employees and the idea is that it's not just a one off test, but a conditioning over time.”
The goal is to help people discern what a phishing email looks like and then learn how to report it. In just the five years since PhishMe was launched in 2011, the company now boasts that half the Fortune 100 companies use their software and they have 1,000 enterprise clients. While based in Leesburg, PhishMe has employees and offices all over the world including Dubai, London and Singapore.
“It took a lot of time in the beginning because some of the early conversations we had with customers would say you're going to trick our employees? That's going to make them feel bad. What we helped them understand is the messaging after the fact is about how this is a simulated phish and if it was real these are the consequences that could have happened.”..
[SOURCE: thecourier.co.uk (ARTICLE DATE: 29th Aug 2016)]
Levenmouth police have issued a warning after a 68-year-old woman lost £400 through a “vishing” scam.
The woman fell victim to the fraud on Saturday after receiving a phone call from a man claiming to be from a computing company.
He told her the security of her computer and tablet device had been compromised and that payment was needed to stop it.
She provided the caller with her card details but later discovered more than £400 had been taken from her account.
Sergeant Craig Fyall of Levenmouth police station said: “Perpetrators of “vishing” scams claim to be from legitimate organisations to obtain personal or bank details.
“They can be very convincing and try to take advantage of people’s fears and vulnerabilities."..
Scammers shift to scams through text messages:
[SOURCE: kdvr.com (ARTICLE DATE: 15th Aug 2016)]
Using a laptop computer for sale on Craigslist on Monday morning, potential buyers were asked to text. By the afternoon, 12 people had responded to the ad and all of them had similar stories.
Each buyer wanted to pay immediately through PayPal. Each buyer also wanted the computer shipped out of the country.
Ray Hutchins of Denver Cyber Security looked at the text conversation with one of the potential buyers and recognized several red flags.
The buyer offered to pay more money than the item was listed for, he got very pushy and wanted to close the transaction immediately, he wrote in very broken English, and he asked for the item to be shipped to Nigeria.
One text message read: “how much is total money am send to you now and pls can is the picture of the item now.”
“He’s not speaking usual, normal English. Grammar is wrong. Spelling is wrong,” Hutchins said.
One email listed the amount supposedly transferred into the PayPal account as “$650.OO”, using the letter “O” in place of two of the zeros...
Whaling emerges as major cybersecurity threat:
[SOURCE: cio.com (ARTICLE DATE: 21st Apr 2016)]
A clever variant of phishing scams is proliferating among enterprises, forcing CIOs to up their game even as they are still refining their cybersecurity practices to contend with various zero-day attacks. Called whaling, the social engineering grift typically involves a hacker masquerading as a senior executive asking an employee to transfer money.
Unlike typical phishing or spearphishing scams, in which an attacker typically includes a malicious URL or attachment, whaling is a pure social engineering hack targeting relationships between employees, says Steve Malone, director of security product management at Mimecast. Whaling fraudsters either gain access to an executive's email inbox, or email employees from a fake domain name that appears similar to the legitimate domain name. They ask the intended recipient to take some action, such as moving money from a corporate account to an account the fraudster has set up, Malone says.
Often, the language and phrasing of the email request are designed to sound similar to those that might come from CEOs, CFOs and finance staff. The note may begin with a simple greeting, such as "Hello, how are you," and inquire if the recipient is in the office, a seemingly natural query. Then they'll ask the potential victim to trigger a money transfer, issue a bank payment, or email a W2 or some other sensitive document. "There's no way to spy that as bad," Malone says. "The content is human-written so a spam filter won't pick it up and it's hard to detect because there are no links or attachments."..
- Phishing-
The message appears to be from your bank or the company issuing your credit card. You have to click a link to a Web site that looks extremely similar to your bank's own Web site. On this site, you read that you must enter, complete or check your personal data concerning your accounts, credit cards and codes. This will be for "security reasons", "file checks", "data loss", etc. Sometimes you will also be requested to mail your data directly to a specific person.
- Vishing-
- Smishing-
[SOURCE for the above descriptions: itweb.co.za]
- Whaling-
[SOURCE: infoworld.com]
According to a latest twitter poll run by Lincolnshire Trading Standards, 91 per cent of people don’t know the difference between phishing, smishing or vishing.
The poll also showed that 46 per cent of people had been targeted by scammers, either via email, post, mail, text or phone.
[SOURCE: gainsboroughstandard.co.uk (ARTICLE DATE: 9th Aug 2016)]
PhishMe grows into cyber security powerhouse:
[SOURCE: loudountimes.com (ARTICLE DATE: 25th Aug 2016)]
Leesburg-based cyber security company PhishMe is making waves against fraudulent emails with a new, innovative approach.
“Ultimately the problem is a human problem. Trying to discern what is legitimate in an email is hard,” said co-Founder and CTO Aaron Higbee. “We develop software that companies use to simulate spearfishing attacks on their employees and the idea is that it's not just a one off test, but a conditioning over time.”
The goal is to help people discern what a phishing email looks like and then learn how to report it. In just the five years since PhishMe was launched in 2011, the company now boasts that half the Fortune 100 companies use their software and they have 1,000 enterprise clients. While based in Leesburg, PhishMe has employees and offices all over the world including Dubai, London and Singapore.
“It took a lot of time in the beginning because some of the early conversations we had with customers would say you're going to trick our employees? That's going to make them feel bad. What we helped them understand is the messaging after the fact is about how this is a simulated phish and if it was real these are the consequences that could have happened.”..
[To read the full article please visit loudountimes.com]
Woman targeted by “vishing” scam in Leven:
[SOURCE: thecourier.co.uk (ARTICLE DATE: 29th Aug 2016)]
Levenmouth police have issued a warning after a 68-year-old woman lost £400 through a “vishing” scam.
The woman fell victim to the fraud on Saturday after receiving a phone call from a man claiming to be from a computing company.
He told her the security of her computer and tablet device had been compromised and that payment was needed to stop it.
She provided the caller with her card details but later discovered more than £400 had been taken from her account.
Sergeant Craig Fyall of Levenmouth police station said: “Perpetrators of “vishing” scams claim to be from legitimate organisations to obtain personal or bank details.
“They can be very convincing and try to take advantage of people’s fears and vulnerabilities."..
[To read the full article please visit thecourier.co.uk]
Scammers shift to scams through text messages:
[SOURCE: kdvr.com (ARTICLE DATE: 15th Aug 2016)]
Using a laptop computer for sale on Craigslist on Monday morning, potential buyers were asked to text. By the afternoon, 12 people had responded to the ad and all of them had similar stories.
Each buyer wanted to pay immediately through PayPal. Each buyer also wanted the computer shipped out of the country.
Ray Hutchins of Denver Cyber Security looked at the text conversation with one of the potential buyers and recognized several red flags.
The buyer offered to pay more money than the item was listed for, he got very pushy and wanted to close the transaction immediately, he wrote in very broken English, and he asked for the item to be shipped to Nigeria.
One text message read: “how much is total money am send to you now and pls can is the picture of the item now.”
“He’s not speaking usual, normal English. Grammar is wrong. Spelling is wrong,” Hutchins said.
One email listed the amount supposedly transferred into the PayPal account as “$650.OO”, using the letter “O” in place of two of the zeros...
[To read the full article please visit kdvr.com]
Whaling emerges as major cybersecurity threat:
[SOURCE: cio.com (ARTICLE DATE: 21st Apr 2016)]
A clever variant of phishing scams is proliferating among enterprises, forcing CIOs to up their game even as they are still refining their cybersecurity practices to contend with various zero-day attacks. Called whaling, the social engineering grift typically involves a hacker masquerading as a senior executive asking an employee to transfer money.
Unlike typical phishing or spearphishing scams, in which an attacker typically includes a malicious URL or attachment, whaling is a pure social engineering hack targeting relationships between employees, says Steve Malone, director of security product management at Mimecast. Whaling fraudsters either gain access to an executive's email inbox, or email employees from a fake domain name that appears similar to the legitimate domain name. They ask the intended recipient to take some action, such as moving money from a corporate account to an account the fraudster has set up, Malone says.
Often, the language and phrasing of the email request are designed to sound similar to those that might come from CEOs, CFOs and finance staff. The note may begin with a simple greeting, such as "Hello, how are you," and inquire if the recipient is in the office, a seemingly natural query. Then they'll ask the potential victim to trigger a money transfer, issue a bank payment, or email a W2 or some other sensitive document. "There's no way to spy that as bad," Malone says. "The content is human-written so a spam filter won't pick it up and it's hard to detect because there are no links or attachments."..
[To read the full article please visit cio.com]