HackDig : Dig high-quality web security articles

Busted! Fraud-as-a-Service gang that sold 2FA-proof phishing arrested

The Dutch police announced that they arrested two Dutch citizens, aged 24 and 15, for developing and selling phishing panels. The police also searched the house of another suspect, an 18 year old who was not arrested. The people behind this illegal business called themselves the Fraud Family and were active on Telegram to sell their panels to interested p
Publish At:2021-07-23 17:42 | Read:147 | Comments:0 | Tags:Scams Social engineering 2fa anti-bot fraud family green pad

Managed Detection and Response in Q4 2020

 Download full report (PDF) As cyberattacks become more sophisticated, and security solutions require more resources to analyze the huge amount of data gathered every day, many organizations feel the need for advanced security services that can deal with this growing complexity in real time, 24/7. This article contains some analytical findings from Mana
Publish At:2021-07-21 06:15 | Read:151 | Comments:0 | Tags:Publications DDoS-attacks Malware Statistics Security techno

Microsoft secured court order to take down domains used in BEC campaign

Microsoft has seized 17 malicious homoglyph domains used by crooks in a business email compromise (BEC) campaign targeting its users. Microsoft’s Digital Crimes Unit (DCU) has seized 17 domains that were used by scammers in a business email compromise (BEC) campaign aimed at its customers. The IT giant secured a court ord
Publish At:2021-07-20 07:59 | Read:199 | Comments:0 | Tags:Breaking News Cyber Crime Hacking BEC Social Engineering spa

Beware, crypto-scammer seeks foreigner with BLOCK CHAIN ACCOUNT

We’ve observed a 419-style scam (also known as an advance fee scam) which combines the promise of cryptocurrency riches with WhatsApp conversation. The mail, which arrived with the subject “Urgent respond”, begins as follows: Greetings to you my friend, My name is Haifa Kalfan, I am the Store manager with a Security Firm here in Malaysia
Publish At:2021-07-19 10:27 | Read:200 | Comments:0 | Tags:Social engineering cryptocurrency scam email fake phish phis

When ‘Later’ Never Comes: Putting Small Business Cybersecurity First

Small- and medium-sized businesses can be victims of digital attacks as much as global ones can. In fact, 88% of small business owners think they’re open to a cyberattack. In response, startups must allocate time and resources to getting the right small business cybersecurity measures, right? If only business realities were that simple. Let&rsquo
Publish At:2021-07-16 09:38 | Read:199 | Comments:0 | Tags:CISO Security Services digital security small business Cyber

What is scareware?

Scareware is a type of rogue program which has been around for many years, arguably dating back to 1990. It can be installed without permission, or via deception and false promises. Scareware is primarily used to panic or worry someone into performing a task they otherwise wouldn’t have done. There are some caveats to this, which we’ll cover below. The re
Publish At:2021-07-16 08:21 | Read:146 | Comments:0 | Tags:101 adware browser malware prank scare scareware Social Engi

Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either

Elon Musk is an incredibly popular target for scammers and spammers on social media. Attach his name to something he has no involvement in and watch it fly. Verified accounts on Twitter continue to be favourites for account compromise / fake Elon scams. Those often turn out to be Bitcoin related. Sometimes, it’s on a grand scale. There are other Elo
Publish At:2021-07-12 11:39 | Read:132 | Comments:0 | Tags:Social engineering Bot elon elon musk free musk offer spam t

Malspam banks on Kaseya ransomware attack

The Malwarebytes Threat Intelligence Team recently found a malicious spam campaign making the rounds and banking on the ransomware attack that forced Kaseya to shut down its VSA service. This is a classic example of an opportunistic attack conducted by (potentially) another threat actor/group off the back of another threat actor/group’s attack. With
Publish At:2021-07-08 16:09 | Read:137 | Comments:0 | Tags:Social engineering cobalt strike dridex information stealer

Top 5 Scam Techniques: What You Need to Know

Scammers are increasingly resourceful when coming up with scam techniques. But they often rely on long-standing persuasion techniques for the scam to work. So, you may hear about a new scam that uses a novel narrative, but there is a good chance that the scam relies on proven scam techniques once the narrative is stripped away. These scam techniques often ex
Publish At:2021-07-02 05:20 | Read:213 | Comments:0 | Tags:IT Security and Data Protection cybercrime cybersecurity Phi

Confessions of a Famous Fraudster: How and Why Social Engineering Scams Work

In a world in which bad news dominates, social engineering scams that carry a promise of good news can be incredibly lucrative for cyber criminals.  In one recent example, fraudsters set up a phony job posting using a real recruiter as the contact person for the hiring process. Applicants hoping for a chance at the too-good-to-be-true position were ins
Publish At:2021-07-01 17:47 | Read:203 | Comments:0 | Tags:Banking & Finance Data Protection Fraud Protection Identity

Real or Fake? When Your Fraud Notice Looks Like a Phish

So I Received a Phishing Email… I recently received an email indicating my credit card number had potentially been stolen and used for fraud. At this point, I am used to both having my credit card number stolen and receiving messages telling me it’s been stolen when it has not. My attempt to determine whether I was a victim of fraud or the target of
Publish At:2021-06-03 10:06 | Read:377 | Comments:0 | Tags:Penetration Testing Security Testing & Analysis Social Engin

Email spoofing: how attackers impersonate legitimate senders

Introduction In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address. SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no pr
Publish At:2021-06-03 07:55 | Read:358 | Comments:0 | Tags:Publications Phishing Social engineering Spammer techniques

Hackers Launch Cyberattack via U.S. Aid Agency Email Accounts

Microsoft announced a Russian threat group (ITG05, aka Nobellium, APT28) also thought to be behind the SolarWinds attack conducted an email campaign masquerading as the U.S. Agency for International Development. Microsoft reports that while organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries.
Publish At:2021-05-28 15:44 | Read:348 | Comments:0 | Tags:Government Security Services Threat Intelligence Threat Rese

Taking Time Off? What Your Out of Office Message Tells Attackers

As more people are vaccinated and free to live a more normal life again, vacation plans, trip pictures and conference hashtags will flood social media sites. Phone calls and emails to colleagues will be met with out of office (OOO) messages. You might feel happy for that person, or maybe a little jealous that they are getting away. You should also feel
Publish At:2021-05-21 14:19 | Read:427 | Comments:0 | Tags:Data Protection Fraud Protection Security Services Data Data

Bizarro banking Trojan expands its attacks to Europe

Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. We have seen users being targeted in Spain, Portugal, France and Italy. Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries. Following in the footsteps of Tetrade, B
Publish At:2021-05-17 08:42 | Read:380 | Comments:0 | Tags:Malware descriptions Backdoor Brazil Financial malware Keylo

Tag Cloud