Blog

The APWG continues to refine its tracking and reporting methodology.  APWG tracks and reports the number of unique phishing reports (e-mail campaigns) it receives, in addition to the number of unique phishing sites found.  The APWG also tracks the number of unique phishing websites.    The APWG Phishing Activity Trends Report for 4th Quarter 2016 indicates that the total ...

In another interesting example of what happens when you don’t manage your backups correctly, the Licking County government offices, including the police force, have been shut down by ransomware. Although details are sparse, it’s clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up. Wrote Kent Mallett of the Newark Advocate...

What is phishing? Email Phishing scams are carried out online by tech-savvy con artists and identity theft criminals. They use spam, fake websites constructed to look identical to real sites, email and instant messages to trick you into divulging sensitive information, like bank account passwords and credit card numbers. Once you take the phisher's bait, they can use the information to create f...

Internet fraud has been around for just about as long as the Internet itself.  According to a Kaspersky Lab 2016 Report, each year, cybercriminals come up with new techniques and tactics to fool their potential victims.    Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc.  The aim of these em...

The Verizon Data Breach Investigations Report Summary highlights key information related to social engineering. Now in its ninth year of publication, the “Verizon 2016 Data Breach Investigations Report” analyzes more than 2,260 confirmed data breaches and more than 100,000 reported security incidents in this year’s report – the highest since the report’s inception in ...

According to Netswitch Technology Management, the Advanced Persistent Threat (APT) kill-chain looks like the following: Social Engineering: Identify individuals that have the needed access privileges. Spear Phishing: Attackers send spoofed e-mails with malicious links to download malware and infect high-value employee machines. Malware Infection: malware is downloaded on a system within ...

To improve your cyber security and successfully prevent, detect and resolve advanced persistent threats, you need to know how APTs work: The cyber-criminal or threat actor gains entry through an e-mail, network, file or application vulnerability and inserts malware into an organizational network. The network is considered compromised, but not breached. The advanced malware probes for addit...

Advanced Persistent Threat (APT) campaigns comprise a growing part of the current threat landscape. Some APT campaigns remain active, in fact, even after drawing extensive media attention. APT Campaign routines may vary over time but their primary goal remains the same – to gain entry to a target organization’s network and obtain confidential information. There are two ways to look...

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or website with a broad membership base, such as eBay or PayPal. In the case of spear phishing, the apparent source of t...

Phishing is the attempt to acquire sensitive informative such as usernames, passwords and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Phishing is the illegal attempt to acquire sensitive information for malicious reasons. Traditional phishing attacks are usually conducted by sending malicious e-mails to as many people...

Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Phishing Activity Trends Report. These reports address phishing trends and underscore the significance of phishing by quantifying the scope of the global phishing problem. Key findings in the APWG Phishing Trends Report for Q4 2015: The Retail/Service sector became the most-targeted industry sector in the fourth quarter...

Symantec Internet Security Threat Report: 2016 The Symantec Internet Security Threat Report includes vast information on security related issues. Spam, phishing and malware data are captured through a variety of sources. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze and provide informed commentary on emerging trends in attacks, malic...

Since the 90s, phishing continues to evolve and continues to trick, especially those in communications, legal and customer service areas.  According to the Verizon 2015 Data Breach Investigations Report, 23% of recipients open phishing messages and 11% click on attachments to those messages.  Of more concern, 50% of recipients open e-mails and click on phishing links within the first h...

Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Global Phishing Survey. This report addresses phishing trends and underscores the significance of phishing by quantifying the scope of the global phishing problem. In this report, APWG examines all the phishing attacks detected in the second half of 2014, July 1 through December 31). Major findings were as follow: In th...

The monthly Symantec Intelligence Report identifies their latest analysis of the security landscape concerning malware, spam, and other cyber threats. There are several interesting facts identified in this report. 82 percent of all social media attacks so far in 2013 have been fake offerings. This is up from 56 percent in 2012. The global phishing rate is up in August, comprisi...

Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Global Phishing Survey: Trends and Domain Name Use. This reports addresses phishing trends and underscores the significance of phishing by quantifying the scope of the global phishing problem. In this report, the APWG examines all the phishing attacks detected in the first half of 2013 (“1H2013”, January 1 to June...

The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report 2013 analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website and by e-mail submissions. The APWG also measures the evolution, proliferation, and propagation of crimeware by drawing from the research of its member companies. This rep...

Security awareness training is important. In today’s business environment, information security is important.  Securing information helps keep competitive advantages, meet regulatory compliance, and satisfy customer expectations.  Security compromises can be expensive in direct expenditures, such as fixing a vulnerability, and indirect costs, such as damage to reputation.  A...

When conducting social engineering testing as part of an audit or security assessment, should the client provide a listing of employees to test? Doing so is generally termed white box testing, as detailed information is provided to the auditor. The term “white box testing” was originally used to describe a form of software testing where detailed information on the software applicatio...

Social engineering attacks, or attacks on the human component of security, are a significant threat to businesses. With the proliferation of online tools and resources or attackers, the threat continues to grow. Although a business can spend money on firewalls, cameras, locks, and other security systems, it cannot ignore the human element. Without addressing the human component of the security s...