Spear-Phishing – The New Spying #4

Part of the fall-out from WikiLeaks was the Anonymous.com attack on various organizations.  One of the entities attacked was HBGary, a firm that provides cyber-security advisory services and products to government and industry.  Bloomberg News reports on the contents of some of the 60,000 emails that were stolen from HBGary.  These emails show that spear-phishing is a much larger problem than had been previously acknowledged. Bloomberg reports: Security experts say that the hackers’ techniques now surpass the ability of even the most sophisticated companies to catch them easily. The e-mails show that hackers routinely bypassed firewalls with so-called spear-fishing e-mails [...]

2017-01-07T17:35:28-05:00March 31st, 2011|Phishing|

IRS Warnings – Tax Tip 2011-58

It is tax time again in the USA.  And that is the time for fake emails that pretend to be from the IRS.  In its recent Tax Tip 2011-58, the IRS advised: Identity Theft: It pays to be choosy when it comes to disclosing personal information. Identity thieves have used stolen personal data to access financial accounts, run up charges on credit cards and apply for new loans. The IRS is aware of several identity theft scams involving taxes or scammers posing as the IRS itself. The IRS does not use e-mail to contact taxpayers about issues related to their [...]

Phishing – The New Spying #3

You may recall that last month, we wrote about a spear-phishing attack in Canada.  Spear phishing is a very highly targeted email scam in which the email is carefully crafted to entice the specific recipient.  This differs from the now familiar Nigerian millionaire scheme which is based on fooling a very small percentage of a large number of recipients. New reports from Canada indicate that the attack was not as benign as was initially reported.  It now appears that the hackers used spear-phishing attacks to gain access to confidential information in three departments of the Canadian government:  The Defence Research [...]

2018-04-05T13:06:43-04:00March 18th, 2011|Iconix Truemark Service, Phishing|

Consumers More Engaged With Email

According to recent research published by Forrester Research, “Consumer Email Attitudes Improve.”, consumers are more engaged with email.   Forrester compared research conducted since 2006 that showed these very important consumer shifts in email attitudes:  Consumers forward promotional email more often: In 2010, 12% of consumers say they sometimes forward promotional email to others, up from the 10% in 2008, and 9% in 2006. Fewer messages deleted without reading: In 2010, 59% of consumers said they delete most email messages without reading them, down from the 63% in 2008 and the 73% in 2006. Integrate email promotions and personal email: Only [...]

Phishing – The New Spying #2

You may remember reports of a spies infiltrating Canadian government and U.S. government computers using carefully crafted highly targeted phishing emails.   Now the French government has been compromised.  Patrick Pailloux , the executive director of France's ANSSI (National Security Agency Information Systems), has identified this attack on the French Finance Ministry as espionage. In what is becoming an all-too familiar scenario, highly sophisticated perpetrators sent carefully crafted emails with highly targeted content and calls to action to a select group of government officials.  Like all phishing schemes, this one appealed to the recipients’ desires, fears and curiosity to get the recipients [...]

2017-01-07T17:35:28-05:00March 10th, 2011|Phishing|

Iconix Whitepaper – Getting More From Email Authentication

Today Iconix released a whitepaper entitled, “Getting More From Email Authentication.” As the whitepaper describes, Email authentication is a technical means of identifying the sender of email.  When a sender uses email authentication, a public record is created that that can be used by the recipient to verify the identity of the sender.  However, email authentication is a self-issued credential.  The owner of phishing.com can authenticate its email.  Email authentication alone does not solve the problem of bad guys pretending to be good guys.  Email authentication is used by email filtering systems as an important spam indicator.  Unauthenticated email is [...]