DMARC Goes Live

Yesterday, dmarc.org released the new DMARC standard for email.  Contributors to the DMARC standard include Agari, American Greetings, AOL, Bank of America, Cloudmark, Comcast, Facebook, Fidelity Investments, Google, LinkedIn, Microsoft, PayPal, Return Path, TDP, and Yahoo!. DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.”  DMARC provides important extensions to the existing email authentication standards by providing automated and standardized methods to process messages that fail email authentication. DMARC explains the significance of this enhancement: A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither [...]

Hackers For Hire

When we think of hacking passwords, the image that comes to mind is that of technically savvy geniuses who use super high-tech tools, fancy computers, and whiz-bang software to crack the password.  Like Tim and Abby from the popular CBS television show NCIS: How do real hackers crack passwords?  In "Hackers for Hire Are Easy to Find", The Wall Street Journal reports: [T]he IHG  [hacking] service worked like this: It requested the target person's email address, the names of friends or colleagues, and examples of topics that interest them. The hackers would then send an email to the target that sounded as [...]

2017-01-07T17:35:24-05:00January 26th, 2012|spear phishing|

Zappos Hacked: Customers Beware Phishing Scams

It is being widely reported in the press that an estimated 24 million Zappos user accounts have been compromised. Mashable reports: Robert Siciliano, a McAfee consultant and identity theft expert, says he expects whoever hacked Zappos’s site will now sell the data to people who run phishing scams. “They’ll sell it 10,000 accounts at a time, short money, like $100,” he says. While hackers don’t have complete credit card numbers, Siciliano says there’s enough information for a hacker to approach affected users as either Zappos or the credit card company and then ask them for more data — the classic [...]

2017-01-07T17:35:24-05:00January 16th, 2012|Consumers and Email, Iconix Truemark Service, Phishing|

U.S. Government Agencies Targeted By Malware

Mashable has posted a video describing the latest twist on the Sykipot targeted attack. As an added layer of IT  defense, the U.S. Government has adopted smart cards control access to data systems.  In this attack, the hackers attack the users by sending spearphishing emails that install malware which hijacks the smart cards.  Once activated, the malware by-passes the smart card protection. The technical details are reported by AlienVault.  AlienVault concludes: As defenses get better, attackers will continue to change their tactics to adapt, and as seen here, will hijack the very systems designed to provide more security, if necessary. An [...]

2017-03-08T14:32:28-05:00January 16th, 2012|SP Guard, spear phishing|

IRS Email Warns Of Phishing — Is the Warning Phishing?

Today the IRS issued its Tax Tip 2012-08 warning about phishing scams aimed at US taxpayers.   Subscribers to IRS information services received an email about the warning. This is a screen shot of the email: Is this a real IRS email?  Did you notice these odd things about it? Why would I open such an obviously fake email?  Because it isn't fake -- it is real.  I know it is real because I use the products of Iconix.  This is what my display looks like with SP Guard turned on: The IRS really made spelling errors and the IRS [...]

IRS Issues Phishing Warning

Today the IRS issued Tax Tip 2012-08 warning about phishing attacks.  We reproduce it here as a public service. Don’t be Scammed by Cyber Criminals IRS TAX TIP 2012-08, January 12, 2012The Internal Revenue Service receives thousands of reports each year from taxpayers who receive suspicious emails, phone calls, faxes or notices claiming to be from the IRS. Many of these scams fraudulently use the IRS name or logo as a lure to make the communication appear more authentic and enticing. The goal of these scams – known as phishing – is to trick you into revealing your personal and [...]

2018-04-05T12:11:35-04:00January 12th, 2012|Phishing|

Targeted Attacks – Harden the Human Target

In order to compromise data networks, a point of entry is required.  An effective point of entry is the people who use the systems.   The Wall Street Journal's recent article, You Are A Security Risk, provides a nice discussion of this topic.  Ironically, the criminals use publicity about cyber intrusions to dupe careful people into their trap.  For example, there is a fake security alert purporting to be from CERT.  There is another current targeted attack using emails allegedly from the Stratfor’s CEO George Friedman, urging recipients to provide personal information in response to the recent compromise of Stratfor [...]

2017-01-07T17:35:24-05:00January 11th, 2012|SP Guard, spear phishing|

Targeted Attack Seeks US Drone Technology

Nextgov is reporting that someone has been conducting a targeted attack against federal agencies and contractors. It appears that the attackers are trying to infiltrate aircraft designers’ computers in order to spy on the U.S. government's plans for remotely piloted aircraft. Alienvault Labs has studied this attack, dubbed “Sykipot”, and reported on it in detail. Alienvault Labs found: The modus operandi is simple, they send emails with a malicious attachment or link, sometimes using a zero-day exploit to key employees of different organizations. The attack, which has been running since at least September of 2011, uses images such as these as [...]

2017-05-23T14:53:07-04:00January 4th, 2012|SP Guard, spear phishing|