About rpziconix

This author has not yet filled in any details.
So far rpziconix has created 198 blog entries.

Compromised Email Accounts – Threat Actor Gold Mine

What can a threat actor do with a compromised email account? They can steal a lot of money! Yahoo!News provides the details of a clever email scam involving real estate. The threat actors used their access to a compromised real estate settlement company email account to send fraudulent payment instructions to the buyers.  Instead of wiring the money to the account of the settlement company, the recipients of the fraudulent email sent the money to the criminals. This is just one class of Business Email Compromise, a crime in which compromised email is used to steal money. The latest FBI Internet [...]

The Atlantic on Phishing

In a recent article entitled Phishing Is the Internet’s Most Successful Con, the Atlantic observes: Phishing doesn’t attack computers. It attacks the people using computers. The Sting - The Art of the Con Cormac Herley, a principal researcher at Microsoft Research, observes in the article: Many security-professional and media recommendations exhort eternal vigilance, paying attention to every detail. This is terrible advice. I’m a professional with years of experience in this space and I don’t bother to inspect my emails or carefully read all my URLs: I have things to do. As a strategy for the constant level of [...]

Prof. Vishwanath, Iconix’s Science Advisor, Published by CNN

Prof. Arun Vishwanath, Iconix's Science Advisor, was recently published by CNN. In his article, Spear phishing has become even more dangerous, Prof. Vishwanath discusses how threat actors take advantage of several weaknesses of procedures on the Internet, and the vulnerabilities are growing worse. He highlights how tricking users is an important element of these evil plots.

Iconix Issued Ninth Patent for Email

The United States Patent and Trademark Office has issued Iconix's ninth patent titled "Rapid Identification of Message Authentication." The abstract for U.S. Patent 10,063,545, dated August 28, 2018, states: "Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender's domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication.” Prof. Arun Vishwanath, Iconix’s Science [...]

Google: Security Keys Neutralized Employee Phishing. Really?

Recent press reports tell us that Google has solved the phishing problem. These stories trace their source back to a posting on KrebsonSecurity dated July 23, 2018, entitled Google: Security Keys Neutralized Employee Phishing.  Krebs summarizes the solution: The basic idea behind two-factor authentication is that even if thieves manage to phish or steal your password, they still cannot log in to your account unless they also hack or possess that second factor. This is clearly an important protection against a particular subset of the phishing problem -- use of stolen credentials. But it hardly neutralizes phishing. The day after describing [...]

2018-07-24T14:29:07+00:00July 24th, 2018|Cybersecurity - General, Phishing, SP Guard, spear phishing|

Russian Election Interference = Phishing

On July 13, 2018, the Special Counsel indicted 12 Russian GRU agents for interfering in the 2016 U.S. presidential election. The indictment provides a detailed description of how spearphishing works. For example, paragraph 21 of the indictment states, ANTONOV, BADIN, YERMAKOV, LUKASHEV, and their co-conspirators targeted victims using a technique known as spearphishing to steal victims’ passwords or otherwise gain access to their computers. Beginning by at least March 2016, the Conspirators targeted over 300 individuals affiliated with the Clinton Campaign, DCCC, and DNC. Spearphishing attacks systems by attacking the users.  SP Guard provides users with defenses against these attacks.

2018-07-18T12:46:51+00:00July 18th, 2018|Cybersecurity - General, Phishing, SP Guard, spear phishing|

FBI Internet Crime Statistics

On May 7, 2018, the FBI published its report of online crimes, 2017 Internet Crime Report.  This vis summaries the FBI's  findings: The largest losses were attributed to the Business Email Compromise/Email Account Compromise in which the victim is tricked into sending money to criminals. This crime is almost exclusively committed using deceptive emails. Deceptive emails are also used to commit other internet crimes such as data breaches, identity theft, phishing, and ransomware. SP Guard fights email deception by helping users identify suspicious emails.

Successful Phishing – Pretend to be FBI

The FBI warns that cyber criminals are sending phishing emails that impersonate the FBI! Why does this scam work?  Because it is easy for cyber criminals to create very convincing emails that appear to come from the FBI.  The FBI gives some examples here. How big a problem is fake email?  What are the big cyber crime problems? Check in next week when we discuss the FBI's recently released 2017 Internet Crime Annual Report.