What’s Worse – Phishing or Malware?

New research from Google, U.C. Berkeley and International Computer Science Institute made this stunning finding: We find victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. In comparison, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims. This just examined one problem -- stolen credentials. Now consider how this applies to installing ransomware and malware, abuse of native processes, human misdirection of files (such as sending payroll tax returns in response to phishing) and the Business Email Compromise. Interestingly, the researchers do not ask why phishing [...]

Massive Google Docs Phishing Attack Sweeps Internet Today

A large scale phishing attack using a google docs exploit rapidly spread across the internet today. Google Docs Phishing Email You can learn about the data processing aspects of this attack. It has been reported in the The Wall Street Journal, The Verge, The New York Times, and many other sources. What about the human aspects of this problem?  Why did people open these emails?  Why do people open any emails? Prof. Arun Vishwanath, in Why Do People Get Phished,  established that people open emails as a matter of habit which is invoked in response to perceived relevance and [...]

2017-05-04T14:06:33+00:00 May 4th, 2017|Consumers and Email, Phishing, SP Guard, spear phishing|

Phishing as a Service

Look familiar? This is the familiar Google login page. The main display is correct. The google favicon is in the tab.  The URL has gmail in it. Oh, but it isn't Gmail! In a recent blog posting, researchers at Fortinet remind us of this unfortunate fact: The easiest way to steal credentials is to ask for them! In this criminal enterprise, the service provides all the tools a bad guy needs. The bad guys offer an easy to use interface to create the fake gmail page. The bad guys provide the backend that harvests the credentials from the page. Finally, the [...]

Iconix Issued Eighth U.S. Patent For Email

ICONIX, Inc., the industry leader in visual email solutions, announced that the United States Patent and Trademark Office has issued Iconix’s eighth patent titled “System and Method for Securely Performing Multiple Stage Email Processing With Embedded Codes.” The abstract for U.S. Patent 9,325,528, dated April 26, 2016, states: “A system and method for performing email processing at multiple stages along an email delivery chain.”   Technology from this patent is applicable to all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which helps protect enterprises from spear-phishing attacks.  The [...]

Compromise Monday – Now What?

Last week saw an inauspicious beginning to Cybersecurity Awareness Month with user data compromises announced at: The American Banker Association, number undisclosed T-Mobile, 15 million, over 2 years ending Sept. 16, 2015 Scottrade, 4.6 million during late 2013 and early 2014 Patreon, the crowdsourcing website, 2.3 million users Now you are aware of Cybersecurity. What next?  You can't fix your vendors. You can have some more free credit monitoring to augment the free monitoring you got when Anthem lost your records, or Target, or Neiman Marcus, or The Office of Personnel Management, or [fill in the blank]. Let's look at how credit monitoring [...]

2017-01-07T17:35:10+00:00 October 5th, 2015|Consumers and Email, Cybersecurity - General|

Iconix Issued Seventh U.S. Patent For Email

ICONIX, Inc., the industry leader in visual email solutions, announced on September 15, 2015, that the United States Patent and Trademark Office has issued Iconix's seventh patent titled "User interface for email inbox to call attention differently to different classes of email." The abstract for U.S. Patent 9,137,048, dated September 15, 2015, states: "Sender emails have their Truemarks (icons) displayed in the sender column of a list view” and “fraudulent emails have a fraud icon displayed with a warning in the sender column.” Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which [...]

How Do Hackers Infiltrate Systems?

The accounts of tens of millions of Anthem members are stolen.  $1 billion are stolen from banks. Sony Pictures is compromised. The Chinese steal US military aircraft plans. The President of the United States decries the losses and appoints someone to fix the problem.  Yet, what is the problem?  Professor Arun Vishwanath, writing in  The Conversation tells us that the system resource being exploited over and over and over again isn't some router or disk drive or program -- it is you, the person operating the machine. It's You! In Before decrying the latest cyberbreach, consider your own cyberhygiene, [...]

Jimmy Kimmel Demonstrates Social Engineering

The keys to your cyber kingdom are your passwords.  All your money, your contacts, your calendar and the photos you won't show your mom are protected by the power of your password.  You know that.  Bad guys know that.  That is why bad guys want passwords.  They use social engineering techniques to steal passwords. What is social engineering?  How hard is it to manipulate people into divulging this crucial cyber security information?  Jimmy Kimmel shows us:  

2017-01-07T17:35:13+00:00 January 30th, 2015|Consumers and Email, Cybersecurity - General|

CNN – Simple Spearphishing Attacks Very Effective

Writing in CNN Opinion, Professor Arun Vishwanath of the University at Buffalo discusses the ease with which hackers can invade networks using spearphishing.  He writes: Hackers often enter networks through simple phishing attacks, attacks that these days are actually simpler but more insidious than the infamous Nigerian phishing scams. Now, instead of trying to persuade you to part with your money in exchange for a nonexistent financial windfall, emails from trusted sources ask you to check out a photograph, click on a hyperlink to an interesting story or enter your login on an official-looking webpage. Complying with any of these [...]

2017-01-07T17:35:13+00:00 December 17th, 2014|Consumers and Email, Cybersecurity - General, spear phishing|