Compromised Email Accounts – Threat Actor Gold Mine

What can a threat actor do with a compromised email account? They can steal a lot of money! Yahoo!News provides the details of a clever email scam involving real estate. The threat actors used their access to a compromised real estate settlement company email account to send fraudulent payment instructions to the buyers.  Instead of wiring the money to the account of the settlement company, the recipients of the fraudulent email sent the money to the criminals. This is just one class of Business Email Compromise, a crime in which compromised email is used to steal money. The latest FBI Internet [...]

Iconix Issued Ninth Patent for Email

The United States Patent and Trademark Office has issued Iconix's ninth patent titled "Rapid Identification of Message Authentication." The abstract for U.S. Patent 10,063,545, dated August 28, 2018, states: "Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender's domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication.” Prof. Arun Vishwanath, Iconix’s Science [...]

Iconix Issued Eighth U.S. Patent For Email

ICONIX, Inc., the industry leader in visual email solutions, announced that the United States Patent and Trademark Office has issued Iconix’s eighth patent titled “System and Method for Securely Performing Multiple Stage Email Processing With Embedded Codes.” The abstract for U.S. Patent 9,325,528, dated April 26, 2016, states: “A system and method for performing email processing at multiple stages along an email delivery chain.”   Technology from this patent is applicable to all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which helps protect enterprises from spear-phishing attacks.  The [...]

Spearphishers Rob Russian Banks

Kaspersky has uncovered a cyberattack that is being used to rob Russian banks. The attack is being called "well planned and executed" in the press. The attack is a model of deception -- the core of spearphishing. Deception is not a computer science concept; deception is a concept of human cognition. Spearphishing is deception perpetrated with computers. Attackers know that people open email based on perceived relevance, urgency clues and habit. In this case, the attackers knew that bank employees would perceive emails from FinCERT, the Russian banking regulator, as relevant and urgent, and would, as a matter of habit, open [...]

Iconix Issued Seventh U.S. Patent For Email

ICONIX, Inc., the industry leader in visual email solutions, announced on September 15, 2015, that the United States Patent and Trademark Office has issued Iconix's seventh patent titled "User interface for email inbox to call attention differently to different classes of email." The abstract for U.S. Patent 9,137,048, dated September 15, 2015, states: "Sender emails have their Truemarks (icons) displayed in the sender column of a list view” and “fraudulent emails have a fraud icon displayed with a warning in the sender column.” Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which [...]

Iconix Issued Sixth U.S. Patent For Email

On December 2, 2014, the United States Patent and Trademark Office issued Iconix its sixth patent titled "RAPID IDENTIFICATION OF MESSAGE AUTHENTICATION." The abstract for U.S. Patent 8,903,742, dated December 2, 2014, states: "Techniques are presented for uniquely identifying authentication associated with messages.” Iconix filed the patent on October 10, 2011. Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which protects enterprises from spear-phishing attacks. The Iconix services utilize the two main forms of email authentication – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) – to [...]

DMARC Goes Live

Yesterday, dmarc.org released the new DMARC standard for email.  Contributors to the DMARC standard include Agari, American Greetings, AOL, Bank of America, Cloudmark, Comcast, Facebook, Fidelity Investments, Google, LinkedIn, Microsoft, PayPal, Return Path, TDP, and Yahoo!. DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.”  DMARC provides important extensions to the existing email authentication standards by providing automated and standardized methods to process messages that fail email authentication. DMARC explains the significance of this enhancement: A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither [...]

Iconix Whitepaper – Getting More From Email Authentication

Today Iconix released a whitepaper entitled, “Getting More From Email Authentication.” As the whitepaper describes, Email authentication is a technical means of identifying the sender of email.  When a sender uses email authentication, a public record is created that that can be used by the recipient to verify the identity of the sender.  However, email authentication is a self-issued credential.  The owner of phishing.com can authenticate its email.  Email authentication alone does not solve the problem of bad guys pretending to be good guys.  Email authentication is used by email filtering systems as an important spam indicator.  Unauthenticated email is [...]