FBI Internet Crime Statistics

On May 7, 2018, the FBI published its report of online crimes, 2017 Internet Crime Report.  This vis summaries the FBI's  findings: The largest losses were attributed to the Business Email Compromise/Email Account Compromise in which the victim is tricked into sending money to criminals. This crime is almost exclusively committed using deceptive emails. Deceptive emails are also used to commit other internet crimes such as data breaches, identity theft, phishing, and ransomware. SP Guard fights email deception by helping users identify suspicious emails.

Iranians Indicted for Hacking

On  Friday, March 23, 2018, the United States Justice Department charged nine Iranians with the cyber theft of massive amounts of U.S. intellectual property. Quoting from the Justice Department press release: The defendants were each leaders, contractors, associates, hackers-for-hire or affiliates of the Mabna Institute, an Iran-based company that, since at least 2013, conducted a coordinated campaign of cyber intrusions into computer systems belonging to 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the [...]

Spearphisher Steals $100 Million from Google and Facebook

Google and Facebook were victims of a spearphishing scam in which the attacker stole $100 million. Paragraph 6 of the indictment details some of the allegations: ... as part of the scheme, fraudulent phishing emails were sent to employees and agents of the Victim Companies. The emails purported to be from employees and agents of Company‑1 [the real supplier], but in truth and in fact, they were not sent or authorized by employees or agents of Company‑1. The fraudulent emails were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents [...]

2017-04-28T15:11:05+00:00 April 28th, 2017|Iconix Truemark Service, Phishing, SP Guard, spear phishing|

Phishing as a Service

Look familiar? This is the familiar Google login page. The main display is correct. The google favicon is in the tab.  The URL has gmail in it. Oh, but it isn't Gmail! In a recent blog posting, researchers at Fortinet remind us of this unfortunate fact: The easiest way to steal credentials is to ask for them! In this criminal enterprise, the service provides all the tools a bad guy needs. The bad guys offer an easy to use interface to create the fake gmail page. The bad guys provide the backend that harvests the credentials from the page. Finally, the [...]

Iconix Issued Eighth U.S. Patent For Email

ICONIX, Inc., the industry leader in visual email solutions, announced that the United States Patent and Trademark Office has issued Iconix’s eighth patent titled “System and Method for Securely Performing Multiple Stage Email Processing With Embedded Codes.” The abstract for U.S. Patent 9,325,528, dated April 26, 2016, states: “A system and method for performing email processing at multiple stages along an email delivery chain.”   Technology from this patent is applicable to all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which helps protect enterprises from spear-phishing attacks.  The [...]

Iconix Issued Seventh U.S. Patent For Email

ICONIX, Inc., the industry leader in visual email solutions, announced on September 15, 2015, that the United States Patent and Trademark Office has issued Iconix's seventh patent titled "User interface for email inbox to call attention differently to different classes of email." The abstract for U.S. Patent 9,137,048, dated September 15, 2015, states: "Sender emails have their Truemarks (icons) displayed in the sender column of a list view” and “fraudulent emails have a fraud icon displayed with a warning in the sender column.” Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which [...]

How Do Hackers Infiltrate Systems?

The accounts of tens of millions of Anthem members are stolen.  $1 billion are stolen from banks. Sony Pictures is compromised. The Chinese steal US military aircraft plans. The President of the United States decries the losses and appoints someone to fix the problem.  Yet, what is the problem?  Professor Arun Vishwanath, writing in  The Conversation tells us that the system resource being exploited over and over and over again isn't some router or disk drive or program -- it is you, the person operating the machine. It's You! In Before decrying the latest cyberbreach, consider your own cyberhygiene, [...]

Iconix Issued Sixth U.S. Patent For Email

On December 2, 2014, the United States Patent and Trademark Office issued Iconix its sixth patent titled "RAPID IDENTIFICATION OF MESSAGE AUTHENTICATION." The abstract for U.S. Patent 8,903,742, dated December 2, 2014, states: "Techniques are presented for uniquely identifying authentication associated with messages.” Iconix filed the patent on October 10, 2011. Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which protects enterprises from spear-phishing attacks. The Iconix services utilize the two main forms of email authentication – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) – to [...]

Google Discovers — People

Google, in association with the University of California, San Diego, has released research which analyses spearphishing attacks against gmail accounts from 2011-2014. The researchers found that the success of a spearphishing attacks ranged from a low of 3% to a high of 45%.  The researchers determined that the greater the effort put into the targeting of the message, the higher the probability of a successful attack. The researchers made this observation regarding financial scam attacks: Thus, despite the appearance of simplicity, in reality, the scam emails are well-formed and thought-out in a way to maximize efficiency by preying on known human physiological [...]