Google and Facebook were victims of a spearphishing scam in which the attacker stole $100 million. Paragraph 6 of the indictment details some of the allegations: ... as part of the scheme, fraudulent phishing emails were sent to employees and agents of the Victim Companies. The emails purported to be from employees and agents of Company‑1 [the real supplier], but in truth and in fact, they were not sent or authorized by employees or agents of Company‑1. The fraudulent emails were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents [...]
Look familiar? This is the familiar Google login page. The main display is correct. The google favicon is in the tab. The URL has gmail in it. Oh, but it isn't Gmail! In a recent blog posting, researchers at Fortinet remind us of this unfortunate fact: The easiest way to steal credentials is to ask for them! In this criminal enterprise, the service provides all the tools a bad guy needs. The bad guys offer an easy to use interface to create the fake gmail page. The bad guys provide the backend that harvests the credentials from the page. Finally, the [...]
ICONIX, Inc., the industry leader in visual email solutions, announced that the United States Patent and Trademark Office has issued Iconix’s eighth patent titled “System and Method for Securely Performing Multiple Stage Email Processing With Embedded Codes.” The abstract for U.S. Patent 9,325,528, dated April 26, 2016, states: “A system and method for performing email processing at multiple stages along an email delivery chain.” Technology from this patent is applicable to all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which helps protect enterprises from spear-phishing attacks. The [...]
ICONIX, Inc., the industry leader in visual email solutions, announced on September 15, 2015, that the United States Patent and Trademark Office has issued Iconix's seventh patent titled "User interface for email inbox to call attention differently to different classes of email." The abstract for U.S. Patent 9,137,048, dated September 15, 2015, states: "Sender emails have their Truemarks (icons) displayed in the sender column of a list view” and “fraudulent emails have a fraud icon displayed with a warning in the sender column.” Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which [...]
The accounts of tens of millions of Anthem members are stolen. $1 billion are stolen from banks. Sony Pictures is compromised. The Chinese steal US military aircraft plans. The President of the United States decries the losses and appoints someone to fix the problem. Yet, what is the problem? Professor Arun Vishwanath, writing in The Conversation tells us that the system resource being exploited over and over and over again isn't some router or disk drive or program -- it is you, the person operating the machine. It's You! In Before decrying the latest cyberbreach, consider your own cyberhygiene, [...]
On December 2, 2014, the United States Patent and Trademark Office issued Iconix its sixth patent titled "RAPID IDENTIFICATION OF MESSAGE AUTHENTICATION." The abstract for U.S. Patent 8,903,742, dated December 2, 2014, states: "Techniques are presented for uniquely identifying authentication associated with messages.” Iconix filed the patent on October 10, 2011. Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which protects enterprises from spear-phishing attacks. The Iconix services utilize the two main forms of email authentication – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) – to [...]
Google, in association with the University of California, San Diego, has released research which analyses spearphishing attacks against gmail accounts from 2011-2014. The researchers found that the success of a spearphishing attacks ranged from a low of 3% to a high of 45%. The researchers determined that the greater the effort put into the targeting of the message, the higher the probability of a successful attack. The researchers made this observation regarding financial scam attacks: Thus, despite the appearance of simplicity, in reality, the scam emails are well-formed and thought-out in a way to maximize efficiency by preying on known human physiological [...]
We have posted a new video about our Truemark service for consumers on our YouTube Channel. You can also view our videos on our Film Festival Page.
We have posted two more videos on our YouTube Channel. In “Fighting Phishing” we how you can take the email interface back from attackers. In “The Inbox That Works” we demonstrate the Truemark service for consumers.
Following the compromise of contact information such as names and email addresses for 76 million individual customers and 7 million small businesses, JPMorgan Chase is preparing for spearphishing attacks against its customers. . Followers of Iconix know what spearphishing is -- the bad guy sends an email that pretends to be from a trusted sender. The recipient clicks a link or opens an attachment and bad things happen. When that attack targets bank customers, the obvious bad thing is a compromise that will steal the victim's money from the compromised bank. Fox News reports a list of other bad things the bad [...]