All tagged spear phishing

Pharming

Pharming is a type of cyberattack that redirects a website’s traffic to a malicious site that appears to be the real site. Pharming is used frequently in phishing attacks to trick a victim into sharing login credentials, banking information, or other sensitive data with the attacker…

Vishing

Phone scams are almost as as old as the telephone itself. In fact, most of us have likely been the target of a vishing attack but were not aware of the term, vishing. According to Proofpoint’s 2020 State of the Phish Report, only 25% of those polled were able to accurately define the term, vishing.

What Is Vishing?

The term, vishing is a combination of the word voice, and the word, phishing (voice + phishing = vishing).

Vishing is a form of phishing that uses voice calls rather than email, to trick a victim into divulging personal, sensitive or confidential information to an attacker...

What Is Smishing And How To Spot This Attack

Smishing is not a new tactic but given that worldwide mobile device traffic is up 222% in the past seven years, it’s no wonder we’re seeing an increase in attacks targeted at mobile devices.

The term, smishing is a portmanteau that combines the term, SMS (text messaging) and the word, phishing (sms + phishing = smishing). As you may have guessed, smishing is phishing that uses SMS and similar types of text messaging.

What Is Smishing?…

Domain Name Confusion

I don’t understand why companies, even tech companies, send email to employees and customers with links that use domain names that don’t match their normal, publicly known domain name. I have seen this happen in companies for years, where a department like HR finds a cloud vendor to do some training or to register for benefits. Instead of sending an email to employees from an internal email address, they let the vendor send email to employees with a link to an external, unfamiliar site. When you tell employees to not click on suspicious links, and then send them suspicious links, it undermines the whole security education program.

We can do better!

Shark Caught in Phishing Scam Shares Cautionary Tale

An employee of Shark Tank star Barbara Corcoran thought it was a routine wire transfer. The email request did not look unusual, and the amount of the transfer did not raise suspicion. But it was a clever scam, and nearly $400,000 was deposited into the bank account of a phishing scammer. Corcoran, who is well known as one of the “sharks” on ABC’s TV show, Shark Tank, shared details of a cybersecurity breach at her company with ABC News.

"This morning I wired $388,000 into a false bank account…

Business Email Compromise (BEC)

In the world of cybersecurity, there are some pretty creative and interesting terms such as, phishing, juice-jacking, rainbow tables, credential stuffing, and botnet. However, there is one type of phishing attack that was given a name without anyone from a marketing team in the room. That is the Business Email Compromise (BEC) . I almost fell asleep while typing that last sentence!

While the name is not very sexy, the attack is simple to execute and can be very costly to the victim. In fact, according to a 2018 FBI report, BEC attacks have earned scammers over 12 billion dollars. BEC is a type of phishing attack with the goal of tricking the victim into sending money…