Cyber crime has become a powerful strategy for criminals to extort money from unsuspecting internet users. Norton reported that cyber criminals stole a total of £130bn from consumers in 2017. The main method criminals used to extort money and personal details was phishing.
In this post we are going to show you the main forms of phishing that criminals use. The information below was supplied by MetaCompliance the authors of the Ultimate Guide To Phishing
First, what is phishing?
Phishing is a type of online scam where fraudulent email messages that appear to come from a legitimate source are sent to list of people or specific contacts. The email is designed to trick the recipient into entering confidential information into a fake website by clicking on a link.
This email would usually include a link or attachment which once clicked, will steal sensitive information or infect a computer with malware. The cyber criminals will use this information to commit identity fraud or sell it on to another criminal third party, likely through the dark web.
That was the general gist of phishing. Below is a more in depth look at phishing.
Spear PhishingSpear - Phishing is a more targeted attempt to steal sensitive information and typically focuses on a specific individual or organisation. These types of attack use personal information that is specific to the individual in order to appear legitimate.
VishingVishing refers to phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.
WhalingWhat distinguishes this category of phishing from others is the high-level choice of target. A whaling attack is an attempt to steal sensitive information and is often targeted at senior management.
SmishingSmishing is a type of phishing which uses SMS messages as opposed to emails to target individuals. It is another effective way of cybercriminals tricking individuals into divulging personal information such as account details, credit card details or usernames and passwords.
Clone PhishingClone Phishing is where a legitimate and previously delivered email is used to create an identical email with malicious content.
Software bugs can lead not only to material losses, but also can damage human's health. For example, actors on the stage of a theatre can get injured if suddenly one of the scenery begins to go down on the stage at the wrong time. However, the connection between the errors in code and the health damage of medical software is more obvious. Let's talk about this topic.
This article focuses on the teams of developers who create the programs for a medical equipment. I hope they will not stay indifferent and will check their code. Let's recall two famous cases where errors in programs, related to medicine, became the reason for bad news.
Firstly, it is a series of tragic events caused by the errors in the Therac-25 device of radiation therapy. This device has caused at least six overdoses of radiation within the period from June 1985 to January 1987, some patients received doses of tens of thousands of rad. At least two people died directly from the radiation overdoses. Software bugs of the device were the reason of the tragedies and the main problem was the incorrect security strategy.
The group of researchers found serious shortcomings in the WPA2 protocol, which provides protection for all modern Wi-Fi networks. An attacker who is in the victim's area can use these shortcomings using Key Reinstallation Attacks. Attackers can use this new attack method to read information that was previously considered to be encrypted.
UPD: the post was updated with partial details of the attack and the list of vendor updates.
Performing daily tasks of the system administrator is considered safe when working through the SSH session. This article will discuss modern tools for conducting MITM attacks on the SSH protocol and how to protect against them.
I want to share one feature when setting COOKIE values, which is often overlooked by the web developers.
According to my experience as for research of the web application vulnerabilities for 2009-2011, this error occurred in 87% of the web applications that were written in PHP.
In order to reduce this rate, I have decided to write this article.
I will not even talk about httpOnly flag, though its use is very important and necessary.
Let’s look at the example of code:
A few days ago, the earliest Half-Life 2 version was released in the network for the media. Obviously, this version has not been finished yet, as the main game’s character is not known to the whole world of players a theorist physicist, who wears glasses and a protective suit and holds in his hand a crowbar, but bearded dwarf Ivan, a space biker, who is opposing against the staff of the research center. 15 years ago, the disk contents was reserved exclusively for members of the regular publishers.
This morning I found a letter in my mail:
In fact, this letter does not have any files attached, it just has 6 links (View, Download...), and they lead to the same address: http://220.127.116.11/~ru1/account.googlemail.com/viewer/13083e7f5f2c0890&
First I got to fake Google Docs with the message "document cannot be displayed", and then I was redirected to fake Google Account, where I was asked to enter a password. I guess for my own safety :). After I entered “screw you”, I got to the third fake page of docs with a list of some components.
It is known that any system reliability is determined by its weakest link. Now we take a good look at the protection from copying of one popular toy that was released a few days ago for OS X and the way of its bypass. In addition, we just look at one of the options for implementing the protection from copying. Of course, this research was conducted in the study purposes, and you still should buy the good software and games.
Let’s run the game and see the registration form or purchase. The registration is done online by entering a serial number, or manually by entering a name and the key in accordance with the displayed identifier of a specific computer. Next, we run gdb and get program exited with code 055.
This article is not a panacea for all security lacks, and it does not reveal any new attack vectors. I just saw a serious implementation of the fake for Google mail and decided to warn all UMumble users.
Recently, I have received an interesting letter, supposedly to confirm / cancel automatic forwarding to my mailbox.
It would be true to say that everything new is well forgotten old.
A feature to embed remote resources (such as images from other websites) on the page of your website is a very bad practice that at some point may lead to quite serious consequences for the website. As far back as 10 years ago, I was surprised to read about that possibility. Now after 10 years nothing changed, and it seems that it hardly ever will change.