Categories
APWG Phishing Activity Trends Report | 4th Quarter 2016
By Phishing Box on 03/10/2017 10:17 AM
The APWG continues to refine its tracking and reporting methodology. APWG tracks and reports the number of unique phishing reports (e-mail campaigns) it receives, in addition to the number of unique phishing sites found. The APWG also tracks the number of unique phishing websites.
The APWG Phishing Activity Trends Report for 4th Quarter 2016 indicates that the total ...
Read More
Ransomware Completely Shuts Down Ohio Town Government
By Admin on 02/07/2017 11:16 AM
In another interesting example of what happens when you don’t manage your backups correctly, the Licking County government offices, including the police force, have been shut down by ransomware. Although details are sparse, it’s clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up.
Wrote Kent Mallett of the Newar...
Read More
Email Phishing Scams
By Admin on 02/06/2017 3:30 AM
What is phishing?
Email Phishing scams are carried out online by tech-savvy con artists and identity theft criminals. They use spam, fake websites constructed to look identical to real sites, email and instant messages to trick you into divulging sensitive information, like bank account passwords and credit card numbers. Once you take the phisher's bait, they can use the information to crea...
Read More
Social Engineering Attacks Keep Evolving
By PhishingBox on 01/13/2017 12:30 PM
Internet fraud has been around for just about as long as the Internet itself. According to a Kaspersky Lab 2016 Report, each year, cybercriminals come up with new techniques and tactics to fool their potential victims.
Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc. The aim of these emai...
Read More
Verizon Data Breach Investigations Report (DBIR) 2016
By PhishingBox on 01/01/2017 9:19 PM
The 2016 Verizon Data Breach Investigations Report (DBIR) highlights key information related to social engineering. Now in its ninth year of publication, the “Verizon 2016 Data Breach Investigations Report” analyzes more than 2,260 confirmed data breaches and more than 100,000 reported security incidents in this year’s report – the highest since the report’s inception...
Read More
Advanced Persistent Threat (APT) Kill-Chain
By Admin on 07/17/2016 1:33 PM
According to Netswitch Technology Management, the Advanced Persistent Threat (APT) kill-chain looks like the following:
Social Engineering: Identify individuals that have the needed access privileges.
Spear Phishing: Attackers send spoofed e-mails with malicious links to download malware and infect high-value employee machines.
Malware Infection: malware is downloaded on a system within ...
Read More
The Six Steps of an APT Attack
By Admin on 07/01/2016 1:34 AM
To improve your cyber security and successfully prevent, detect and resolve advanced persistent threats, you need to know how APTs work:
The cyber-criminal or threat actor gains entry through an e-mail, network, file or application vulnerability and inserts malware into an organizational network. The network is considered compromised, but not breached.
The advanced malware probes for addit...
Read More
Advanced Persistent Threats
By Admin on 05/15/2016 9:30 PM
Advanced Persistent Threat (APT) campaigns comprise a growing part of the current threat landscape. Some APT campaigns remain active, in fact, even after drawing extensive media attention. APT Campaign routines may vary over time but their primary goal remains the same – to gain entry to a target organization’s network and obtain confidential information.
There are two ways to look...
Read More
Spear Phishing
By Admin on 05/08/2016 9:29 PM
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or website with a broad membership base, such as eBay or PayPal. In the case of spear phishing, the apparent source of t...
Read More
Phishing
By Admin on 04/24/2016 9:28 PM
Phishing is the attempt to acquire sensitive informative such as usernames, passwords and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Phishing is the illegal attempt to acquire sensitive information for malicious reasons.
Traditional phishing attacks are usually conducted by sending malicious e-mails to as many people...
Read More
Anti-Phishing Work Group Phishing Trends
By Admin on 04/17/2016 9:26 PM
Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Phishing Activity Trends Report. These reports address phishing trends and underscore the significance of phishing by quantifying the scope of the global phishing problem.
Key findings in the APWG Phishing Trends Report for Q4 2015:
The Retail/Service sector became the most-targeted industry sector in the fourth quarter...
Read More
Symantec Internet Security Threat Report: 2016
By Admin on 04/08/2016 7:27 AM
The Symantec Internet Security Threat Report includes vast information on security related issues. Spam, phishing and malware data are captured through a variety of sources. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze and provide informed commentary on emerging trends in attacks, malicious code activity, phishing and spam. The annual ...
Read More
Verizon Data Breach Investigations Report Summary 2015
By PhishingBox on 01/01/2016 4:45 PM
Since the 90s, phishing continues to evolve and continues to trick, especially those in communications, legal and customer service areas. According to the Verizon 2015 Data Breach Investigations Report, 23% of recipients open phishing messages and 11% click on attachments to those messages. Of more concern, 50% of recipients open e-mails and click on phishing links within the first h...
Read More
Summary of Global Phishing Survey 2H 2014
By Admin on 05/18/2014 1:31 PM
Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Global Phishing Survey. This report addresses phishing trends and underscores the significance of phishing by quantifying the scope of the global phishing problem. In this report, APWG examines all the phishing attacks detected in the second half of 2014, July 1 through December 31).
Major findings were as follow:
In th...
Read More
Symantec Report Shows 82% Of Social Media Attacks Are Fake Offerings
By Admin on 10/07/2013 5:52 PM
The monthly Symantec Intelligence Report identifies their latest analysis of the security landscape concerning malware, spam, and other cyber threats. There are several interesting facts identified in this report.
82 percent of all social media attacks so far in 2013 have been fake offerings. This is up from 56 percent in 2012.
The global phishing rate is up in August, comprisi...
Read More
Summary of Global Phishing Survey 1H 2013
By Admin on 09/30/2013 5:57 PM
Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Global Phishing Survey: Trends and Domain Name Use. This reports addresses phishing trends and underscores the significance of phishing by quantifying the scope of the global phishing problem. In this report, the APWG examines all the phishing attacks detected in the first half of 2013 (“1H2013”, January 1 to June...
Read More
Phishing Activity Trends Summary 2013
By Admin on 09/24/2013 6:02 AM
The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report 2013 analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website and by e-mail submissions. The APWG also measures the evolution, proliferation, and propagation of crimeware by drawing from the research of its member companies. This rep...
Read More
Security Awareness Training vs. Testing: Who's doing what?
By Admin on 09/16/2013 6:06 PM
Security awareness training is important. In today’s business environment, information security is important. Securing information helps keep competitive advantages, meet regulatory compliance, and satisfy customer expectations. Security compromises can be expensive in direct expenditures, such as fixing a vulnerability, and indirect costs, such as damage to reputation. A...
Read More
White Box Or Black Box For Social Engineering Testing, Which Is Better?
By Admin on 09/03/2013 2:16 AM
When conducting social engineering testing as part of an audit or security assessment, should the client provide a listing of employees to test? Doing so is generally termed white box testing, as detailed information is provided to the auditor. The term “white box testing” was originally used to describe a form of software testing where detailed information on the software applicatio...
Read More
Social Engineering Attacks Are A Significant Business Risk
By Admin on 08/26/2013 10:18 PM
Social engineering attacks, or attacks on the human component of security, are a significant threat to businesses. With the proliferation of online tools and resources or attackers, the threat continues to grow. Although a business can spend money on firewalls, cameras, locks, and other security systems, it cannot ignore the human element. Without addressing the human component of the security s...
Read More