background preloader

Personal Cybersecurity

Facebook Twitter

What do Virtually all Phishing Emails have in Common? - What do virtually all Phishing Emails have in common?

What do Virtually all Phishing Emails have in Common? -

By understanding what Phishing Emails have in common, you can easily identify them and avoid these threats. What is phishing? Phishing is a method used by hackers in an attempt to collect personal information using deceptive e-mails and websites. It’s a form of attack that uses disguised email as a weapon. The main objective is to trick the target into believing that the message is legitimate. However, phishing emails are distinct and can be easily identified by someone who is well informed about the characteristics of this kind of cyber-attack. In most cases, phishing emails appear to be from a real person, a trusted entity, or a company with which the target is likely to do business. Phishing attacks are one of the oldest techniques used in cyberattacks, dating back to the 1990s. Phishing is still one of the most widespread and most exploited techniques by black-hats, especially during crises such as SARS or COVID-19.

Phishing Kit 1. 2. Journal of Cybersecurity. Truth Decay. Epic Manchego – atypical maldoc delivery brings flurry of infostealers – NVISO Labs. In July 2020, NVISO detected a set of malicious Excel documents, also known as “maldocs”, that deliver malware through VBA-activated spreadsheets.

Epic Manchego – atypical maldoc delivery brings flurry of infostealers – NVISO Labs

While the malicious VBA code and the dropped payloads were something we had seen before, it was the specific way in which the Excel documents themselves were created that caught our attention. The creators of the malicious Excel documents used a technique that allows them to create macro-laden Excel workbooks, without actually using Microsoft Office.

As a side effect of this particular way of working, the detection rate for these documents is typically lower than for standard maldocs. This blog post provides an overview of how these malicious documents came to be. In addition, it briefly describes the observed payloads and finally closes with recommendations as well as indicators of compromise to help defend your organization from such attacks. Key Findings (TL;DR) Analysis Malicious document analysis Figure 1 – Unique maldocs observed per day. Rumor Control. Mis- and disinformation can undermine public confidence in the electoral process, as well as in our democracy.

Rumor Control

Elections are administered by state and local officials who implement numerous safeguards to protect the security of your vote pursuant to various state and federal laws and processes. This resource is designed to debunk common misinformation and disinformation narratives and themes that relate broadly to the security of election infrastructure and related processes.

It is not intended to address jurisdiction-specific claims. Instead, this resource addresses election security rumors by describing common and generally applicable protective processes, security measures, and legal requirements designed to protect against or detect large-scale security issues related to election infrastructure and processes. You can learn more about mis- and disinformation from CISA’s Countering Foreign Influence Task Force. Useful Sources: Useful Sources Get the Facts: This is false. Useful Source. The Man Who Speaks Softly—and Commands a Big Cyber Army. 2019 Internet Crime Report Released. “Information reported to the IC3 plays a vital role in the FBI’s ability to understand our cyber adversaries and their motives, which, in turn, helps us to impose risks and consequences on those who break our laws and threaten our national security,” said Matt Gorham, assistant director of the FBI’s Cyber Division.

2019 Internet Crime Report Released

“It is through these efforts we hope to build a safer and more secure cyber landscape.” Gorham encourages everyone to use IC3 and reach out to their local field office to report malicious activity. Rapid reporting can help law enforcement stop fraudulent transactions before a victim loses the money for good. The FBI’s Recovery Asset Team was created to streamline communication with financial institutions and FBI field offices and is continuing to build on its success. The team successfully recovered more than $300 million for victims in 2019. In 2019, the Recovery Asset Team was paired with the Money Mule Team under the IC3’s Recovery and Investigative Development Team.

Internet Crime Complaint Center(IC3) PIA Support Portal. Institute for Security and Technology (IST) Masters Degree in Information Security - SANS Technology Institute. Home Page - Just Security. Rumor Control. INTELLIGENCE THREATS & SOCIAL MEDIA DECEPTION. Do you want to connect?


Understand that foreign intelligence entities and criminals routinely use deception on social media platforms to try and connect with people who have access to information they want. Before you link online with someone you don’t know, think about the risks it may pose to yourself, your family, your organization and even national security. The “Nevernight Connection” The FBI and the National Counterintelligence and Security Center (NCSC) have released a new movie, “The Nevernight Connection,” to raise awareness of how hostile actors use fake profiles and other forms of deception on social media to target individuals in government, business and academic communities for recruitment and information gathering. Inspired by true events, the 30-minute video details the fictional account of a former U.S. The Threat Over time, they attempt to elicit information from their targets, including about their work and contacts.

Mitigation Additional Resources U.K. Clearance Holders Targeted on Social Media.