One Phish, Two Phish, Red Phish, Blue Phish

I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security.
Phishing is often the first step taken by hackers in a larger scam.
There are lots of different kinds of phishing attacks, but one of the most prevalent is spear phishing, in which the hacker produces spoof emails that look like they are company official, for example from someone in the HR department, or a client or partner of the company.
The aim is to get company employees to click on malicious links that encourage them to enter confidential information or open email attachments that contain malware as a way past the company's defenses.
Phishing is a cat-and-mouse game in which new techniques are developed by hackers all the time, and the security systems and our security education have to evolve to deal with them.
There are two main aspects to a successful phishing attack: the technical, and the psychological.
The technical The main technical problem phishers face is getting past modern-day spam filters.
Get a domain And so, phishers start by buying an old domain with a decent-looking history - a domain that was previously registered and subsequently allowed to lapse.
Ideally, the domain should be relevant to the content of the phishing email.
Each website on the web is categorized by search engines, with categories such as health, management consultancy, technical services, media, and so on, and the aim is for the malicious website to fall squarely into one of the desirable categories that match the nature of the phishing campaign.
On the day that the phishing email is sent, the phisher will swap out the innocuous site for the malicious one.
Use marketing techniques When the phishing email is sent, phishers will often use tracking pixels to determine if and when the email is opened, which allows them to subsequently fine-tune further phishing email templates.
If the phishing link is clicked on is logged, the conversion rate for a malicious login page is, and other metrics are tracked.
The psychological I previously mentioned that technical marketing techniques are extremely useful for the phisher.
That extends to building a target email list: the phisher will be checking social media, bulletin boards, and even the target company website for email addresses.
If a senior director was recently arrested for insider trading, a phisher might send a link to what looks like a financial ethics survey.
Conclusion Sometimes companies conduct internal phishing campaigns to train their employees in the risks, or if they are feeling particularly harsh, to identify individual weak links in the company.
Not all such training exercises are handled with tact and an appreciation of the embarrassment falling for a phishing scam might cause the unwitting participants.
Hopefully, with the above insights into the minds of the phishers that I've provided, the chances of you being fooled are much lower now.
Let me know in the comments if you feel this has helped, and if you want to run an ethical and compassionate phishing training exercise for your organization.


This Cyber News was published on hackread.com. Publication date: Thu, 30 May 2024 23:13:07 +0000


Cyber News related to One Phish, Two Phish, Red Phish, Blue Phish

Blue Shield of California members' Social Security numbers, other data stolen - Sensitive data from Blue Shield of California vision policy holders - including Social Security numbers, birth dates and addresses - may be among confidential patient information accessed by criminal hackers, the Oakland-based health insurance giant ...
6 months ago Siliconvalley.com
Twitter Changes Verification System: Blue Badge Not Always Blue and Other News - Twitter has recently made several important changes to its tweet verification system. The most noticeable of these is the eye-catching blue badge now given to verified users. However, it isn’t always blue. Other changes have been made, including ...
1 year ago Zdnet.com
Volkswagen 'In Talks' With Blue Sol'ns For Solid-State EV Battery - Volkswagen, France's Blue Solutions reportedly aiming to co-develop solid-state electric car battery as EV makers reach for 'holy grail'. German carmaker Volkswagen is in talks with France's Blue Solutions to adapt Blue's solid-state bus batteries ...
4 months ago Silicon.co.uk
IBM Heron Quantum Chip, Quantum System Two - Next generation quantum processor dubbed 'Heron', and the modular IBM Quantum System Two unveiled by Big Blue. IBM has unveiled two new quantum developments, with a new series of utility-scale processors housed within a modular quantum system. At its ...
6 months ago Silicon.co.uk
Why Red Teams Can't Answer Defenders' Most Important Questions - Red teaming is useful for plenty of other things, but it's the wrong protocol for answering this specific question about defense efficacy. By their nature, they only test a few specific variants of a few possible attack techniques that an adversary ...
5 months ago Darkreading.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
2 weeks ago Hackread.com
Red Hat OpenShift Service on AWS obtains FedRAMP "Ready" designation - This means that Red Hat is now listed on the FedRAMP Marketplace as actively pursuing JAB authorization, with additional updates showing our progress and achievements across the two paths for authorization: The existing Agency Authority to Operate ...
2 months ago Redhat.com
Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
1 year ago Packetstormsecurity.com
CVE-2022-36120 - An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent ...
10 months ago
How to Stop Your X Account From Getting Hacked Like the SEC's - This week, the United States Securities and Exchange Commission suffered an embarrassing-and market-moving-breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement ...
5 months ago Wired.com
Red Canary Announces Full Coverage of All Major Cloud Providers - PRESS RELEASE. DENVER, March 5, 2024 - Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such as Amazon Web Services, Microsoft Azure, and ...
2 months ago Darkreading.com
CVE-2021-41129 - Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not ...
6 months ago
What is a one-time password? Definition from SearchSecurity - A one-time password is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. An OTP is more secure than a static password, especially a user-created password, ...
5 months ago Techtarget.com
What is offensive security? - Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity. In the past, offensive security referred to methods to actively slow down or to find information about attackers. This is no longer widely ...
6 months ago Techtarget.com
CVE-2022-36121 - An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent ...
10 months ago
CVE-2008-3844 - Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. ...
6 years ago
CVE-2013-2165 - ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through ...
1 year ago
What's next on the horizon for telecommunications service providers? A look at 2024 with Red Hat. - In 2023, Red Hat met with so many customers and partners - from industry event interactions and individual meeting rooms to cross country visits and late-night service calls, we've learned so much from our trusted ecosystem. Now, service providers ...
4 months ago Redhat.com
Red Hat Enterprise Linux 7: End of compliance content on June 30, 2024 - As of Jun 30, 2024, the Red Hat Enterprise Linux 7 maintenance support 2 phase ends and Red Hat will no longer update compliance content for RHEL 7. Many policy providers, such as CIS and DISA, will no longer update their policies once maintenance ...
2 months ago Redhat.com
CVE-2022-36119 - An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for a domain authenticated user to send a crafted message to the Blue Prism Server and ...
1 year ago
CVE-2022-36118 - An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent ...
10 months ago
Hyperloop One To Close Down - Futuristic travel experiment Hyperloop One to cease operations, as assets sold off and remaining staff made redundant. The futuristic transportation company, Hyperloop One is preparing to shut down for good at the end of 2023. Bloomberg reported that ...
5 months ago Silicon.co.uk
7 Lessons Learned From Designing DefCon's Cloud Village CTF - Well-designed CTFs expose individuals and teams to operational challenges, novel attack paths, and creative scenarios that can be later applied in their work both as offensive and defensive security professionals. Not all CTFs are created equal, and ...
5 months ago Darkreading.com
Linux Distros Hit by RCE Vulnerability in Shim Bootloader - Linux shim, a small piece of code that many major Linux distros use during the secure boot process, has a remote code execution vulnerability in it that gives attackers a way to take complete control of affected systems. All Linux distributions that ...
4 months ago Darkreading.com
Serious Security: Outdated Crypto Causes Samba Logon Bug - Over the years the Samba project has not only introduced and fixed its own unique bugs, as any complex software project generally does, but has also inherited bugs and shortcomings in the underlying protocol, given that its goal has always been to ...
1 year ago Nakedsecurity.sophos.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)