Page 9 - Threat Intelligence 9-3-2019
P. 9

Social Engineering








              Phishing: These are the companies that hackers impersonate when they try to steal your data -
              Microsoft is still the brand most spoofed by cyber criminals attempting to conduct phishing attacks
              – but fraudsters are increasingly sending phony emails claiming to be the likes of Facebook and
              Amazon to steal login credentials, financial data and other information from victims. Meanwhile,
              fake URLs targeting Facebook accounts have grown by 176% in just a year, meaning that
              impersonating the social network is now the third most popular avenue of attack for phishing. The
              report lists PayPal as the second most common brand spoofed by cyber criminals – although the
              number of malicious URLs targeting it has declined slightly. It's another natural target for attackers
              because it's a trusted brand and it's one of the most widely used online payment services in the
              world. These phishing attacks look to trigger urgency in the victim by claiming there's a problem
              with their account or that a false purchase has been made, requesting the user click a link and
              enter their details to be unwittingly stolen.
                      Source: https://www.zdnet.com/article/phishing-these-are-the-companies-that-hackers-
                      impersonate-when-they-try-to-steal-your-data/



              Phishing attacks jump by 21% in latest quarter, says Kaspersky - Cybercriminals continually look
              for more innovative and effective ways to deliver spam and launch phishing attacks. By developing
              new methods of attack and improving old ones, they're able to create more sophisticated and
              therefore more successful methods of targeting unsuspecting victims. That's one reason why both
              spam and phishing attacks rose during the second quarter of 2019 compared with the same
              quarter last year, according to a report by Kaspersky.
                      Source: https://www.techrepublic.com/article/phishing-attacks-jump-by-21-in-latest-
                      quarter-says-kaspersky/



              BEC Attacks: How CEOs and Executives are Put at Risk - Business Email Compromise (BEC) attacks
              are the most costly and effective forms of phishing. In most cases, these attacks use highly
              research social engineering to go after the top brass in a company with a motive of stealing
              corporate dollars or breaching their network.  And, because in most cases these top executives
              hold the keys to the castle, they make the most suitable target for threat actors. Just as common,
              if not more so, key roles within the org chart are often the targets of threat actors who intend to
              have money wired to them. Posing as a CEO or other high-profile executive, a threat actor will
              write a brief, urgency laden email, and prompt someone with financial controls to pay an invoice
              or other common financial transaction. In some cases, once a threat actor breaches an account,
              they will then use the victim’s email to send out fake invoices to vendors or customers in an effort
              to collect funds.

                      Source: https://info.phishlabs.com/blog/bec-attacks-ceos-executives-risk












                                                    www.accumepartners.com
                                                                                                                     9
   4   5   6   7   8   9   10   11   12   13   14