Phishing Trends of the Week #1 - Tales From Our Ethical Phisherman

You've heard a great deal about ethical hackers, who emulate the Tactics Techniques and Procedures (TTP) of a hacker to test your defences. Well, I'm an ethical phisherman, I use the same TTP as an attacker to lure your staff into taking my bait and then instead of exploiting them, they receive education, whilst you receive statistics on how many staff, from which departments using what devices, at what time. This process helps to shape behaviour and encourages staff to report suspicious emails and in doing so improve your defences Take a look at our Managed Phishing Assessment Service

CND Phishing Assessment Service
More Info...

Phishing Using Calendar .ics Invites as Bait

This one keeps circling back around you receive what looks like a calendar invite, but it actually contains a nasty surprise. More Info ....

Enter heading here...

Enter your text here ...

Bypassing Email Defences of SPF, DKIM and DMARC

Anand Chetan of Armorblox reports on how a recent Bank of America phishing campaign used simplicity and authenticity to bypass the usual security measures. The email was well crafted for receipt by just a few users, although the sender name was impersonated, the email address was a legitimate Yahoo address and therefore passed the usual checks. The phishing domain was also legitimate having been created a few days prior and was not yet identified as rogue.

More Info ....

Covid-19 Phishing Trends

Help Net Security have released an interesting article following a report by Abnormal Security on the trends they have noticed during the current pandemic with an initial increase of 436% which later reduced to an average of 173% increase, which is still significant. They also report on "...a shift from individual to group BEC attacks, with campaigns with more than 10 recipients up 27% compared to Q4 2019. Attackers also adjusted their targets, with attacks on finance employees increasing more than 75% as attacks on C-Suite executives decreased by 37%. This illustrates a trend away from paycheck and engagement fraud and toward payment fraud, specifically invoice fraud attacks, which increased more than 75%...." More Info...

Some Other Phishing Highlights This Week

Furloughed workers and the dormant phishing threat. A concern was raised this week that once furloughed workers open their inboxes after several months of build up, they may be more likely to open phishing emails in their haste to catch up

North Korea BEC Scams. At The ESET Virtual World Security Conference, ESET researcher, Jean-lan Boutin disclosed that the North Korean Lazarus Group are attempting to steal money from targets they initially breached for espionage.

Covid-19 Themed Campaigns Down. The Microsoft Threat Protection Intelligence Team report that the Covid-19 themed campaigns are significantly down on the March peak. More Info...

How to Pre-Pend a Warning to Office 365 Emails - CND News and Blog

We've helped several clients reduce the number of successful phishing email attacks As part of our Managed Phishing Assessment Service we send realistic but benign phishing emails and the responses have been shocking. One client had 32% of the

https://www.cndltd.com/cnd-news/how-to-pre-pend-a-warning-to-office-365-emails

Phishing Assessment

We send a realistic phishing email. Instead of being malicious, victims will be educated on what they could have done to identify it.

https://www.cndltd.com/services/assess/phishing-assessment