Is It Legit to Use Fear as Part of My Pretext?

One question I get asked often is, “Chris, isn’t it legit to use fear as part of my pretext in a social engineering exercise? I mean, after all, the bad guys are doing it. Wouldn’t it be realistic?”  Well I can’t argu… Continue reading Is It Legit to Use Fear as Part of My Pretext?

Phishing Threat Actor Blocking Techniques: Geoblocking by IP

In order to increase the lifespan of phishing attacks most threat actors implement evasion techniques to keep their phishing sites from being detected by security professionals.
The post Phishing Threat Actor Blocking Techniques: Geoblocking by IP… Continue reading Phishing Threat Actor Blocking Techniques: Geoblocking by IP

Threat Announcement: Phishing Sites Detected on Emoji Domains

Since September 21, PhishLabs analysts have detected a number of phishing sites hosted on emoji domains. So far, all detected sites have a few things in common:
The post Threat Announcement: Phishing Sites Detected on Emoji Domains appeared first … Continue reading Threat Announcement: Phishing Sites Detected on Emoji Domains

Liar, liar, pants on fire! Barclays phish claims cards explode

We feel compelled to relay the dire warning from this Barclays snail-mail letter, which we acquired through social media, therefore it must be true.
Categories:

Cybercrime
Social engineering

Tags: barclayscredit cardfailfakeLOLphishquality cont… Continue reading Liar, liar, pants on fire! Barclays phish claims cards explode

Not looking phishy, and not hitting the panic button

An excellent ESET article on not grooming people into accepting phishing messages, plus ESET advice on the ‘Sextortion and leaked passwords’ story
The post Not looking phishy, and not hitting the panic button appeared first on Security Boulevard.
Continue reading Not looking phishy, and not hitting the panic button