Category Archives: Phishing Defense Center

Phishing scams masquerading as PayPal are unfortunately commonplace. Most recently, the PhishMe Triage™ Managed Phishing Defense Center noticed a handful of campaigns using a new tactic for advanced PayPal credential phishing. The phishing website looks very authentic compared to off-the-shelf crimeware phishing kits, but also levels-up by asking for a photo of the victim holding their ID and credit card, presumably to create cryptocurrency accounts to launder money stolen from victims. Let’s examine the components of this phishing scam: The lure site is obviously hacked hxxps://hellopc[.]co[.]nz/ and the phishing kit is buried in a subdirectory presumably to thwart the anti-phishing…

The post SMILE – New PayPal Phish Has Victims Sending Them a Selfie appeared first on PhishMe.

SMILE – New PayPal Phish Has Victims Sending Them a Selfie was first posted on June 15, 2017 at 11:00 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading SMILE – New PayPal Phish Has Victims Sending Them a Selfie→

On May 22, 2017, PhishMe® received several emails with .ISO images as attachments via the Phishing Defense Center. ISO images are typically used as an archive format for the content of an optical disk and are often utilized as the installers for operating system. However, in this case, a threat actor leveraged this archive format as a means to deliver malware content to the recipients of their phishing email. Analysis of the attachments showed that this archive format was abused to deliver malicious AutoIT scripts hidden within a PE file that appears to be a Microsoft Office Document file, which…

The post New Phishing Emails Deliver Malicious .ISO Files to Evade Detection appeared first on PhishMe.

New Phishing Emails Deliver Malicious .ISO Files to Evade Detection was first posted on May 26, 2017 at 3:32 pm.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading New Phishing Emails Deliver Malicious .ISO Files to Evade Detection→

Financial losses from business email compromise (BEC) scams skyrocketed by 2,370% between January 2015 and December 2016, according to an FBI public service announcement released Thursday. The alarming statistic represents a sharp increase from the agency’s previous announcement, serving as a warning to users to stay vigilant in recognizing the threat.   The new announcement refers to domestic and international losses (real and potential) totaling $5.3 billion. Previously, the FBI announced a $1,300% increase in losses, between January 2015 and May 2016, totaling $3.1 billion. This documented rise is a sobering reminder of the potential collateral damage that awaits users…

The post FBI Announces That BEC Scam Losses Continue to Skyrocket, as Losses Exceed $3.1B appeared first on PhishMe.

FBI Announces That BEC Scam Losses Continue to Skyrocket, as Losses Exceed $3.1B was first posted on May 19, 2017 at 9:00 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading FBI Announces That BEC Scam Losses Continue to Skyrocket, as Losses Exceed $3.1B→