Use your campus library much? You may be the target of the latest phishing scam. According to SC Magazine, ” The Mabna Institute, an Iranian firm whose members were indicted last year for cyberattacks against U.S. universities and other organizations, appears to have launched a new global phishing operation targeting the education sector last July and August.”
“Malicious actors target government contractors,” according to SC Magazine. While targeting government contractors certainly isn’t a new occurrence, it does seem to be on the rise. “Over the past few months we have observed the increasing use of yet another type of transaction-based social engineering scheme designed to hook companies dependent on government contracts: the invitation to bid.”
It’s one thing to be taken in by a hacker. It’s another thing to be taken in by a bot. Called trickbots, they are a network of bots, or Internet robots, that trick the recipient into divulging some personal information.
Now word comes that the latest trickbot, which is an updated version of an existing trickbot, is being used “to target three of the largest mobile carriers in the United States, namely Verizon Wireless (August 5), T-Mobile (August 12), and Sprint (August 19).” The trickbot in this instance is being used to grab user’s PIN code.
You can purchase anything as a service today—even malware. According to ThreatPost, “A phishing campaign that spoofs a PDF attachment to deliver Adwind spyware has been taking aim at national grid utilities infrastructure.”
“Adwind, a.k.a. JRAT or SockRat, is being used in a malware-as-a-service model in this campaign. It offers a full cadre of info-gathering features, including the ability to take screenshots, harvest credentials from Chrome, Internet Explorer and Microsoft Edge, record video and audio, take photos, steal files, perform keylogging, read emails and steal VPN certificates.” One stop shopping to create havoc.
Been called to jury duty lately? Even if you haven’t, you might still get phished. Last week, in Ventura County, CA, a phishing scam was going around telling people that they missed their jury duty appointment.
According to the Citizens Journal, “In the calls and emails, recipients are pressured to provide confidential information, potentially leading to identity theft and fraud. These calls and emails, which threaten recipients with fines and jail time if they do not comply are fraudulent and are not connected with the Camarillo Police Department or the Ventura County Sheriff’s Office.”
If it’s making headlines, you can be sure it’ll be used in a phishing scam. What’s the big news this week? Jeffrey Epstein suicide in jail. Queue the phishing emails.
According to KnowBe4, “a series of scams are underway using the Epstein death as social engineering tactic.” Maybe something to the effect of “See Jeffrey Epstein Last Words on Video.” Admittedly it’s hard not to click on that, but don’t.
We’re always impressed when fraudsters come up with new and clever ways to execute phishing scams and this week didn’t disappoint us. This week we get word of a phishing scam disguised as fake e-tickets for Korean Airlines.
According to the article, “South Korean flag carrier Korean Air (KE) has warned customers against phishing scams using fake e-tickets. Seungwon Chung, KE Global Communications deputy general manager, confirmed with the Philippine News Agency (PNA) on Monday that the carrier has received [a] few complaints regarding this recently.”
DuoCircle, an email security company, has just completed its first scholarship program offering a $1000 award for the best essay or video on email privacy and security.
Specific topics covered included the following:
It wouldn’t be a week if there was some scam aimed at Apple customers. Now comes word of a phony Apple phishing email. “Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Apple. As phishing emails go, this one is pretty good.”
Most phishing emails contain a malicious link in the hope that the recipient will click on it. Phishing prevention technology is wise to this tactic, which has forced attackers to adapt. Their latest adaptation is a novel new phishing technique targeting American Express customers, by breaking the malicious link up into two parts.
We anticipate that the DNS migration to Cloudflare on July 20th, 2019 will be uneventful, however in the event that there is an issue we have incorporated DNS redundancies into your
email services.
This is not a good time to be a city in Florida if you’re looking to avoid a ransomware attack. First it was Riviera Beach on June 5. Then it was Lake City on June 10. Now it’s Key Biscayne. According to the Miami Herald, “The village of Key Biscayne confirmed Thursday it had been hit by a cyberattack — the third Florida city this month to fall victim to outside hackers.”
Hackers were busy at it again this week with some standard phishing tactics, as well as some new, creative ones. And it should come as no surprise that Microsoft was in the thick of things being a victim of brand identity theft.
Earlier today our mail servers prevented some email from reaching some customers. The messages that were impacted had .co.uk in their domain name. Other messages were unaffected.
(San Diego, CA – April 24, 2019)
DuoCircle LLC is an integrated, cloud-based email solutions company. DuoCircle has purchased Commando.io, a service that helps IT companies simplify server management. Commando.io is a web-based platform for running commands on servers via SSH.
Servers go down. And when they do it can negatively impact your business, from lost productivity to lost customers. You don’t want that to happen. Monitoring email is not as simple as checking to see if the port responds, you have to validate that the entire mail flow is functioning. So, how do you find out that your email server is down and not accepting emails or just taking too long to respond? More importantly, how long does it take for you to discover it? Minutes? Hours?
DuoCircle LLC is an integrated, cloud-based email solutions company. DuoCircle has launched AutoSPF, a service that helps companies avoid going over their DNS lookup limit by automatically flattening their SPF record. Going over the DNS lookup limited can keep emails from being delivered.
![[News] Small Businesses Face Big Security Risks](https://www.duocircle.com/wp-content/uploads/2019/03/SMTP-server-mail-4735.jpg)
Why are small businesses at greater risk for phishing and hacking? It’s not because they make the juiciest targets. It’s because they make the easiest targets. Why is that? Because they don’t always have what it takes to defend themselves.
![[News] If Cybersecurity Professionals Can Get Phished](https://www.duocircle.com/wp-content/uploads/2019/03/SMTP-relay-6841.jpg)
Business email compromise (BEC) is a form of email fraud that typically involves targeting employees with access to company finances and using social engineering to trick them into making money transfers to the bank accounts of the fraudster. According to an article on security website Cyberscoop, scammers used BEC to steal more than $150,000 from two defense contractors last year.
Duocircle, a web-based email security solutions company, has chosen to sponsor Let’s Encrypt for the second year in a row. Let’s Encrypt is a service provided by the non-profit Internet Security Research Group. Let’s Encrypt gives people free digital certificates because they want to create a more secure and privacy-respecting web.