When Good Websites Turn Bad
The whole idea behind phishing awareness training is to keep you off of malicious websites. But what if the web site you want to visit, a known good website, is actually malicious? It’s more likely than you may think.
According to the Webroot 2019 Threat Report “A whopping 40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content.”
You can do everything right. You can be on the lookout for misleading links in your emails. You can be trained to spot fake websites meant to scam you. And yet, you can still be had. Not because you did anything wrong, because the websites you visit and trust got compromised.
This is just one more reason why phishing awareness training alone won’t protect you from being phished. If you want to fully protect yourself, you need phishing prevention technology.
It’s Tax Season and That Can Only Mean One Thing
Phishing emails that use tax-related content to get you to let your guard down.
According to an article on security website DARKReading, “A new wave of phishing attacks aims to dupe users and steal their passwords by disguising malicious emails as tax-related notifications from the IRS. This threat lures victims with Microsoft 365 Office files claiming to be tax forms or other official documents; attackers use urgent language to convince people to open the attachment.”
The article further points out that attackers purposely use common file types like Word and Excel to put victims at ease. “Examples of this tactic include files named taxletter.doc.”
One of the more interesting items highlighted in the article is that signature-based protection systems won’t catch these emails because the attackers constantly change all the email information and “changing the characteristics of malicious emails changes their fingerprint.”
The best protection against any email with a malicious attachment is to employ a service which scans all attachments and quarantines the offending ones so there’s no chance you actually open it. No matter who claims to have sent it.
How Phishing Prevention Technology can Help Keep Your Utility Bill Down
It’s the latest craze in phishing attacks and it’s called cryptojacking. What is cryptojacking? It’s the secret use of your computer to mine cryptocurrency.
If you don’t already know it, cryptocurrencies like Bitcoin get “mined” by using a lot of computing power. The coins get mined by taxing the CPU on a computer. And stressing a CPU takes electricity—lots of it.
The miners increase their chances of mining a Bitcoin by getting as many computers as possible working in parallel. And that’s where your computer and cryptojacking come in. The attackers want to use your computer (and your electricity) to help them mine their Bitcoins.
According to an article on GlobalSign, “The techniques used to do this [cryptojacking] resemble those used in phishing attacks. A common method, for instance, is to send users a legitimate-looking email encouraging them to click a link. If a user does so, a crypto mining script is loaded onto their computer, and runs silently in the background whenever that machine is on.”
They’re no longer trying to steal your credentials or hold your computer ransom. Now, they just want to use your computer’s CPU to help them make a little money. And it can be really difficult to tell you’ve been cryptojacked once the malware is installed because it runs in the background. The only clue that you’ve been cryptojacked is slightly slower computer performance (and a slightly higher utility bill).
The good news is the cryptojacking attacks use the very same techniques as other phishing attacks. So, if you’re prepared to defend yourself against phishing attacks, you shouldn’t have to worry about encountering a shocking electrical bill. If you’re not prepared to defend yourself against phishing attacks, head on over to Phishing Protection. You’ll be up and running in 10 minutes for less than the hit to your utility bill.