Akamai Technologies’ Post

You’d never fall for that phishing scam, right? Think again! After the 2023 holiday season, our security research team analyzed a massive surge in malicious activity with domains posing as USPS, revealing more people still fall for it than you think. While we used the USPS as an example, this combosquatting technique is used globally in phishing campaigns, and with good reason: It’s wildly successful. Swipe through to understand the steps the team took to uncover the findings and see how they may apply to your business.

You’d never fall for that phishing scam, right? Think again! After the 2023 holiday season, our security research team analyzed a massive surge in malicious activity with domains posing as USPS, revealing more people still fall for it than you think. While we used the USPS as an example, this combosquatting technique is used globally in phishing campaigns, and with good reason: It’s wildly successful. Swipe through to understand the steps the team took to uncover the findings and see how they may apply to your business.

You’d never fall for that phishing scam, right? Think again! After the 2023 holiday season, our security research team analyzed a massive surge in malicious activity with domains posing as USPS, revealing more people still fall for it than you think. While we used the USPS as an example, this combosquatting technique is used globally in phishing campaigns, and with good reason: It’s wildly successful. Swipe through to understand the steps the team took to uncover the findings and see how they may apply to your business. https://ow.ly/WTB050SLcpp

There's been a 856% increase in phishing attempts this year. Cybercriminals are getting smarter, and phishing emails are harder to spot. It’s not if they’ll target your organization– it’s when. Don’t take the bait. Stay vigilant.

📧 Phishing: Beyond the Click Phishing isn’t just about getting someone to click—it’s about data theft, malware, and trust erosion. 💡 Did You Know? Phishing often leads to credential theft, which attackers use to infiltrate corporate systems. 🛡️ Prevention Tip: 1️⃣ Educate teams about multi-factor authentication (MFA)—even stolen credentials are useless without it. 2️⃣ Regularly test employees with simulated phishing campaigns. 💬 Challenge: What are your top phishing defenses in 2024? #PhishingAwareness #DigitalSafety #ZeroTrust #CybersecurityCulture

It’s no surprise that our partner Egress, a KnowBe4 company's latest Phishing Threat Trends Report reveals “urgent” as the most common word used in phishing emails! From fake invoices to malicious links, cybercriminals often rely on social engineering to create a false sense of urgency, tricking recipients into making hasty decisions. Want to stay ahead of the latest phishing tactics and trends for 2024? Dive into the full report here: https://hubs.la/Q02YTmPT0

"The Voldemort Malware campaign is spreading globally with over 20,000 phishing emails sent to more than 70 organizations, with a peak of 6,000 emails sent in a single day." The Voldemort campaign employs a complex attack chain, combining both common and unusual techniques. One of the most notable aspects is the use of Google Sheets for command-and-control operations. This is an unusual method that highlights the creativity of the bad guys. https://lnkd.in/gwVBjuhd #auguryit #cysec

Phishing scams continue to be one of the most common ways cybercriminals gain access to sensitive information. From fake emails to malicious links, these scams can trick employees into revealing confidential data. At Wolf Tech Solutions, we help businesses educate their teams on how to spot phishing attempts and prevent them from compromising your network. Implementing email filtering and multi-factor authentication can also strengthen your defense. Stay one step ahead of cybercriminals—contact us for phishing protection strategies today.   #PhishingProtection #CyberAwareness #ITSecurity #Wolftechsolutions

This attack approach might be similar to a spear-phishing attempt I encountered previously that targeting me specifically, simple analysis can be found here: https://lnkd.in/gmp8hVXP (Spear-phishing Stealer Targeting Malaysian: HSBC E-mail Analysis) Code Archive: https://lnkd.in/gKBTg-ZF This happen at September 25, 2023. Sample has been uploaded to VT, you can download there if you want to continue the analysis.

According to Proofpoint’s technical blog post shared with Hackread.com ahead of publishing, the attack campaign begins with phishing emails that seem to originate from legitimate tax agencies. These emails contain links directing the recipient to a landing page hosted on InfinityFree or directly to a malicious file. When victims click the “View Document” button on the landing page, the browser’s User Agent is checked. If the system is identified as Windows, the user is redirected to a search-ms URI, which silently prompts Windows Explorer to display a shortcut (LNK) file or a ZIP file disguised as a PDF. If the victim executes the LNK file, it triggers a series of actions leading to the deployment of the Voldemort malware. This malware is capable of collecting system information, uploading files, and executing additional commands from a command-and-control (C2) server.