Beware the Big Phish?

Beware The Big PhishBig name brands are big phishing targets. Why? Because they are well recognized by many consumers. When as email claims to be from Bank of America, even non-Bank of America consumers recognize the name. And familiarity breeds confidence so users are more likely to click on links. So, when our Threat Detection Center recently encountered a Bank of America phishing email, we decided to look behind the scenes.

read more

Wire Fraud – An “Oldie but Goodie”

Wire Fraud PhishingAs we head in to spring, leaving behind an eventful winter, the EdgeWave Threat Detection Center continues to see interesting approaches to bypassing traditional email security gateways. While it’s difficult to place them in the “campaign” category, it’s good to review some of these tactics as a reminder of how some “oldies but goodies” are still successful.

read more

Feeling Blue About Phishing

Welcome to Phishing 2019Cybercriminals using Microsoft Azure (and other public cloud infrastructures) is not new. The twist here is how Azure is being used as part of a Facebook workplace phishing campaign aimed at collecting user credentials.

read more

Welcome to Phishing 2019

Welcome to Phishing 2019A new year, and a new phishing technique. While it’s hard to qualify anything as truly “new”, it is always interesting to see the latest approach. This week the EdgeWave Threat Detection Center saw a dramatic increase in phishing email using EML attachments.

read more

Last Minute Shopping?!

Last Minute ShoppingLooks like the criminal community needed a last-minute infusion of cash. Earlier today the EdgeWave Threat Detection Center saw the first samples of a Christmas themed attack using an obfuscated VB macro within a Microsoft Word attachment.

read more

Is that you Amazon?

Is that you AmazonThis week the EdgeWave Threat Detection Center caught a very impressive phishing campaign spoofing Amazon. While this falls squarely within the “always be sure before you click”, the apparent legitimacy is sure to catch enough users to make for a very happy holiday for at least one criminal group.

read more

Office 365 Credential Scrape – Following the Evidence

Office 365 Credential ScrapeOur Threat Detection Center sees a lot of common phishing attempts, everything ranging from payroll to invoices to voicemails. Very often we see campaigns using fake “email failure” or “updates needed” as the call to action and to create a sense of urgency. This week we saw a well-crafted Office 365 “email failure” notification. By examining the full set of data, it’s easy to see why end users are so easily fooled.

read more

Massive Marriott/Starwood data breach means phishing threat tsunami on the way.

Marriott/Starwood data breachMarriott announced its Starwood brand database was hacked and breached over the last several years, and possibly up to 500 million customer records were stolen or compromised. That stolen data includes not only names and addresses, but also email addresses and credit card information, and other personal information. We hear about these attacks more and more, but the scale of this breach is virtually unprecedented.

read more

EdgeWave Blog

Categories

Archives

Request a Live Demo

Find out how much better email and web security can be!