Category Archives: phishing attacks

Sharp Rise in Phishing Attacks against SaaS, Webmail Services

Phishing attacks against businesses offering SaaS (Software-as-a-service) and web-based email services have increased considerably in the first quarter of the current year, as per a recent report.

According to the Phishing Activity Trends Report released by APWG (Anti-Phishing Working Group) and focusing on the period between January and March 2019, cybercrime groups have shifted their attention from payment services to businesses offering SaaS and web-based email services. At the same time, there has been a considerable decrease in the volume of attacks against cloud storage and file hosting sites; from 11.3 percent it has dropped to around 2 percent.

It’s only natural for cybercriminals to target SaaS platforms and webmail services since they are becoming more and more popular. The rising popularity is because of the fact that these services are easy to use by anyone who has internet access and also because they provide online business solutions. It’s mostly through phishing attacks that such services are targeted. Experts point out that though many businesses today are concerned about targeted hacking and DDoS attacks, most organizations seem to be worried about phishing attacks the most.

The APWG report points out that 36 percent of all phishing attacks that took place in Q1 targeted SaaS and webmail services. The report states, “Phishing that targeted Software-as-a-Service (SaaS) and webmail services became the biggest category of phishing. At 36 percent of all phishing attacks, it eclipsed phishing against the payment services category for the first time.”

The report also points out that the total number of phishing websites detected by APWG in Q1 was up notably over Q3 and Q4 of 2018. Similarly, the number of phishing attacks hosted on Websites having HTTPS and SSL certificates also reached a new high. The report states, “The total number of phishing sites detected by APWG in 1Q was 180,768. That was up notably from the 138,328 seen in 4Q 2018, and from the 151,014 seen in 3Q 2018…The number of unique phishing reports submitted to APWG during 1Q 2019 was 112,393. These were phishing emails submitted to APWG, and exclude phishing URLs reported by APWG members directly into APWG’s eCrime eXchange.”

Through such phishing attacks, cybercriminals seek to steal sensitive data like geolocation, email addresses, credit card data, payment details, personal preferences of users etc.

Now, let’s discuss the relevance of the findings revealed by the report in the current context. On the one hand, the rise in phishing attacks targeting businesses offering SaaS and webmail services is notable. At the same time, it’s to be noted that hackers are increasingly using SSL/HTTPS-hosted websites (that are usually thought to be secure) for executing phishing attacks. The report also explains that of all phishing attacks, while 36 percent targeted SaaS/webmail services, 27 percent targeted payment solutions, 16 percent targeted financial institutions, 15 percent targeted other organizations and only 3 percent targeted eCommerce / Retail and Telecom. In this context, there are two things that need to be noted. On the one hand, it’s highly important that organizations go for the most advanced of security solutions and digital forensics to protect themselves and to identify/detect threats, attacks and the bad actors. On the other hand, they must also go for adopting a well-planned and legitimate security policy and at the same time train their employees to stay wary of phishing scams since clients’ data policy should also be of utmost importance for them.

APWG is a not-for-profit industry association comprising of over 2,000 enterprises worldwide and focused on eliminating identity theft and frauds that are caused by phishing, crimeware, and email spoofing.

Related Resources:

On Phishing Attacks and the Companies That are Targeted the Most

Counter Phishing Attacks with These Five Tricks

HackerCombat Guide on How to Prevent Phishing Attacks

10 Ways How To Avoid Being A Phishing Scams Victim

The post Sharp Rise in Phishing Attacks against SaaS, Webmail Services appeared first on .

The Six Most Effective Email Spam Blocker Tips

Email, as we know, is always susceptible to spam. Anyone using email would have to face spam almost on a regular basis. Email clients today are equipped with anti-spam filters that filter and move spam to separate folders. But since such filters are not 100 percent effective, it’s always best for email users to know how to deal with spam in an effective manner. Here’s a look at some of the most effective of email spam blocker tips that could help combat spam in the best of manners

Begin by training your spam filter

As we’ve already stated, the email spam filter that your email client is equipped with by default is not 100 percent perfect in filtering emails and detecting spam. Thus, it becomes important for you to keep training your spam filter to be more perfect. This can be done in two ways. Firstly, whenever you come across spam that has sneaked past the spam filter and landed up in your inbox, you shouldn’t limit yourself to just deleting it. You should select it and tell your email client that it is spam by clicking on the button that’s given to report spam. Secondly, when mail that is not spam lands up in your spam folder, you should select it and tell the client that it made a mistake. You should click on the ‘Not Spam’ (or similar) button. This way, you can train your spam filter to perform better.

Secondly, train yourself not to respond to spam

Well, we’d say this is of utmost importance among all email spam blocker tips. Security always starts from the individual users. You must train yourself, in the very first place, to refrain from responding to spam. You’ll be coming across, almost on a daily basis, spam emails landing up in your inbox. Many of these might even look genuine. You need to train yourself to identify spam and also to refrain from responding to them. Even if an email seems a bit suspicious don’t click on the accompanying link or open the accompanying attachment. Confirm the genuineness of the email and then only open the link or the attachment. Similarly, whenever you realize that you’ve got spam that has been sent from a known email address, contact that person and pass on information regarding the same. That person might not be aware of this. This helps in effective prevention of the spreading of spam emails.

Learn to protect and, if needed, hide your email address

You must learn to protect your email address from spam. There are some very important things that you need to do for this. It’s best to have one or more alternative email addresses, which you could use for things like hotel booking, online shopping etc. This way, your primary email address would be saved from those unwanted spam emails that come following your online purchases or reservations or any such web activities that might enlist you to a spam despatch list.

Another thing that you could do to protect your email address is to hide it as much as possible. Never publish your primary email address on the web unless you absolutely have to do it. At places where you have to publish your email address, publish a secondary one if that’s OK. Publish your primary email address only when you have to do it.

Use third-party antispam filters

It’s always best to use third-party antispam filters or extensions that could help nab those spam emails that sneak past your default email spam filter. Such third-party filters work by identifying spam as messages travel between an email server and an email client. There are different options- free as well as paid- depending on the kind of device you are using and also depending on the extent of your filtering requirements.

Learn to unsubscribe things that you don’t need

There are certain things that come seeking you on a periodic level, like newsletters, which you might not actually need. It would be advisable if you can unsubscribe to such services if you don’t need them at all. Yes, make it a point to unsubscribe things that you don’t need in your inbox. There would be links that would allow you to unsubscribe to such services or to stop receiving emails from that source. This step could help curb spam emails, which might accompany such emails and newsletters, to a great extent.

Change email address, if needed

You must be ready to change your primary email address if needed. When you have accidentally responded to spam and your email address is infected beyond repair, when your email address has been revealed at too many places and stand chances of being suspected to spam attacks, and when your email address has loads of spam in it despite existing security measures being taken (because of security flaws or other such issues) it’s best to change your primary email address, at the earliest. This, we agree, is a drastic step, but if such a drastic step has to be taken, just go for it. Security, after all, is of utmost importance.


Related Resources: 

Best Anti-Spam Email Filters for Thunderbird

How To Avoid Being A Phishing Scams Victim

Is It Possible To Have Email Security Without OpenPGP/S-MIME?

Phishing Emails Are Here To Stay, Says Security Firm

The post The Six Most Effective Email Spam Blocker Tips appeared first on .

10 Ways How To Avoid Being A Phishing Scams Victim

Nobody wants to be a victim of phishing. We have seen so many instances of phishing, and looks like the scams are continuing for a good reason: it allow cybercriminals to make huge profits. Phishing scams have been around since the inception of the Internet and will not disappear anytime sooner. Fortunately, there are ways you avoid being a victim yourself. Here are 10 basic guidelines to protect yourself:

1. Be updated about phishing techniques

New phishing methods are constantly being developed. Without you knowing these new phishing techniques, you could accidentally fall prey to one of them. Keep your eyes open for new phishing attacks. If you are not aware of minimum techniques your risk of getting caught is much higher. For IT administrators, ongoing phishing security and phishing awareness training are strongly recommended so that all users can monitor the security within the organization.

2. Never click on a suspicious link

You can click on links when you are on trusted sites. However, clicking on links that appear in random emails and instant messages is not a wise decision. Hover your mouse over the link and it will show you where the link really goes. Do they lead where they should lead? A phishing email can come from a reputable company. If you click on the link to the website, it may look like the real website. The e-mail may ask you to enter the information, but your e-mail address may not include your name. Most phishing emails begin with “Dear Customer,” so be careful when you see them. If in doubt, go directly to the source instead of clicking on a potentially dangerous link.

3. Install Phishing Toolbar

Most web browsers can be customized using phishing toolbars. Such toolbars quickly examine websites visited and compare them to lists of known phishing websites. If you encounter a malicious website, you will be notified via the toolbar. This is just another layer of protection against phishing scams and it is totally free.

4. Check for website security

Needless to say, you should be a little cautious when providing sensitive financial information online. But as long as you are on a secure website, you should not have any problems. Before submitting information, make sure that the site URL begins with “https” and that there is a lock icon next to the address bar. Also, check the site’s security certificate. If you receive a message that a particular website may contain malicious files, do not open the website. Never download suspicious email files or websites. Even search engines can display specific links that lead users to a phishing website offering low-cost products. When the user buys on such a website, cybercriminals extract the details of their credit card.

5. Login into your account regularly

If you do not visit your online account for a long time, it is possible for someone to spend a day working with them. Even if you do not need it technically, log in to each of your online accounts regularly. Also, make a habit of changing your passwords regularly. To avoid bank phishing and credit card phishing, you should regularly check your bank statements personally. Get monthly statements for your financial accounts and carefully review each entry to make sure no fraudulent transactions have been made without your knowledge.

6. Keep your browser up-to-date

Most of the popular browsers releases security patches. They do this in order to thwart security vulnerabilities, so that phishers and hackers discover and exploit it inevitably. If you usually do not know about updates to your browsers, stop it. Now, don’t wait for that moment, when an update is available, download and install it.

7. Use Firewalls

High-quality firewalls act as a shield between you and your computer, even hackers continue to spam you. So you must use two different types: a desktop firewall and a network firewall. The first option is a type of software and the second option is a type of hardware. When used together, they greatly reduce the risk of hackers and phishing attacks on your computer or network.

8. Beware of pop-ups

Pop-ups are masquerading as a legitimate part of a website. Too often, these are phishing attempts. Many popular browsers allow you to block pop-ups. You can authorize them on a case-by-case basis. If you manage to sneak in, do not click the “cancel” button; these buttons often lead to phishing sites. Instead, click on the small “x” in the upper corner of the window.

9. Closely guard your personal Information

In general, you should never share sensitive personal or financial information on the Internet. This rule dates back to the days of America Online, where users had to be constantly warned about the success of the first phishing scams. If in doubt, go to the main website of the company in question, get its number and call it. Most phishing emails will direct you to pages where personal or financial information is needed. An Internet user must never make confidential registrations using the links provided in emails. Never send an email with sensitive information to anyone Make it a habit to check the website address. A secure website always starts with “https”.

10. Use antivirus software

There are many reasons to use antivirus software. The special signatures included with the antivirus software protect against workarounds and known technological flaws. Just make sure you keep your software up to date. New definitions are added all the time because new scams are also constantly invented. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update programs regularly. Firewall protection prevents access to malicious files by blocking attacks. Antivirus software scans each file sent over the Internet to your computer. This helps to prevent damage to your system.


Related Resources: 

HackerCombat Guide on How to Prevent Phishing Attacks

Check Out The Most Disastrous New Phishing Scams of 2018

How to Stay Vigilant Against Phishing Scams

The post 10 Ways How To Avoid Being A Phishing Scams Victim appeared first on .