One of the things we advise people to do on our Phishing and Social Engineering training, is to be very aware of the look and feel of any login pages and web sites they are directed to, as bad actors may not get it completely right – so if they …
You should know that Phishing is not always done by email
There is an article on the Sans Internet Storm Diary looking at a phishing attack/exploit that is running on Discord. Phishing Direct Messages via Discord (sans.edu) Now you may not know what Discord is, but your takeaway from this blog post is that phishing is not just something that attacks …
Continue reading “You should know that Phishing is not always done by email”
Malware Spam in the wild
The SANS Internet Storm Centre is reporting another spam email attack doing the rounds with a new payload. TA551 (Shathak) pushes IcedID (Bokbot) (sans.edu) The important things to take away from this are: In real world situations ransomware has been delivered to companies using these methods Keep your spam filters …
Do not click on the attachment – whatever it is called!
Before you open any attachment you should think about it: Are you expecting an attachment from this sender? Does this sender normally send you attachments like this? If you do not recognise the attachment extension then do not open it. Best practice is NOT TO OPEN any unexpected attachments! It …
Continue reading “Do not click on the attachment – whatever it is called!”
Defunct botnet shows signs of life – cybersecurity advice for you!
The SANS Internet Storm Diary is reporting that the Emotet botnet, that was taken down earlier this year by worldwide Co-operation of law enforcing has started to show up again on their monitoring. Emotet Returns – SANS This botnet distributes malicious packages via email attachments and then deploys these packages …
Continue reading “Defunct botnet shows signs of life – cybersecurity advice for you!”