In This Section

PINDROP BLOG

Category: Social Engineering

April 17, 2017
Unicode Domain Phishing Attack Resurfaces
Researchers are warning about a phishing attack that abuses the way some browsers handle unicode characters to display attack domains that are identical to legitimate ones. The concept behind the attack is quite old, but it has resurfaced in the current versions of both Firefox and Chrome. The attack relies on the fact that the…
Read More →
April 14, 2017
Inside the Tech Support Scam Ecosystem
By Jonah Berg-Ganzarain A pair of doctoral students and their advisor, looking for insights into the inner workings of tech support scams, spent eight months collecting data on and studying the tactics and infrastructure of the scammers, using a purpose-built tool. What they uncovered is a complex, technically sophisticated ecosystem supported by malvertising and victimizing people around…
Read More →
April 12, 2017
FTC Halts Tech-Support Scam That Pretended to Represent the FTC
The FTC has shut down a phone and email scam that involved scammers contacting consumers, falsely claiming to be working on behalf of the FTC and offering fake tech support services. The scheme is a twist on the old Windows tech support scam in which fraudsters call consumers and try to sell remote tech support…
Read More →
March 28, 2017
FCC Warns on New ‘Can You Hear Me’ Phone Scam
Phone scammers have adopted a new tactic recently that is part of a long-term scheme to impersonate victims during calls with banks or other financial institutions. The new technique involves a scammer calling a victim and when the victim answers, immediately asking, “Can you hear me?” The idea is to record the victim’s voice as…
Read More →
March 6, 2017
FCC May Allow Carriers to Block Robocalls From Spoofed Numbers
The FCC later this month will consider a proposal that would allow carriers to block robocalls that have a spoofed caller ID. If approved, the rule would be a major boon for consumers who are hit with robocalls–many of which are part of scams. Caller ID spoofing is a key part of many phone scams, and…
Read More →
February 28, 2017
Email Scam Losses Pass $3 Billion, FBI Says
The amount of money that enterprises in the United States are losing to business email compromise scams is growing at an alarming rate, and is now well into the billions of dollars, according to the FBI. BEC scams, also known as CEO or executive impersonation schemes, are the evolution of phishing attacks and rely on the criminals’…
Read More →
January 31, 2017
Your Brain Is Bad at Security
OAKLAND–Security teams are frustrated constantly by users who ignore warnings about phishing sites, bad certificates, or malware, and just click through to get wherever they were going. It turns out that behavior probably isn’t the users’ fault. It’s just human nature. There are many reasons why this behavior persists, even when users are told in no uncertain…
Read More →
January 19, 2017
Decline of Necurs Botnet Hurts Locky Ransomware
Many ransomware gangs rely on help from other members of the cybercrime ecosystem to distribute their malware, and when those connections don’t hold up, it can cause serious problems. That’s what’s happened to the Locky ransomware in the last few weeks, as its main distribution mechanism, the Necurs botnet, has disappeared. The botnet has been…
Read More →
January 19, 2017
Gmail Phishing Campaign Racking Up Victims
There is a clever, well-crafted phishing campaign targeting Gmail users that includes a fake login page that exactly mimics the real thing to trick victims into entering their credentials. The campaign has been going on for some time but it recently began to gain attention after researchers analyzed it and broke down the techniques the…
Read More →
December 19, 2016
Hailstorm Spam Campaigns Being Used to Evade Defenses
In an effort to get past anti-spam and anti-malware systems and put their garbage in front of potential victims, some spammers are avoiding the traditional strategy of sending huge volumes of mail for long periods of time in favor of sending large bursts of spam in a very short timeframe. This technique, known as hailstorm…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.