PINDROP BLOG

Category: Social Engineering

June 16, 2016
FTC Shuts Down Fake Charity Phone Scam
Phone fraud comes in many forms, as most crimes do, and it’s not always obvious that a particular version is actually a crime. The FTC has just shut down a company that was running a specific kind of phone fraud scam that involved pressuring victims to make donations to a fake charity for disabled people…
Read More →
June 6, 2016
Ransomware is Dope
Credit where credit is due: Ransomware is kind of brilliant. From a defender’s perspective, it is perhaps the most difficult threat to deal with in the last five or 10 years. It locks up your data, makes it inaccessible and unrecoverable (without backups), and presents you with, at most, two options: Don’t pay the ransom and…
Read More →
June 6, 2016
Bulgarian Sentenced in $6 Million Tax Refund Scheme
The IRS and taxpayers themselves have been the targets of a wide range of attacks and scams for many years, most of which involve some variety of identity theft. The fraudsters behind these operations often go unpunished, but in a rare victory, the U.S. government has convicted and sentenced to nearly four years in prison a Bulgarian…
Read More →
June 1, 2016
Inside the Opsec Habits of Cybercriminals
The fight between attackers and security researchers often is portrayed as a kind of spy versus spy operation, with each side making moves and countermoves in order to stay undetected and continue operating. But while top-tier attackers pay close attention to the details and are adept at hiding their tracks, that doesn’t necessarily hold true for…
Read More →
May 31, 2016
CEO of FACC Fired After Firm Was Hit by Email Scam
An Austrian aerospace manufacturer that lost €50 million in a business email compromise scam earlier this year has fired its CEO over the incident. FACC, which makes components for the aerospace industry, said its board decided last week to fire Walter Stephan for his involvement in the scheme, after previously firing other employees. In January, officials…
Read More →
May 25, 2016
Phone Fraud Scam Targets College Students For ‘Federal Student Tax’
The Federal Trade Commission is warning about a new variant on phone fraud scams that attempts to bully college students into paying a non-existent student tax. The scam is similar to many of the IRS phone scams that have been ongoing for several years, but with the novelty of pressuring students who likely are much…
Read More →
May 24, 2016
FBI: CEO Email Scams Cost U.S. Businesses $246M
Businesses in the United States lost more than $246 million to business email compromise attacks in 2015, dwarfing the losses to any other kind of attack, including phishing, vishing, ransomware, and credit card fraud. BEC scams involve a twist on the typical phishing emails, and aim to trick executives or finance employees who have authority…
Read More →
May 23, 2016
SWIFT Pushes Information Sharing After String of Bank Attacks
After a string of highly sophisticated and well-publicized attacks in recent weeks, officials at SWIFT, the banking payment consortium, are asking banks to improve their information sharing efforts to help combat future compromises. The SWIFT payment network has been targeted by several successful attacks recently, including one that resulted in the fraudulent transfer of $81 million…
Read More →
May 18, 2016
Clickjacking Bug Affects 95 Percent of Android Devices
Researchers have found that a vulnerability in Android that allows attackers to trick users into granting apps elevated privileges affects more devices than had originally been thought–nearly 96 percent of all Android devices. The vulnerability is not a typical bug. It relies on some user interaction and lies in the way that Android allows apps…
Read More →
May 11, 2016
SamSam and the Rise of Corporate Ransomware
The SamSam ransomware that caused serious damage to a California hospital and has infected many other enterprises in the United States is continuing to evolve and add new functionality as its developers look to stay ahead of researchers and defenders. SamSam is part of the newer wave of ransomware variants that don’t just rely on individual…
Read More →