Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Not much to add to Heartbleed that has not already been said, other than to expect malicious "Reset your Password due to Heartbleed" emails from phishers, spammers and the like. With so many legit password reset emails in their inboxes, users and customers are more susceptible to well-crafted email lures.
Some useful Heartbleed resources:
- Phishers expand their target list (APWG 2H2013 Global Phishing Survey)
This was buried by all the Heartbleed news, but it has some important data that shouldn't go unnoticed. Two big takeaways are that phishing attacks were up 60% in the last half of 2013 and there were a high number of new companies targeted. We posted our thoughts here.
- #1 New Paid App in the Play Store Costs $4, Has Over 10,000 Downloads, A 4.7-Star Rating... And it's a Total Scam (Android Police)
Step 1: Design an app that displays a "X" graphic when opened that changes to a "check" image after a tap.
Step 2: Upload it to the Play Store and promote it as easy-to-use antivirus with no performance impact. Charge $3.99 for it.
Step 3: PROFIT
DMARC is invariably a good thing in that it prevents the spoofing of email senders, which is a commonly-used phishing tactic. Unfortunately, new tech often requires updates to older tech for interoperability. Apparently, many mailing lists were impacted when Yahoo! published a new DMARC record. The team at Agari has some guidance on the issue and points to recommendations for mailing list operators.
Phishing attacks have evolved over the years, and so have the solutions to protect against them. Starting with phishing takedown services, PhishLabs' Founder and CEO John LaCour walks through the evolution of anti-phishing solutions and the value they provide.