Recent Posts

Recent Blog Posts

The PhishLabs Blog

Phishing up 60%, Chart-Topping Scam App, and... oh yeah, Heartbleed! | TWIC - April 11, 2014

Posted by Stacy Shelley on Apr 11, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Not much to add to Heartbleed that has not already been said, other than to expect malicious "Reset your Password due to Heartbleed" emails from phishers, spammers and the like. With so many legit password reset emails in their inboxes, users and customers are more susceptible to well-crafted email lures.

Some useful Heartbleed resources:

- Heartbleed.com (Codenomicon)
- The Heartbleed Hit List (Mashable)
- Heartbleed website test (Filippo.io)
- How to Treat the Heartbleed bug (BankInfoSecurity.com)
- US CERT Heartbleed Advisory

This was buried by all the Heartbleed news, but it has some important data that shouldn't go unnoticed. Two big takeaways are that phishing attacks were up 60% in the last half of 2013 and there were a high number of new companies targeted. We posted our thoughts here. 

Step 1: Design an app that displays a "X" graphic when opened that changes to a "check" image after a tap.

Step 2: Upload it to the Play Store and promote it as easy-to-use antivirus with no performance impact. Charge $3.99 for it.

Step 3: PROFIT

DMARC is invariably a good thing in that it prevents the spoofing of email senders, which is a commonly-used phishing tactic. Unfortunately, new tech often requires updates to older tech for interoperability. Apparently, many mailing lists were impacted when Yahoo! published a new DMARC record. The team at Agari has some guidance on the issue and points to recommendations for mailing list operators.

Phishing attacks have evolved over the years, and so have the solutions to protect against them. Starting with phishing takedown services, PhishLabs' Founder and CEO John LaCour walks through the evolution of anti-phishing solutions and the value they provide. 

 

Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all