G3Phishing

10/09/2023

10/09/2023

09/09/2023

It might be a phishing email if the sender:

Asks for sensitive information
Uses a different domain
Contains links that don’t match the domain
Includes unsolicited attachments
Is not personalized
Uses poor spelling and grammar
Tries to panic the recipient

09/09/2023

Phishing Awareness Training: 8 Things Your Employees Should Understand
1. Phishing is a crime
2. Email addresses can be spoofed
3. Subject lines and text are often threatening or enticing
4. Attacks are becoming more targeted and personal
5. Phishing emails are getting more sophisticated
6. Links aren’t always what they seem
7. Phishing links can be hidden in attachments
8. Hackers use real brand images and logos

09/09/2023

Here are some of the most common impacts of phishing:

Financial losses: Phishing can lead to financial losses for individuals and organizations. For example, if a victim falls for a phishing scam and provides their credit card number, the attacker can use that information to make unauthorized purchases.

Identity theft: Phishing can lead to identity theft, which is a serious crime that can have a devastating impact on victims. Identity thieves can use stolen personal information to open new accounts, make fraudulent purchases, and damage the victim's credit score.

Data breaches: Phishing can lead to data breaches, which can expose sensitive information to unauthorized individuals. This information can then be used for a variety of malicious purposes, such as identity theft, fraud, and blackmail.

Damage to reputation: Phishing can damage the reputation of organizations that are targeted. When an organization is the victim of a phishing attack, it can lose the trust of customers and partners.

09/09/2023

How to avoid phishing
1. Be suspicious of emails or text messages that ask for personal information.
Urgent language is a common feature in phishing emails, such as "Your account has been suspended" or "Your credit card has been compromised." A link that appears to lead to a trustworthy website but really directs you to a phony website that mimics the genuine one may also be present.
2. Verify the Sender
Check the sender's email address or phone number carefully. Phishers may use email addresses that look similar to legitimate ones but contain small discrepancies or misspelled words.
3. Don't click on links in emails.
Don't click on links in emails or text messages unless you are sure they are legitimate. Instead, type the website address into your browser yourself.
Check for the "https://" prefix in the URL, which indicates a secure website. Verify the SSL certificate of the website to ensure it's valid and issued by a reputable certificate authority.
4. Get free anti-phishing add-ons
Nowadays, the majority of browsers allow you to download add-ons that detect the telltale characteristics of a fraudulent website or warn you about well-known phishing websites. There is no reason not to have this installed on every device in your company as they are often entirely free.
5. Keep Software Updated
Make that the security software, web browsers, and operating system are all current. Security updates often repair flaws that phishers could exploit.
6. Don’t be tempted by those pop-ups
Clicking on pop-up windows that request personal information should be avoided. Pop-ups are seldom used by trustworthy firms to solicit critical information.
7. Have a Data Security Platform to spot signs of an attack
It's crucial that you can recognize and respond quickly if you are unfortunate enough to fall victim to a successful phishing assault. An established data security platform relieves part of the load on the IT/Security team by automatically warning on unusual user activity and unauthorized file modifications. Data security systems can assist you identify the account that has been compromised if an attacker has accessed your sensitive information, allowing you to take action to stop future harm.

09/09/2023

This is a news report about SMS scams in Singapore. SMS or short message services were once a popular means of communication, but are now widely exploited by scammers. Text messages are relatively less secure because of vulnerabilities that allow malicious actors to pose as legitimate senders. In a phishing scam involving OCBC Bank, the victim received a text message disguised as a bank claiming there was a problem with their account or credit card and containing a link to a fraudulent website disguised as a bank. This leads to many people being cheated.

Further information refers to this links:
https://www.channelnewsasia.com/singapore/sms-phishing-scams-ocbc-fake-messages-2444446

09/09/2023

In the first two quarters of 2022, Kaspersky found a total of 195,032 payment system-related phishing activities in Malaysia, including 108,755 in the first quarter and 86,277 in the second.

In the first half of 2022, the cybersecurity company also discovered and stopped 91,895 attacks of the same kind aimed at Malaysian e-commerce sites and 27,458 bank-related phishing attempts.

09/09/2023

There are some common types of phishing:

∆ Email phishing: Attackers create email message that emails display as legitimate companies to steal users' information.

∆ Spear phishing: Attackers create a similar to email phishing but the message is targeted at a specific individuals or organizations.

∆ SMS phishing: Attackers create a text message send to victims for steal their personal information.

∆ Clone phishing: The scammer will copy the email you receive, but contain dangerous attachments or links.

∆ Voice phishing: Attackers use phone call to trick user to offer their information.

∆ Whaling: Scammers target senior executives to gain access to sensitive data or funds.

08/09/2023

This is an example of a phishing email. The sender will pose as an official email from a (fictitious) bank and try to trick the recipient into revealing confidential information by "confirming" it on the phishers' website.

07/09/2023

Phishing hacking group called W3LL attack Microsoft business email accounts. The W3LL toolkit is specifically designed to hack into enterprise Microsoft 365 accounts including the Outlook email service and other software, such as Word, Excel, PowerPoint and Teams, and is "one of the most efficient and sophisticated tools in its niche." Some of the techniques W3LL uses to bypass email filters and security agents include various obfuscation methods for email headers and text bodies.

Here is the purchase page for the suite and Administration panel: