Anatomy of a Phishing Attack
zvelo takes you behind the scenes of a phishing attack to show you the TTPs attackers use to gain network access and establish persistence. There is far more than meets the eye.
Phishing attacks are typically initiated via email, text/SMS messages, or instant messages which drive unsuspecting victims to phishing websites designed to deceive them into thinking they are visiting a legitimate site and allows the malicious cyber actors to steal user data, including login credentials and credit card numbers.
Malicious Office Documents: What is Old is New Again
This is the first article of a three-part series where we examine phishing attacks that faded from popularity but are now resurging — in particular, malicious Office documents.
The Rise of Single-Use Phishing URLs and the Need for Zero-Second Detection
The adoption of single-use phishing URLs is driving new demand for zero-second detections to keep up with the dwindling lifespan of phishing sites.
2019 State of Phishing and What’s Next For Phishing Detection
Ransomware is so 2017. Today, targeted phishing poses the most significant risk. But how did we get here and what’s next for AI-based Phishing Detection.
9 Tips to Improve Security Against Mobile Phishing Attacks
Over the past several years, there’s been a significant increase in mobile phishing attacks—particularly targeting enterprises. In this blog, we cover 9 tips and strategies to improve your security against mobile phishing attacks.
2018 Phishing Campaign Against Stripe Payment Processing Users
Over the years, cybercriminals have deployed increasingly sophisticated scams to deceive users of payment processing systems—particularly small and medium sized business owners—into compromising their accounts by unknowingly divulging account credentials. Here’s an example of a recent phishing campaign from Fall 2018 targeting Stripe users.
Increase in Mobile Phishing Scams Targeting Apple ID Users
A trend forming among newly identified phishing URLs shows bad actors sending fraudulent emails informing Apple ID users of outdated Apple ID information or problems with billing. The emails and internal links attempt to deceive Apple ID users into “verifying” account information. When the user proceeds to log in, the form handing over access credentials to their accounts.
Phishing Websites Detected by zvelo
Prior to this blog post, zveloLABS published a phishing URL alert about fake Apple account verification websites. Now, zvelo’s team of engineers and researchers has unearthed a new phishing attack campaign using fraudulent Facebook log-in sites.
Phishing Website Alert: Fake My Apple ID Account Verification URL
zveloLABS discovered a phishing website masquerading as an account verification page for Apple IDs, as depicted in the following screenshot and explained in this blog post.
Phishing Website Detections Down, Financial Industry Biggest Target
The Anti-Phishing Working Group (APWG) released their quarterly Phishing Attack Trends Report for the first quarter of 2013. Payment Services were reported as the most phished industry sector, followed by Financial Services.