Phishing Archives – Musato Technologies
loader image

We enable business and digital transformation decisions through the delivery of cutting-edge ICT solutions and products...





Get inspired…
  
  
  

Phishing

Data leaks often come from within your business

“Employees can say, ‘Security isn’t my thing,’ and expect their IT department to take charge, but it shouldn’t be that way,” says Duquette. – Data leaks

Business owners need to take the… Continue reading

Five common mistakes with endpoint encryption

Endpoint encryption is heralded as one of the cornerstones to securing data and complying with data protection regulations, but it introduces new challenges which can result in costly mistakes.
Encryption is the process of… Continue reading

Phishing and spearphishing are threats to your business 

While security professionals focus largely on identifying and patching vulnerabilities in software, the weakest security link typically ends users. Phishing is a social engineering method to fraudulently obtain information by disguising… Continue reading

Major technology security risks for your business

Technology has spawned a dizzying array of new technology security risks with complicated names such as phishing, social engineering and pretexting. Knowing about these new technology risks is already half the battle when trying totechnology security avoid these pitfalls.

1. Phishing – a technology security risk

Phishing is the use of fraudulent emails or phone calls to get sensitive information, such as bank account numbers, credit card information or passwords. Here is how it works:

If you’ve ever gotten an email that says your account has been locked or that irregular activity was detected in your account, you may have been the target of a phishing attempt. These messages typically include a link to a legitimate-seeming website, where you’re asked to give account information or download malware (see more on that below).
A phishing email or phone call may ask you to call a number to discuss a problem with your account. You might then be asked to reveal account details over the phone.
Phishing is a type of social engineering, which is an attack that uses misrepresentation to get sensitive information.

2. Pretexting – a technology security risk

Pretexting involves the creation of a fake identity or scenario to fool a person into disclosing information.

For example, a fraudster may email or call your company claiming to be a supplier, survey firm, municipal inspector or insurance company to get sensitive data. A pretext attacker could also pose as a computer technician responding to a call for service to access your network.

“They may ask for little bits of information that don’t raise red flags,” Abdulmughnee says. “But over time, bit by bit, they’re trying to build a profile that could let them steal your identity.” Continue reading

The Mobile Phishing Threat You’ll See Very Soon: URL Padding

The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret. And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day.-URL Padding

An SMS arrived? Better read it straight away.

New email? Let me at it.

URL Padding

Screenshot of URL in a mobile browser.

Somebody, I don’t care about updating their Facebook status? Great, let’s see what they’re up to.

The increased attack volume we’re seeing directed at mobile devices is really nothing more than recognition on the part of threat actors that mobile devices account for an increasingly large proportion of web traffic… but aren’t nearly as well protected as PCs and laptops.

So with all that in mind, it shouldn’t be terribly surprising that we have a new mobile phishing threat to tell you about.

URL Padding

If you’re a regular reader of our blog, you may remember that back in March we published a post on the use of top level domains (TLDs) for phishing sites. In that post, we highlighted the use of generic (i.e., non-geographic) TLDs such as .support and .cloud to create URLs that appear to be authentic. For example:

review-helpteam.support

contact-us.site

summary-account.review Continue reading