I published the following diary on isc.sans.org: “Phishing Campaigns Follow Trends“. Those phishing emails that we receive every day in our mailboxes are often related to key players in different fields (…) But the landscape of online services is ever changing and new actors (and more precisely their customers) become
Today, while hunting, I found a malicious HTML page in my spam trap. The page was a fake JP Morgan Chase bank. Nothing fancy. When I found such material, I usually search for “POST” HTTP requests to collect URLs and visit the websites that receive the victim’s data. As usual, the
The Internet Archive is a well-known website and more precisely for its “WaybackMachine” service. It allows you to search for and display old versions of websites. The current Alexa ranking is 262 which makes it a “popular and trusted” website. Indeed, like I explained in a recent SANS ISC diary, whitelists
I published the following diary on isc.sans.org: “Logical & Physical Security Correlation“. Today, I would like to review an example how we can improve our daily security operations or, for our users, how to help in detecting suspicious content. Last week, I received the following email in my corporate mailbox.
I published the following diary on isc.sans.org: “Quick Analysis of Data Left Available by Attackers“. While hunting for interesting cases, I found the following phishing email mimicking an UPS delivery notification… [Read more]
I published the following diary was published on isc.sans.org: Phishing Campaign with Blurred Images.
On a daily basis, I’m looking for malicious emails. I own catch-all mailboxes that collect a huge amount of spam that I’m using to perform deeper analysis: to discover new tactics used by attackers and new piece of malicious code. Basically, they are two categories of phishing campaigns: the one sent to
In a previous post, I explained how I was happy to have been targeted by Indian phishers who called me to report an issue with my Windows computer. Last Saturday they called back. This time, my VM was ready but I had no time for them. I asked if it
You know what? I’m happy and proud to have received my first call from the “Microsoft Support“! When I came back at home, there was already three missed calls on my private line, all of them from a strange number (001453789410). A few minutes later, the phone started to ring