Ian Hawes wants you to have dinner with Donald Trump. He is a 25-year old, self-proclaimed entrepreneur, and “registered genius." Ian’s story broke Monday morning on Politico and it is a cautionary tale for anyone who values their online reputation.
Tue, Aug 30, 2016
Wed, Jul 27, 2016
Regardless of their politics, the recent news of the DNC server hack, allegedly by Russian-government-backed hackers, should have security teams pulling their hair out. Why? Because the first phase of the attack used one of the oldest tricks in the book -- a phishing email attack, leveraging a copycat domain.
"For example, the first group, APT 28, often uses the same tactic: registering a domain whose name is similar to that of its target, to trick users into disclosing their passwords when logging into the wrong site. In this case, hackers set up misdepatrment.com — switching two letters — to target users of MIS Department, which manages networks for the Democratic committee." NY TImes, July 27, 2016
It should be no surprise to learn that almost every devastating cyber breach, from Target to the DNC, starts with the same exploit:
Thu, Apr 28, 2016
New Features Enhance Proactive Defenses Against Modern Cyber Exploits, Including Socially Engineered Spear Phishing, Ransomware and other BEC Attacks
TORONTO – April 27, 2016 – BrandProtect™ has significantly extended its industry leading threatSMART™ platform for cyber threat monitoring, intelligence, and mitigation with key features designed to speed analysis and enhance proactive defenses against modern cyber exploits, including socially engineered spear phishing, ransomware, and other business email compromise (BEC) attacks. New platform enhancements include MX-Record Monitoring, Advanced Incident Correlation, the BrandProtect ThreatCenter™, and new direct connections of threatSMART data feeds to popular enterprise threat analytics platforms Splunk and HP ArcSight.
“Enterprise-targeted cyberattacks are evolving rapidly. Socially engineered phishing, BEC and other focused, and unfortunately, effective schemes dominate the concerns of enterprise CISOs everywhere,” said Roberto Drassinower, BrandProtect CEO. “Today we announce the latest of our continuous enhancements to our threatSMART platform, again directly addressing the most important pain points that CISOs now face. We are filling the gaps for threat detection, intelligence, and mitigation of cyber threats that arise beyond the traditional security perimeter.”
Thu, Mar 24, 2016
Over the past 18 months there has been a phenomenal increase in the frequency of socially targeted email attacks.
The FBI recently reported that global losses related to these Business Email Compromise (BEC) scams experienced a 270% increase from January to August 2015. These kinds of attacks do real damage, including the compromise of internal networks, the inappropriate disclosure of company IP or PII, the incorrect transfer of funds from the company treasury, to name a few of the most common outcomes. Hundreds of millions of dollars have been stolen through these schemes, directly affecting corporate bottom lines.
In these sophisticated attacks, employees, and/or business partners are targeted
Tue, Dec 08, 2015
That sound you hear is a bunch of the staffers at jeb2016.com (the official Jeb Bush website) trying to make it seem like they are on top of their web presence. Or is that the Trump team, laughing? We can't be sure.
The Washington Post reported yesterday that people who type "jebbush.com" into a browser found themselves redirected to Donald Trump's official site, donaldjtrump.com. You read that right -- one of the leading candidates for the Republican nomination for President of the United States has found himself on the wrong side of one of the most basic domain abuse issues. Someone else has registered a similar domain and is using it to confuse the public. Try it: jebbush.com (It's fun!)
Yes, it's funny for a moment. But in reality it is very scary. In fact, it is potentially devastating.
The massive breach at Anthem earlier this year originated from spear phishing emails that were sent from domains that impersonated Anthem. The employees who recieved the emails did not notice that the emails originated from a rogue address. They unwittingly opened attachments or clicked on links that gave the attackers inside access to Anthem networks.
When others appropriate your web presence by registering or appropriating a similar or easily mistaken domain, they put themselves in a position to confuse your message, siphon revenues or worse.
How big a problem can it be?...
Topics: Brand Protection, data breach, scam, brand abuse, Domain Management, cybersquatting, Phishing, gTLD, brandprotect, infographic, cyber threats, online risk, brandjacking, Health Care, OSINT, Jeb Bush, Legal, Spear Phishing, CISO, CSO, InfoSec, Donald Trump, 2016 Elections, Anthem, CMO
To say that the expansion of the ICANN’s New Generic Top Level Domains is a great concern for trademark owners is an understatement. The impact on an organization’s bottom line will certainly be affected, particularly in the area of trademark protection. In a recent AFP news article, Francis Gurry, head of the World Intellectual Property Organization, explained that he believes this expansion will have a great impact on businesses as it is an “opportunity for misuse of trademarks”. What people may not know and what he points out is that registering a domain name is quick, relatively inexpensive and does not require an approval process to ensure the registration does not conflict with the rights of a trademark holder. Due to these very real concerns it is not surprising that there are a lot of discussions and debates around the New gTLDs, but what about the original 22 gTLDs like .com, .net and .info? Do businesses and their customers still need to be concerned about them? The answer in short is, yes. Below is a list of issues that should still be on your radar.
Fri, Mar 07, 2014
According to the APWG Q3 2013 Phishing Activity Trends Report, we saw a 20 percent increase in phishing with these attacks rapidly evolving and proliferating. This escalation is generally attributable to rising numbers of attacks against money-transfer and retail/e-commerce websites. As fraudsters escalate their online presence, business’ reputations are on the line. The report highlights the use of organizations’ names and logos as part of their phishing tactics, duping users into opening emails and clicking on links. The following chart indicates the number of unique phishing instances detected by the APWG (The Anti-Phishing Working Group).
Tue, Nov 05, 2013
BrandProtect would like to help keep our readers informed of the release of the new gTLD’s as they become available. Below you will see a list of the gTLD’s that will be launched in the next three months.