Dinner with Donald Trump?  Or Maybe Not??

Posted by Greg Mancusi-Ungaro

Tue, Aug 30, 2016

Ian Hawes wants you to have dinner with Donald Trump.  He is a 25-year old, self-proclaimed entrepreneur, and “registered genius."  Ian’s story broke Monday morning on Politico and it is a cautionary tale for anyone who values their online reputation. 

Read More

Topics: Domain Management, cybersquatting, 2016 Elections, Brand Threats, fraud, Masquerades

How to Be Prepared for the Oldest Trick in the Book....

Posted by Greg Mancusi-Ungaro

Wed, Jul 27, 2016

 

 

Regardless of their politics, the recent news of the DNC server hack, allegedly by Russian-government-backed hackers, should have security teams pulling their hair out.  Why?  Because the first phase of the attack used one of the oldest tricks in the book -- a phishing email attack, leveraging a copycat domain. 

"For example, the first group, APT 28, often uses the same tactic: registering a domain whose name is similar to that of its target, to trick users into disclosing their passwords when logging into the wrong site. In this case, hackers set up misdepatrment.com — switching two letters — to target users of MIS Department, which manages networks for the Democratic committee."  NY TImes, July 27, 2016

It should be no surprise to learn that almost every devastating cyber breach, from Target to the DNC, starts with the same exploit:

Read More

Topics: Identity Theft, data breach, hackers, Domain Management, Phishing, cybercrime, Spear Phishing, 2016 Elections, MX Records

BrandProtect Announces Major Updates to threatSMART Platform

Posted by Greg Mancusi-Ungaro

Thu, Apr 28, 2016

New Features Enhance Proactive Defenses Against Modern Cyber Exploits, Including Socially Engineered Spear Phishing, Ransomware and other BEC Attacks

TORONTO – April 27, 2016BrandProtect has significantly extended its industry leading threatSMART™ platform for cyber threat monitoring, intelligence, and mitigation with key features designed to speed analysis and enhance proactive defenses against modern cyber exploits, including socially engineered spear phishing, ransomware, and other business email compromise (BEC) attacks. New platform enhancements include MX-Record Monitoring, Advanced Incident Correlation, the BrandProtect ThreatCenter™, and new direct connections of threatSMART data feeds to popular enterprise threat analytics platforms Splunk and HP ArcSight.

“Enterprise-targeted cyberattacks are evolving rapidly. Socially engineered phishing, BEC and other focused, and unfortunately, effective schemes dominate the concerns of enterprise CISOs everywhere,” said Roberto Drassinower, BrandProtect CEO. “Today we announce the latest of our continuous enhancements to our threatSMART platform, again directly addressing the most important pain points that CISOs now face. We are filling the gaps for threat detection, intelligence, and mitigation of cyber threats that arise beyond the traditional security perimeter.”

Read More

Topics: Domain Management, cybersquatting, Phishing, cyber threats, Spear Phishing, CSO, threatSMART, ThreatCenter, MX Records, Splunk, ArcSight

BrandProtect Anti Phishing Adds MX Record Monitoring.
CISOs: Why This Matters To You.

Posted by Greg Mancusi-Ungaro

Thu, Mar 24, 2016

Over the past 18 months there has been a phenomenal increase in the frequency of socially targeted email attacks. 

The FBI recently reported that global losses related to these Business Email Compromise (BEC) scams experienced a 270% increase from January to August 2015. These kinds of attacks do real damage, including the compromise of internal networks, the inappropriate disclosure of company IP or PII, the incorrect transfer of funds from the company treasury, to name a few of the most common outcomes. Hundreds of millions of dollars have been stolen through these schemes, directly affecting corporate bottom lines.

In these sophisticated attacks, employees, and/or business partners are targeted

Read More

Topics: Identity Theft, Domain Management, cybersquatting, Phishing, cyber threats, online risk, Spear Phishing, CISO, CSO, FFIEC

Jeb Bush Has A Domain Problem.  Do You?

Posted by Greg Mancusi-Ungaro

Tue, Dec 08, 2015

That sound you hear is a bunch of the staffers at jeb2016.com (the official Jeb Bush website) trying to make it seem like they are on top of their web presence.  Or is that the Trump team, laughing?  We can't be sure.  

The Washington Post reported yesterday that people who type "jebbush.com" into a browser found themselves redirected to Donald Trump's official site, donaldjtrump.com. You read that right -- one of the leading candidates for the Republican nomination for President of the United States has found himself on the wrong side of one of the most basic domain abuse issues. Someone else has registered a similar domain and is using it to confuse the public. Try it: jebbush.com (It's fun!)

Download the InfoGraphic

Yes, it's funny for a moment. But in reality it is very scary. In fact, it is potentially devastating.

The massive breach at Anthem earlier this year originated from spear phishing emails that were sent from domains that impersonated Anthem. The employees who recieved the emails did not notice that the emails originated from a rogue address. They unwittingly opened attachments or clicked on links that gave the attackers inside access to Anthem networks. 

Game over.

When others appropriate your web presence by registering or appropriating a similar or easily mistaken domain, they put themselves in a position to confuse your message, siphon revenues or worse. 

How big a problem can it be?...

Read More

Topics: Brand Protection, data breach, scam, brand abuse, Domain Management, cybersquatting, Phishing, gTLD, brandprotect, infographic, cyber threats, online risk, brandjacking, Health Care, OSINT, Jeb Bush, Legal, Spear Phishing, CISO, CSO, InfoSec, Donald Trump, 2016 Elections, Anthem, CMO

How To Protect Your Company From Sketchy Domain Name Registrations and Scams

Posted by Jamila Enta

Mon, Mar 24, 2014

To say that the expansion of the ICANN’s New Generic Top Level Domains is a great concern for trademark owners is an understatement.  The impact on an organization’s bottom line will certainly be affected, particularly in the area of trademark protection.  In a recent AFP news article, Francis Gurry, head of the World Intellectual Property Organization, explained that he believes this expansion will have a great impact on businesses as it is an “opportunity for misuse of trademarks”.   What people may not know and what he points out is that registering a domain name is quick, relatively inexpensive and does not require an approval process to ensure the registration does not conflict with the rights of a trademark holder.  Due to these very real concerns it is not surprising that there are a lot of discussions and debates around the New gTLDs, but what about the original 22 gTLDs like .com, .net and .info?  Do businesses and their customers still need to be concerned about them?  The answer in short is, yes.  Below is a list of issues that should still be on your radar.

Read More

Topics: Domain Management, cybersquatting, Phishing

APWG Reports Phishing up 20%: Criminals Pose as Brands for Better Catch

Posted by Nick Stuparich

Fri, Mar 07, 2014

According to the APWG Q3 2013 Phishing Activity Trends Report, we saw a 20 percent increase in phishing with these attacks rapidly evolving and proliferating. This escalation is generally attributable to rising numbers of attacks against money-transfer and retail/e-commerce websites. As fraudsters escalate their online presence, business’ reputations are on the line. The report highlights the use of organizations’ names and logos as part of their phishing tactics, duping users into opening emails and clicking on links. The following chart indicates the number of unique phishing instances detected by the APWG (The Anti-Phishing Working Group).

Read More

Topics: brand abuse, Domain Management, Phishing, APWG

New gTLD’s being released in the next 3 months

Posted by Elyse Neumann

Tue, Nov 05, 2013

BrandProtect would like to help keep our readers informed of the release of the new gTLD’s as they become available.  Below you will see a list of the gTLD’s that will be launched in the next three months.

Read More

Topics: Domain Management, ICANN, gTLDs

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all