logo

Top

Phishing

Equifax, one of the three major credit bureaus in U.S. made a disclosure on Sept 7th that they suffered a massive data breach on July 29th, 2017. They reported an estimated 143 million consumers may be impacted, making it one the largest breaches in U.S. history. As security researchers, we've been closely monitoring the news since it broke out. In this blog post, we share some early domains that look suspicious and are worth monitoring closely. As...

My parents were visiting from India and my mother who is very keen on learning new things on the internet wanted to access her bank account online. Having heard about WannaCry Ransomware in the news in India she wanted to know if it safe for her to access her bank account online. I asked her how does she know that she is going to know that she is visiting the real site? She simply said I...

Tech support scams have been around for several years now but there are no signs of them going away. A recent crackdown by the Federal Trade Commission revealed that one Florida-based scamming company alone, victimized over 40,000 users between November 2013 and 2016. This resulted in these victims losing a total of $25 million. Another report published by the FBI, reveals there were 10,850 tech support scam complaints in 2016 alone, resulting in a loss of...

At RedMarlin Labs, we monitor various brands that are target of online abuse through attacks like phishing. Our URL scanning technology enables us to not only classify a page as phishing but also to assign a brand to it automatically. This helps us classify URL data at scale and derive interesting patterns from the data with respect to brands. In this blogpost, we summarize the data we have from a 1-month period for most phished brands. Google...

There has been quite a bit of talk lately in the media around Homograph attacks following the disclosure of a browser vulnerability by Xudong Zheng. The technique itself is not new as we've seen several talks in the past at security conferences, from as early as 2012. The good news is most modern browsers have mechanisms in place to limit homograph attacks and Zheng's proof-of-concept exploited a very specific vulnerability as you can read in his post. A...

If you use email, chances are you are aware on how to spot phishing emails. It turns out that is not enough to be safe from phishing online, with bad actors increasingly getting creative with their techniques to steal sensitive user data. We spotted a very recent Twitter account that got active barely 16 hours prior to the time of this post. It infringes on Natwest bank's brand and has been tweeting replies to unsuspecting users with links to...

As the U.S. tax filing season for 2017 approaches, we are seeing an expected rise in phishing attempts, largely trying to steal sensitive information like SSNs, IDs, bank accounts etc. This problem is only expected to grow as the tax filing deadline of April 18 gets closer. The Internal Revenue Service (IRS) recently issued an advisory  for tax professionals and tax payers to be wary of emails and links when the source is unknown or looks suspicious. It is also...