Tag: social engineering
Email Headers An excellent source of internal configuration information can be gleaned from email headers. Attackers can simply fire off a few email inquiries to folks at an organization and see what they can find. Here’s a typical email header using our example company, Boring Aeroplanes, from our phishing example. Note both internal and…
Read MoreData from the Retail Cyber Intelligence Sharing Center (R-CISC) echoes the F5 SOC findings and shows that dramatic increases in shopping activity actually continue into January, making retailers a likely target of attackers.1 In a 2018 survey of R-CISC members, respondents expressed their concern, identifying phishing, credential compromise, and account takeover (ATO) among their top…
Read MoreAdvanced Attackers Like criminal actors, state-sponsored actors or APTs often initiate their illicit access campaigns with spear phishing. However, advanced actors have more time and resources on their hands, and can fashion something of value even from apparently useless data. Large caches of innocuous information, such as email addresses, can be used to look for…
Read MoreUse of Cyber Deception to Influence Voters Rather than directly manipulate votes, cyber attackers are now finding success in misleading the voters themselves. Once again, social engineering triumphs over technology. The key to this tactic is simple, and cyberwarfare researcher The Grugq said it best, “People will believe what their computers tell them is reality.”…
Read MoreIntroduction Welcome to F5 Labs’ third annual report on phishing and fraud. Once again, we’re bringing you data from our partner Webroot® as well as the F5 Security Operations Center. Phishing continues to be a major source of profit for cyber-criminals, and a big hassle for cyber-defenders. In the F5 Labs 2019 Application Protection Report,…
Read MoreIt’s that special time of year again! In perhaps the most festive of all end-of-the-year traditions, the cyber security community tries to predict the next big scary incident which will make headlines in the new year. At the risk of sounding cynical, building strategies to respond to cyber security threats are a bit like New…
Read MoreIntroduction In part one of this two-part series, we define digital identity and explore the attack vectors cybercriminals use at each stage in the identity lifecycle. Everything that we do as individuals has found its way into the digital world. From communicating with friends to purchasing good or services—even getting an education and managing investments…
Read MoreIntroduction As stories of electronic fraud fill the daily news, we’re still answering the question “What is phishing?” In 2020, it continues to be one of the most prevalent attack types, so let’s look at what phishing is, why it is so successful, and what you can do to avoid becoming a victim. What…
Read More