From Advanced Threats

LastPass Hack

Silver Linings to LastPass Hack

Share Button

Last night, password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users’ email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords.

In general, we are not a fan of password management tools. While they provide convenience, a central repository of any sensitive data is always going to garner greater attention from hackers.

Read more

OPM Breach

OPM Breach: From Bad to Worse

Share Button

Last week, millions of government employees were probably quite nervous to hear that their personal data had been stolen by hackers (likely from China), who gained access to a trove of data from the Office of Personnel Management. This week, the same office is opening up even more government employees to more risk, based on their response to the breach. The OPM announced that they will notify all impacted individuals by email, which makes not only the affected individuals, but also anyone else who is worried that they might be affected, now a ripe target for a phishing attack.

Read more

HCE, APIs and Mobile Payment Apps - A New Opportunity for Fraudsters

Share Button

Over the past six months, there have been a number of changes in the way the big payment and mobile technology players have approached security for payment apps.

It had been widely anticipated that the launch of Apple Pay in October 2014 would have a big impact, in part due to the technical aspects of the service. Expectations that the launch would disrupt Read more

Mobile Payment Apps

Can Smartphones Solve ATM Skimming?

Share Button

ATM skimming remains a big business for organized crime rings. According to a recent article in ATMMarketplace.com, card skimming accounted for more than $2 billion in losses. One new approach that banks are exploring to mitigate this particular vector of fraud, is the notion of using smartphones as a second Read more

Games With A Purpose – Fraud

Share Button

Human-based Computation Games, also known as Games with a Purpose, have been used by the software industry to accomplish tasks that although trivial for human beings, still pose a Read more

DMARC Compass Explorer - DMARC Readiness Assessment Tool

Share Button

Last November, we launched a new product called DMARC Compass.  DMARC Compass is designed to provide organizations with instant visibility into how many criminals are using their domain to send spam and phishing attacks. DMARC Compass has been a huge success and early feedback from our clients has been extremely positive. Read more

Malware Attacks Target Enterprises across Borders

Share Button

As we have predicted, hackers are eagerly (and successfully) branching out to verticals outside the financial sector. Below we demonstrate how a malware attack was executed under the name of a government agency, targeting the finance department of an enterprise. Read more

Anthem Records Hacked

80M Anthem Records Hacked: Where’s My Data Going? Who’s Buying?

Share Button

Details continue to emerge on the massive breach at health care company Anthem, in which hackers have gained access to information including names, birthdays, medical IDs, Social Security Numbers, street addresses, email addresses and employment information (including income), on up to 80 million people. Read more

Hotel Points and Airline Miles Fraud – Wait, What?!

Share Button

At Easy Solutions we spend a lot of time thinking, talking and researching fraud: fraud on different parts of the world and across different verticals, from the most complex to the simplest methodologies. Even with all the different variables that make up these kinds of crimes, one thing is the same across all kinds of electronic fraud—their lifecycle. The lifecycle of a fraud incident is made of three key stages: Read more

Dating Site Breached: 20M Credentials Stolen

Share Button

A hacker calling himself “Mastermind” is claiming to be in possession of over 20 million credentials for an unnamed dating site. These credentials are claimed to be 100% valid in a posting to a paste site. Included in the list are over 7 million credentials from Hotmail, 2.5 million from Yahoo and 2.2 million from Gmail.com. Read more