A hacker calling himself “Mastermind” is claiming to be in possession of over 20 million credentials for an unnamed dating site. These credentials are claimed to be 100% valid in a posting to a paste site. Included in the list are over 7 million credentials from Hotmail, 2.5 million from Yahoo and 2.2 million from Gmail.com. Read more
Easy Solutions is committed to supporting the emerging DMARC email authentication standard to help our customers communicate confidently and securely with their customers. We listened to your feedback and included some key features in this DMARC Compass™ release that improve performance, usability and management. Read more
Over time there is a natural tendency towards attack complexity as defensive countermeasures improve. The Easy Solutions DMS team is focused on attack detection and removal on behalf of our clients and we have monitored this trend for years. Recently we’re detected a resurgence in an attack type called “Data URI” phishing. Read more
While many are looking ahead at 2015, with both relief and some anxiety, we believe its worth taking a look back at the biggest security and fraud stories of 2014, to serve as a reminder of how the fraud landscape has evolved over the last twelve months and what you should be doing to protect your business when, not if, the next security event happens. Read more
It is no secret that phishing attacks are growing in scope and the reason is quite simple: they are still effective. For the past several years, we have seen a marked increase in the number of email driven phishing scams that coincide with the holidays. Below you’ll find an email-driven phishing scam which shows a notification from FedEx—we’ve seen this with other brand-recognized delivery couriers like UPS and DHL. You can view the US-CERT advisory here. In this instance, the notification indicates that FedEx was unable to deliver a package because there was nobody available to sign for it. Once the recipient clicks on the invoice, the phishing attack is launched. With this kind of attack, the company purported to be sending the message is also a victim as the brands themselves become associated with fraudulent activities. Read more
Most of us in the business of fighting fraud understand it is and will be an ever-changing challenge. And we expect 2015 to be no different, unfortunately. One of the most difficult expectations placed on fraud organizations is the anticipation of where fraud will occur and how often. In an effort to help you understand what the fraud landscape might look like in the year ahead, I have outlined some considerations that should be understood along with suggestions on how they should be addressed. Read more
We have recently become aware of a new scheme targeting businesses through some of the partners they trust and are closest to – their vendors and third-party providers. We are seeing evidence of these schemes popping up in the Deep Web – the black markets where criminals often sell the credentials or information they have to offer to other criminals eager to act on that information. In this emerging man in the middle scheme, fraudsters convince businesses that their vendors’ bank account information has changed, thereby funneling legitimate payments into illegitimate accounts.
Almost every day we hear of a new retailer that has experienced a data breach, frustrating financial institutions that must then deal with the fall-out. According to the recent Faces of Fraud survey, conducted by ISMG, over 70% of financial institutions were impacted by the Target breach last December alone. But how does the fraud economy work? What exactly happens to all this data that is stolen? How is it sold, and what is it worth?
Apple Pay went live yesterday. And while there has been much talk about how it's going to disrupt the payment system, and how easy it will be to use, security is once again being overlooked in the urgency for speed and convenience above all else. Read more