AppRiver Blog

Holiday Shopping Online? Here Is What To Watch For

Tis the season ... and hackers are not taking a break. Already we are starting to see emails targeting online shoppers.

Taking advantage of all those online sales also means waiting for and tracking your packages to make sure they arrive safe and sound on your doorstep. And that is exactly what hackers are counting on. Be...

Read More

Move over Macros, Office DDE exploits arrive

Move over macros, Office DDE exploits arrive!

Office macros have been the primary choice of attacks by malicious actors for years.  IT administrators and users have learned to be cautious before running macros. The Dynamic Data Exchange (DDE) protocol has been around much longer but hadn't been used for attacks.  It's a...

Read More

Watch for malicious scams in wake of Las Vegas shooting

All of us at AppRiver are grieving for the heinous act that took place Sunday night in Las Vegas. And while the tragedy will get its fair share of media attention in coming weeks, we want to sound a warning bell before people are taken advantage of.

Read More

Hurricane Scams Continue to Make Landfall

A little over two weeks ago we posted about the first Hurricane Harvey scam emails that appeared in our spam traps.  The hurricane scams continue to persist without showing any signs of slowing down soon.

Scammers are now using Harvey and Irma references or just a generic email to encompass any hurricane assistance efforts.

Read More

Social Engineering Attack Escalation

Attack Overview and Statistics

SANS Institute conducted a survey on how attackers were able to compromise user devices.  They found 74 percent entered via an email attachment or email links, 48 percent from web based drive-by or download, and 30 percent through application vulnerabilities.  Phishing (72 percent), spyware...

Read More

Phishing attempts riding WanaCry coattails

After every large news-making event, we see malicious campaigns pop up quickly to ride the coattails.  It is very easy for the scammers to modify their malevolent templates to match the latest headlines. They do this to prey on users emotions.  The scams range from simple social engineering to malicious programs that...

Read More

Gone Phishing

Before you open that next email from a well-known company – news site, bank, vendor – give yourself an extra second or two to examine it closely. Here at AppRiver, we’ve seen a dramatic increase in phishing attempts lately and you don’t want to be next on the hook.

Read More

SpearPhishers Reeling in Tax Returns

It's that time of the year where tax forms are filed and (unfortunately) personal information is sent around via unencrypted email. Internal email, that is email between users in a company on their own email system, can be considered as secure as the server itself for the most part (which one may interpret the degree of...

Read More

Spoofed Navy Federal emails with PDF's linking to Phishing site

PDF phishing emails seem to be popular these days. While the PDF format isn't immune to its own vulnerabilities used for malware, the biggest abuse we see is a phishing link embedded in the PDF leading to an external site. With the popularity of PDF files in general and the fact you can embed links in them, it makes sense...

Read More

PayPal credentials make for popular Target

An onslaught of PayPal themed messages have been hitting our filters over the past few weeks. Utilization of attached (.)HTM/HTML files to distribute malware and phishing attacks has been actively used for the better part of a decade now. This file type is still considered relatively low risk since they are still shared...

Read More