Throughout 2017 we observed a major increase in phishing efforts, reaching peak levels over the summer, and this trend has continued to intensify in 2018. Much of this effort was expertly tailored to gather users’ login credentials to their preferred email provider. Ultimately attempting to compromise Office365, Gmail, ...Read More
Tis the season ... and hackers are not taking a break. Already we are starting to see emails targeting online shoppers.
Taking advantage of all those online sales also means waiting for and tracking your packages to make sure they arrive safe and sound on your doorstep. And that is exactly what hackers are counting on. Be...Read More
Move over macros, Office DDE exploits arrive!
Office macros have been the primary choice of attacks by malicious actors for years. IT administrators and users have learned to be cautious before running macros. The Dynamic Data Exchange (DDE) protocol has been around much longer but hadn't been used for attacks. It's a...Read More
All of us at AppRiver are grieving for the heinous act that took place Sunday night in Las Vegas. And while the tragedy will get its fair share of media attention in coming weeks, we want to sound a warning bell before people are taken advantage of.Read More
A little over two weeks ago we posted about the first Hurricane Harvey scam emails that appeared in our spam traps. The hurricane scams continue to persist without showing any signs of slowing down soon.
Scammers are now using Harvey and Irma references or just a generic email to encompass any hurricane assistance efforts.Read More
Attack Overview and Statistics
SANS Institute conducted a survey on how attackers were able to compromise user devices. They found 74 percent entered via an email attachment or email links, 48 percent from web based drive-by or download, and 30 percent through application vulnerabilities. Phishing (72 percent), spyware...Read More
After every large news-making event, we see malicious campaigns pop up quickly to ride the coattails. It is very easy for the scammers to modify their malevolent templates to match the latest headlines. They do this to prey on users emotions. The scams range from simple social engineering to malicious programs that...Read More
It's that time of the year where tax forms are filed and (unfortunately) personal information is sent around via unencrypted email. Internal email, that is email between users in a company on their own email system, can be considered as secure as the server itself for the most part (which one may interpret the degree of...Read More
PDF phishing emails seem to be popular these days. While the PDF format isn't immune to its own vulnerabilities used for malware, the biggest abuse we see is a phishing link embedded in the PDF leading to an external site. With the popularity of PDF files in general and the fact you can embed links in them, it makes sense...Read More