www.trustwave.com
Open in
urlscan Pro
52.151.96.240
Public Scan
Submitted URL: https://login.healthfidelity.live/
Effective URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-bec...
Submission: On August 20 via automatic, source certstream-suspicious
Effective URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-bec...
Submission: On August 20 via automatic, source certstream-suspicious
Form analysis 4 forms found in the DOM
<form><span class="fieldset">
<p><input type="checkbox" value="check" id="chkMain" checked="" class="legacy-group-status optanon-status-checkbox"><label for="chkMain">Active</label></p>
</span></form>GET /en-us/search/
<form method="get" target="_self" action="/en-us/search/">
<div class="mb-7">
<input type="text" class="form-control" id="q" name="q" placeholder="Search trustwave.com">
</div>
</form>GET https://www2.trustwave.com/Subscription-Center-Subscribe.html
<form method="get" target="_blank" action="https://www2.trustwave.com/Subscription-Center-Subscribe.html">
<div class="row g-7">
<div class="col-md-6 col-lg-7">
<input type="text" class="form-control" name="Email" placeholder="Email Address">
</div>
<div class="col-md-6 col-lg-5">
<button class="btn btn-primary w-100" type="submit">Subscribe</button>
</div>
</div>
</form><form></form>Text Content
Cookie Notice
We use cookies to provide you a relevant user experience, analyze our traffic,
and provide social media features. Privacy Policy
Close
GOT IT
* Your Privacy
* Strictly Necessary Cookies
* Performance Cookies
* Functional Cookies
* Targeting Cookies
* Privacy Policy
Privacy Preference Centre
Active
Always Active
Save Settings
Allow All
* Services
Services
*
Managed Detection & Response Eradicate cyberthreats with world-class intel
and expertise
*
Managed Security Services Expand your team’s capabilities and strengthen
your security posture
*
Consulting & Professional Services Tap into our global team of tenured
cybersecurity specialists
*
Penetration Testing Subscription- or project-based testing, delivered by
global experts
*
Database Security Get ahead of database risk, protect data and exceed
compliance requirements
*
Email Security Catch email threats others miss and prevent data loss
View All Trustwave Services
* Solutions
Solutions
BY INDUSTRY
* Education
* Financial Sector
* Government
* Healthcare
* Hotels
* Legal
* Payment Services
* Restaurants
* Retail
BY REGULATION
* Data Privacy
* CMMC
* FISMA
* GDPR
* GLBA
* HIPAA
* ISO
* PCI
* SOX
BY TOPIC
* Microsoft Exchange Server Attacks Stay protected against emerging threats
* Rapidly Secure New Environments Security for rapid response situations
* Securing the Cloud Safely navigate and stay protected
* Securing the IoT Landscape Test, monitor and secure network objects
* Why Trustwave
Why Trustwave
* The Trustwave Approach A focus on threat detection and response
* Trustwave SpiderLabs Team Researchers, ethical hackers and responders
* Trustwave Fusion Platform Unprecedented security visibility and control
* SpiderLabs Fusion Center Our cybersecurity command center
* Security Operations Centers Distributed worldwide defense nodes
* Partners
Partners
* Technology Alliance Partners Key alliances who align and support our
ecosystem of security offerings
* Trustwave PartnerOne Program Join forces with Trustwave to protect against
the most advance cybersecurity threats
* Register
Login
* Resources
Resources
BLOGS
* Trustwave Blog
* SpiderLabs Blog
UPCOMING
* Webinars
* Events
MEDIA & ASSETS
* Document Library
* Video Library
* Analyst Reports
* Trials & Evaluations
NOTICES
* Security Advisories
* Software Updates
HELP
* Contact
* Support
* Login
Login
Fusion Platform Login
What is the Trustwave Fusion Platform?
* MailMarshal SEG Login
* Legacy TrustKeeper Login
* Incident Response
Incident Response
EXPERIENCING A SECURITY BREACH?
Get access to immediate incident response assistance.
24 HOUR HOTLINES
* AMERICAS
+1 (312) 598-1431
* EMEA
+44 175 477-2059
* AUSTRALIA
1800 401 792
* SINGAPORE
800 101 3355
Recommended Actions
Loading...
BLOGS & STORIES
TRUSTWAVE BLOG
The Trustwave Blog empowers information security professionals to achieve new
heights through expert insight that addresses hot topics, trends and challenges
and defines best practices.
143
WHAT TO DO WHEN YOU‘RE GETTING PHISHED BUT HAVE NO IDEA BECAUSE IT LOOKS TOTALLY
AUTHENTIC
access_timeMay 04, 2017
person_outlineDan Kaplan
share
*
*
*
A "huge, startlingly fast-moving, and perplexing" phishing attack made its way
to an estimated one million-plus Gmail users on Wednesday.
The scam, which spread via legitimate-looking invites that came from a trusted
contact asking the potential victim to view a Google Docs file, quickly became
the talk of the cyber world after it appeared to first target media
organizations and then spread like wildfire soon after.
"[W]hen you click on the [invite] link to open the file, you are directed to
grant access to an app that looks like Google Docs but is actually a program
that sends spam emails to everyone you've emailed," according to a Recode story,
which cited a thread on Reddit.
> @zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
>
> — Zach Latta (@zachlatta) May 3, 2017
Google quickly fixed the issue, which did not relate to a vulnerability on its
end, by removing the bogus pages and applications involved in the attack. Adding
to the intrigue is that an ethical hacking student at U.K.-based Coventry
University is now claiming the whole incident was an accident and was merely
meant as a test for a final project he was working on - although there is
rightful skepticism abound.
Google on Wednesday night suggested fewer than 0.1 percent of its Gmail user
base was affected, although our own (admittedly unscientific and short-sampled)
Twitter poll found that 39 percent of respondents received or know someone who
received the phishing message. Did you? Please vote.
But beyond the attack itself, it is worth reminding you that phishing messages
only seem to be getting savvier and more authentic-looking, fooling even
seasoned experts. Gone are the days when obvious misspellings and grammatical
errors provide a dead giveaway that shenanigans are at play.
I asked Trustwave VP of Security Research Ziv Mador whether organizations should
just wave the white flag of surrender - or if there are still steps they can
take to keep phishing at bay.
"Some attacks are so well crafted that while we can provide some tips, they are
so slight that you really can't blame the victim anymore for doing something
unreasonable," Ziv told me. "The Grand Mars operation is another good example."
(That op, by the way, uses phone calls to add legitimacy).
Nobody wants to go through life thinking everyone is out to get them, but
practicing extreme cautiousness on the web these days still can pay dividends.
Ziv suggested that you:
1) THINK BEFORE YOU CLICK
"Don't rush to click links even if they seem legit and sent by someone you know.
If you did not expect them, check with your contact first to see if they
intended to send it. Remember, once your machine is infected, the malware may
send emails on your behalf."
2) DIG DEEPER
"If you have doubts about an email or invite - such as the tactic used with
Google Docs - first check the developer information or any other information
about the application or website involved. If the information there doesn't seem
right, don't continue (e.g. do not grant permissions)."
3) TURN TO TECHNOLOGY AND TEACHING
"For businesses especially, deploy a secure web gateway, which leverages
sophisticated logic to detect web-based attacks. Also, continually educate your
employees on how to identify phishing attacks, especially the ones that are so
good, you just can't believe they are malicious."
Dan Kaplan is manager of online content at Trustwave and a former IT security
journalist.
RELATED TRUSTWAVE BLOGS
Aug 11, 2021
TRUSTWAVE RECOGNIZED AS A TOP 10 MSSP BY CYBER DEFENSE MAGAZINE
News
Aug 04, 2021
MANAGING SUPPLY CHAIN CYBER RISK: KNOW WHAT YOU CONTROL – AND DETECT WHAT YOU
DON’T
Emerging Threats
Aug 03, 2021
THE 3 BIGGEST PIECES OF THE HEALTHCARE DATA SECURITY PUZZLE
Perspectives
* About
* Contact
* Support
* Careers
* Newsroom
STAY INFORMED
Sign up to receive the latest security news and trends from Trustwave.
Subscribe
SERVICES
* Managed Detection & Response
* Managed Security Services
* Consulting & Professional Services
* Penetration Testing
* Database Security
* Email Security
* All Services
WHY TRUSTWAVE
* The Trustwave Approach
* Trustwave SpiderLabs
* SpiderLabs Fusion Center
* Trustwave Fusion Platform
* Securing Operation Centers
PARTNERS
* Global Technology Partners
* PartnerOne Program
* Become a Partner
* PartnerOne Portal Login
COMPANY
* Leadership Team
* Our History
* Awards & Accolades
* Global Locations
* Careers
* Newsroom
SOLUTIONS BY TOPIC
* Microsoft Exchange Server Attacks
* Securing the Cloud
* Rapidly Securing New Environments
* Securing the IoT Landscape
SOLUTIONS BY INDUSTRY
* Education
* Financial Sector
* Government
* Healthcare
* Hotels
* Legal
* Payment Services
* Restaurants
* Retail
SOLUTIONS BY REGULATION
* Data Privacy
* CMMC
* FISMA
* GDPR
* GLBA
* HIPAA
* ISO
* PCI
* SOX
BLOGS
* Trustwave Blog
* SpiderLabs Blog
UPCOMING
* Webinars
* Events
MEDIA & ASSETS
* Document Library
* Video Library
* Analyst Reports
* Trials & Evaluations
NOTICES
* Security Advisories
* Software Updates
HELP
* Contact
* Support
English German (Deutsche) Japanese (日本語)
* Legal
* Terms of Use
* Privacy Policy
Copyright © 2021 Trustwave Holdings, Inc. All rights reserved.
Loading
HELP US STOP THE ROBOT UPRISING
This is a bot-free zone. Please check the box to let us know you're human.
THANK YOU
Download Now
--------------------------------------------------------------------------------
Read complimentary reports and insightful stories in the
Trustwave Resource Center
THANK YOU
One of our sales specialists will be in touch shortly.
--------------------------------------------------------------------------------
Read complimentary reports and insightful stories in the
Trustwave Resource Center