www.eridiumdriver.com
Open in
urlscan Pro
135.181.34.149
Public Scan
Submitted URL: https://www.eridiumdriver.com/i067uvppx8iukq0b
Effective URL: https://www.eridiumdriver.com/awareness/v/i067uvppx8iukq0b/index.html
Submission: On January 26 via manual from US — Scanned from DE
Effective URL: https://www.eridiumdriver.com/awareness/v/i067uvppx8iukq0b/index.html
Submission: On January 26 via manual from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
Toggle navigation * Home * phishing * vishing * smishing * social * tips DON'T GET HOOKED HOW TO RECOGNIZE AND AVOID PHISHING ATTACKS WHAT IS PHISHING? THE GO-TO SOCIAL ENGINEERING STRATEGY Phishing (pronounced like fishing) is a form of social engineering that uses email or malicious websites (among other channels) to solicit personal information from an individual or company by posing as a trustworthy organization or entity. Phishing attacks often use email as a vehicle, sending email messages to users that appear to be from an institution or company that the individual conducts business with, such as a banking or financial institution, or a web service through which the individual has an account. The goal of a phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or executing a malicious file. PHISHING ATTACK METHODS MASS-SCALE PHISHING An attack where fraudsters cast a wide net of attacks that aren't highly targeted. READ MORE MASS-SCALE PHISHING The most common form of phishing is mass phishing because there are no specific targets and the fraudulent social engineering technique is usually sent to myriad of people. Thus, no information gathering is necessary for the phishing attempt to be performed as the cyber-criminal disguises his message as coming from an entity used by many people. SPEAR PHISHING Tailored to a specific victim or group of victims using personal details. READ MORE SPEAR PHISHING Spear-phishing is referred to as “the main email attachment threat”. A common manner of tricking targets in spear-phishing is to disguise a malicious attachment in a file extension that the victim will not open as a corporate document in a popular file extension used for various documents Furthermore, in spear-phishing, perpetrators often disguise their messages as coming from within the entity they wish to penetrate which is also where the target works, whereas in mass-phishing, they impersonate a global and/or popular brand to which the victim may or may not be a customer and such cyber-criminals do not wish to infiltrate the brand they impersonate. WHALING Specialized type of spear phishing that targets a "big" victim within a company. READ MORE WHALING Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities. As with any phishing endeavor, the goal of whaling is to trick someone into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. The attacker may send his target an email that appears as if it's from a trusted source or lure the target to a website that has been created especially for the attack. Whaling emails and websites are highly customized and personalized, often incorporating the target's name, job title or other relevant information gleaned from a variety of sources. KEEP YOUR EYES OPEN FOR ALL FORMS OF PHISHING ATTACKS! EMAIL PHISHING Fraudsters send phony emails that appear to come from valid sources in an attempt to trick users into revealing personal and financial information. WHAT TO LOOK FOR? From: Easy Pay Support To: ap@yourcompany.com CC: Subject: Please pay overdue toll * Message * E-pass 0000319.zip Notice to Appear, Impersonalized Messages You have not paid for driving on a toll road and the fee past due Scare Tactics The copy of the invoice is attached to this email. Best Regards, John Doe, Easypass Agent. Imitating a Known Brand Sender Name and Domain Spoof Known Brand Compressed Attachments HIGHLY PERSONALIZED MESSAGES Unlike mass phishing emails, spear phishing messages are highly personalized and will often reference coworkers' or friends' names. * To : jsmith@bigbank.com * Subject : Urgent Notice * Dear James, We were contracted by your HR Director, Anne Wallece. EMBEDDED MALICIOUS FILES Common file attachments (.doc, .xls, .ppt, etc.) can contain malicious macros. * Security warning * Macros have been disabled. * Enable content SPOOFED LINKS Spoofed link text can hide a hyperlink's actual destination to a Spoofed Website. * To : jsmith@bigbank.com * Subject : Urgent Notice * www.bigbank.com SPOOFED WEBSITES Links to spoofed versions of well-known websites can look legitimate to the untrained eye. They are used to steal info submitted via forms and/or distribute malware to visitors. https://www.bankofannerica.com * Secure Sign In * Banking * credit cards VISHING Short for "voice phishing," vishers use the telephone to solicit unsuspecting victims for financial or personal details. WHAT TO LOOK FOR? PERSONAL DATA It can be gathered from social media profiles, providing criminals with sensitive details to make attacks seem more legitimate. FEAR TACTICS Vishers use fear tactics to con you into thinking your money is in danger and you must act quickly. PERSUASIVE PHONE TACTICS Their tactics are "too good to be true" and are a dead giveaway of criminal activity. * Phoenix, * AZ 555-555-5555 Scammers often alter phone numbers/IDs to disguise the real origin of the call. VISHERS ARE POSING AS IRS AGENTS THREATENING PARTIES WITH ARREST, DEPORTATION, LICENSE REVOCATION, ETC. IRS REPORTS FROM JANUARY 2016 SHOW THAT SINCE OCTOBER 2013: 896,000 people have been solicited by scammers claiming to be IRS officials. * * 5000 * VICTIMS HAVE COLLECTIVELY * paid over * $26.5 MILLION SMISHING SMS messaging attacks where fraudsters send phony texts in an attempt to con you into divulging private information or infecting your phone with malware. WHAT TO LOOK FOR? '5000' OR OTHER NON-CELL NUMBERS are most likely scammers masking their identity by using email-to-text services. Spoofed Websites are most likely scammers masking their identity by using email-to-text services. 5000 Dear Walmart shopper, Congratulations! You have just won a $1000 Walmart Gift Card. Click here to claim your gift. www.wmartlick.com (cancel: reply STOP) (405) 777-0909 Notice: this is an automated message from Miami University Community Federal Credit Union. Your ATM card XXX4 0505 has been suspended. Click this link to reactivate: bitly.ru/ar f4qwpr zf3290 Smishers are most likely scammers masking their identity by using email-to-text services, unknown numbers or unsolicited messages. Smishers may use the first few digits of your debit/credit card to pressure a response. BANKS, FINANCIAL INSTITUTIONS, SOCIAL MEDIA PLATFORMS, AND OTHER BUSINESS ACCOUNTS SHOULD BE CONTACTED DIRECTLY TO DETERMINE IF THEY SENT YOU A LEGITIMATE SMS REQUEST. SMISHERS HAVE EVEN SPOOFED THE TWO-FACTOR AUTHENTICATION FOR GMAIL, HOTMAIL, AND YAHOO MAIL Authentication systems were breached by "smishers" who conned users into resetting their passwords in order to gain access to victims' email accounts. * 1 * An attacker secures a victim's email address / phone number from public sources. * 2 * The attacker poses as the victim and asks Google for a password reset. * 3 * Google sends a reset code to the victim. * 4 * The smisher texts victim with fraudulent message: "Google has detected unusual activity on your account. Please respond with the code sent to your mobile device immediately." * 5 * The victim sends the password verification code to the smisher, thinking that the request came from Google. * 6 * The attacker uses the code to reset the victim's password and take control of their account. SOCIAL MEDIA PHISHING CYBER CRIMINALS USE SOCIAL MEDIA AS A CHANNEL TO CARRY OUT PHISHING ATTACKS AIMED AT STEALING PERSONAL INFORMATION OR SPREADING MALWARE. SOME ATTACKS ARE EVEN USED TO HIJACK YOUR ACCOUNTS AND LAUNCH FOLLOW-UP ATTACKS ON YOUR CONNECTIONS OR FOLLOWERS. WHAT TO LOOK FOR? PLAY-PRETEND Scammers create a replica account and inform victim friends/followers that their previous account was abandoned. Messages are sent to victim friends asking the recipient to click on a link with the aim of collecting personal data, e.g., credit/debit card numbers. BOGUS POSTS Social network feeds can contain bogus posts that trick users into clicking on a link and providing personal info. SOCIAL MEDIA MALWARE Scammers can pose as a friend/follower and send messages with links to sites that are infected with malware. Even messages from known friends and followers may include links to sites that have been hacked. * * Ray Thomas 30 mins Decided to make a new account * * Ray Thomas 30 mins * * Ray Thomas 30 mins Hey! check this out,i cant’t believe they got this picture of you!!! bitly.xyz/345Fw041 Ray Thomas Hey Joe!, You should sign up for this free giveway. http://bitly.xyz/345Fw041 Admin Hey Joe!,We notice a security thread on your account. Would you like to rest your password now? http://bitly.xyz/345Fw041 STAY SUSPICIOUS Phishers can pose as admins from social networking sites in an effort to gain access to passwords/other account info. FIRST THINGS FIRST - BE VIGILANT ONLINE AND USE YOUR COMMON SENSE! * Always be suspicious of any unsolicited communication from businesses or individuals, regardless of the message medium. * Don't click on links or attachments in suspect emails, texts, or social media messages. * Directly contact the purported sender via their official website, phone number, or email address if you are not sure about the legitimacy of a message you have received. * Report suspected phishing scams to your IT and security teams. * File a complaint with the FBI Crime Complaint Center (IC3) to help shut down cyber criminals. © Copyright 2022 ASK. All Rights Reserved.