2FA and DMARC

2-factor authentication has become more vulnerable to attacks, making DMARC even more important. Recently, a researcher in named Piotr Duszyński released an open source project that allows attackers to automate a phishing attack that bypasses 2-factor authentication. The new tool, named Modlishka, allows attacker to bypass all types of 2-factor authentication except hardware security keys […]

The Value (and Risk) of DMARC Quarantine

Protect your paycheck! Direct deposit make depositing your paycheck automatic and simple… Until something goes wrong. That’s what recently happened to several Wichita State University (WSU) employees. They received an email with a link prompting them to login using their MyWSU ID and password. As it turned out, that was a phishing email that stole […]

Email Spoofing and your Bank

Alert!! STCU is warning members about a phishing email that is circulating in an attempt to steal login credentials from members. Phishing and Your Bank According to the report, there is an “official-looking” email claiming to be from STCU (Spokane Teachers’ Credit Union) requesting that members click a link and login to their account. Instead, […]

DMARC in Higher Education

There was another news article about universities that became the targets of a phishing attack. Unfortunately, it wasn’t a very big headline since it is all too common for a university to be targeted. An article from bleepingcomputer.com stated that a group of hackers continue to primarily target universities using a variety of phishing techniques. […]

How to Verify an Email’s Sender

You have an email. It looks legit and you really want to click that link, but how do you verify that it’s not a phishing scam (and you’re about to give away personal information, money, or access to your accounts or computer)? Phihing is becoming increasingly common, so it’s good to know how to identify a […]

Stop spoofing Gmail!

Stop Spoofing Gmail

Almost everyone has a personal Gmail account, maybe two or three. But Gmail is not meant to be used for businesses to send email, even small business, even tiny businesses. Gmail obviously doesn’t want you to misuse their service like this. When you send your business email from [email protected], you are claiming to be gmail.com- […]

The Emmy Results Really Could be Skewed

Emmys phishing 2018

Nathan, this is for you: You may have seen the video in which Nathan Fielder interviews a voting security expert who describes a scenario that could be used to skew the results of the Emmys. The plan is very detailed and easy to carry out, although slightly complex. That may have left you with a […]

How to send a Spoofed Email

how to send a spoofed email

Sending an email from an email account that you don’t control is called email spoofing. The problem with spoofed messages compared to other phishing messages (e.g. Nigerian Prince schemes) is that spoofed emails usually impersonate someone the recipient trusts. Essentially, the attacker is claiming the “sender’s” identity and abusing their credibility to trick the victim […]

Phishing is NOT ‘OK’

Oklahoma phishing Attack

Oklahoma state auditor’s office has become the target of a phishing attack. We’ve been warning that state governments need to start using email authentication; this is exactly why!   According to this article, there’s an email circulating claiming to be from the Oklahoma state auditors office (from someone named Kevin Anderson) that encourages recipients to […]

Another Successful Spear Phishing Attack

MassCEC spear phishing attack

According to the Boston Herald, The Massachusetts Clean Energy Center fell victim to a business email compromise scam (BEC scam), which is a type of phishing attack also called spear phishing. Spear phishing? In spear phishing scenarios, the attacker sends an email to a particular individual, the victim, claiming to be another individual, the target. […]

2017 FBI Internet Crime Report

It all starts with phishing… This month, the FBI released its 2017 Internet Crime report, which details the amount and type of internet crime reported over the year. According to the report, 3 primary types of attacks were reported- Email Compromise: Attackers send Fraudulent emails to victims requesting payments to fake locations (aka, phishing!) Tech […]

Phishing Poses the Biggest Threat to Your Email According to a Google Study

It’s highly likely that you or someone you know has had a personal email or social media account hijacked at some point. Once hijackers gain access, they often then send out messages to your entire contact list to gain control of their accounts too. Such attacks expose a ton of sensitive personal data. Hijackers use […]

WARNING: Phishing attacks likely for Tax-Related Service Providers!

Tax related phishing scams

According to a study by the Global Cyber Alliance, some of the top tax-related services providers don’t secure their domains with DMARC, leaving them open to phishing attacks. Fraudmarc examines the email security scores of many top tax related service providers. Email Authentication and Tax-Related Companies DMARC has been around for almost a decade, and […]

Netflix’s use of DMARC reduced damage from huge email scam

Netflix phishing attack November 2017

You may be aware that, last Friday, scammers sent out a phishing email to up to 110 million Netflix subscribers. The email included a link to a fake Netflix website that asked users to login and enter their credit card information. However, a clear indication of a scam can be found higher up on this […]