INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Are typos still relevant as an indicator of phishing?
Last Updated: 2023-10-16 07:17:38 UTC
by Jan Kopriva (Version: 1)
I was recently asked by a customer whether it still makes sense to cover “typos” as a potential indicator that an e-mail message may be malicious in the context of security awareness courses.
One might not expect typos to be relevant anymore, given the prevalence of automated language proofing solutions and the availability of modern LLMs, which threat actors may avail themselves of, coupled with advanced capabilities of modern security solutions used to automatically identify and filter out spam and malicious messages… Nevertheless, the truth is that although the aforementioned indicator may not be as useful as it once was, it may still point a recipient in the right direction.
One good example of why this is so was provided by a phishing campaign we saw last week, when several messages, which were trying to masquerade as e-mails from the WeTransfer service, were delivered to our ISC inbox ...
Read the full entry:
Changes to SMS Delivery and How it Effects MFA and Phishing
Last Updated: 2023-10-17 14:02:19 UTC
by Johannes Ullrich (Version: 1)
Spam and phishing SMS messages (sometimes called "smishing") have been problematic in recent years. These messages often bypass security controls and are more challenging to identify as malicious by users. Moreover, they can be just simply annoying.
This post does apply to US telecom companies. Let me know how this is being dealt with in other countries.
Here is a simple "stupid" one I just received yesterday ...
But often, you will now see "smishing" that asks you to reply. For example, an attack I wrote about recently ...
Initially, I figured it might be required to reply to the message to "activate" the phishing page. This would certainly make analysis of these messages more difficult. But the phishing page was accessible even without replying. So there must be another reason for this.
My best guess is that these messages are asking for replies to fool anti-spam techniques put in place by carriers. Over the last few years, carriers in the US have implemented more and more anti-spam measures for SMS. This is partly driven by regulations that initially allowed carriers to filter messages, and now, more and more require them to implement filters. T-Mobile, for example, uses a detailed "code of conduct" to inform customers what T-Mobile considers appropriate behavior.
Red the full entry: