- Social Engineering Scammers in Action: Domain Names and Family Resettlement to Australia
Scammers sent emails impersonating Australian immigration authorities to collect passport copies, photos, fingerprints, and personal details for identity theft. They used domain names with misleading...
- Malware Researching Scams Helps Understand Human Vulnerabilities
Online scammers exploit predictable human vulnerabilities: starting scams in the physical world, customizing messages with victims' locations, appealing to vanity and self-interest, posing as...
- Social Engineering Looking for Anomalies in Check Overpayment Scam Correspondence
Check overpayment scams convince victims to deposit fraudulent cashier's checks and forward the "extra" funds before the forgery is discovered. Warning signs include strange punctuation, extraneous...
- Encryption How Digital Certificates Are Used and Misused
Digital certificates enable HTTPS communications, software signing, VPNs, and Wi-Fi authentication, but the PKI ecosystem shows weaknesses. Attackers misuse stolen code-signing certificates, CAs...
- Privacy Establishing a Decoy Honeypot Persona
A honeypot persona is a fake online identity designed to attract and deceive scammers, deflecting attacks from the real person. Decoy profiles can expose inaccurate information while the legitimate...
- Malware Attributing Cyberattack Activities to a Group in India
Researchers attributed coordinated cyberattacks against South Asian organizations to a group operating from India based on target profiles, decoy document contents, embedded debug strings,...