Cyren Security Blog

Subscribe to this Blog

Infosec Island: When Is Apple.com Not Apple.com?

by John Callon

Phishing Threat Analysis

To get up to speed on the latest technique used by phishing site operators to present legitimate-but-fake (!) web sites,  check out Cyren security researcher Magni Sigurdsson's column in Infosec Island, which details how cybercriminals are exploiting a browser capability for representing non-Latin characters to make users think they really are at apple.com, or other trusted brands' sites, and snagging their login credentials.

Is Monday the Worst Day of the Week...for Security?

by Daisy Spiridopoulos

Email Security Malware Phishing Ransomware Threat Analysis Web Security

The IT manager responsible for information security at an enterprise account — let’s call him “Steve” — recently shared an interesting story.  In general, he felt that they handle security pretty well, but he detailed one challenge that they haven't yet solved — users roaming outside the office security perimeter.

Point, Click and Hack — Phishers Try Wix

by Yaniv Ovitz

Phishing Security Research & Analysis Threat Analysis Web Security

Anyone, including phishers and malware distributors, can make a free website on Wix. Cyren analyzes one example of a Wix page targeting Office 365 users.

Global Copycats iPhishing Lost iPhones

by John Callon

Email Security Phishing Security Research & Analysis Threat Analysis

In a post last month, Brian Krebs related the case of an iPhone user in Brazil who, in attempting to recover their phone, suffered a rather insidious phishing attempt. We also had received an almost identical firsthand account — from someone in Israel.

New Phishing Wave Targets Online Banking and Digital Payment Customers

by Igor Glik

Email Security Phishing Security Research & Analysis Threat Analysis

Cyren researchers are seeing a new phishing technique targeting online banking users from Wells Fargo, Chase and Capital One, along with digital payment customers from Paypal and Venmo, among others.

This new wave of phishing attacks builds on previously known techniques, relying on email recipients clicking on HTML attachments to exploit a weakness in many email security systems, but with the additional twist that data URIs are being hidden in the HTML attachments, according to Cyren threat research analysts.

The new attack technique has taken root quickly in the past month, with nearly 50% of recent phishing attacks seen by Cyren now using HTML attachments.

Why your email isn't as secure as you think it is

by Dan Maier

Malware Phishing Ransomware

Recent headlines are chock-full of reports of email phishing attacks by cybercriminals who outwit employees to obtain sensitive personal data and financial information. Under the guise of recognized web payment and productivity tool requests, hackers lure potential victims into clicking on fake email links that are designed to steal credentials or download ransomware.