Whaling & CEO Impersonation: A simple (free) way to avoid it

While there is always a lot of focus on phishing emails directing users to malicious pages or capturing credentials using cloned websites, a still-very-common scam catches organisations out every day: the ceo impersonation scam. The aim of these scams is to have an employee – often a new one in the organisation – sent an…

Read more

An interview with a cyber criminal

Last week, journalist Dmitry Smilyanets published an article on The Record detailing his interview with cyber criminal Mikhail Matveev, who has gone by various monikers (Babuk, BorisElcin, Wazawaka, unc1756 and Orange). Mikhail is provides some very open and interesting insights in to the cyber criminal world, dispelling some myths and discussing the ways he and…

Read more

There are no silver bullets

An article today by TechRadar about a new Phishng-as-a-Service with MFA bypass as a key selling point reminded me of something from a few years back, I was at a security event and attending a presentation by a reputable cyber security form on social engineering. Towards the end of the presentation they began summarising some…

Read more