EMAIL EXPLAIN

  • SPAM

 

SPAM, also called junk mail,

consists of sending mail to millions

of addresses,

they just need to answer a limited number

of people to be successful.

 

The addresses collected are sold
to other spammers,

There are various forms of e-mail,
who commit fraud or fraud
or induce users to
to reveal personal data
as access credentials.

  • MALWARE

criminals use e-mail to let in
in the computer malicious software said malware

Volumetric malware attacks en masse
known vulnerabilities

ZERO-DAY malware uses vulnerabilities
never attacked

 

URL attacks click on a site
web or malicious attachments that install
malware on target computer

 

the most famous malware is RANSOMWARE
that encrypts the target disk
and demand the ransom
cause slowdowns, data loss
and restoration costs

  • EXFILTRATION OF DATA

DATA EXFILTRATION is the transfer
of data from computer to computer
attacker
access to data considered important
the damage is also due to incorrect
restore, as an untested backup system

  DATA EXFILTRATION

  • PHISHING VIA URL

Also known as website counterfeiting,
induces the user to insert credentials in a
counterfeit web site for further
attacks using credentials,
is directed to theft of data or money,
is indirect as access to networks
with credible credentials

just a few recipients who click
the fake site that the campaign is successful
thanks to worm propagation technology
from one computer to another

  • SCAM

with fake job listings or false payouts
induce you to put your data
personal in the fake site for further
attacks.
Very often they do fake fundraisers
for tragedies like hurricanes, covid-19 and fail
to be given money directly via the web

 SCAM

  • SPEAR PHISHING

Very personalized attack impersonating a trusted colleague
or a trusted website of a known company
The attack leads to steal credentials

for other offences, such as fraud or identity theft

 

also called whaling or targeted phishing
Often leads to reputational damage of the company
attached

 SPEAR PHISHING

  • IMPERSONATION OF THE DOMAIN

Domains are created similar to the real one,
maybe with a different letter or a different suffix.
Victim mistakenly opens dangerous domain
Thinking he’s gonna open the real thing.
Initially criminals buy the domain
with the fake name and then fill it up
of malware to attack

 DOMAIN IMP

 

  • IMPERSONATION OF THE MARK

There are some types of such attack,
simulating a known company or
common business application
used to capture important data
personal, credit card numbers also called
Vendor E.Mail
Compromise

  • BRAND HIJHACHING

 

BRAND hijacking is a common form of phishing
with false or counterfeit domain names
also called domain spooling

  • BLACKMAIL

Blackmail is getting more sophisticated
exploit the stolen credentials
of the victim to contact and threaten her
to have money or claim to be
in possession of a compromising video
to be disseminated among all contacts
of the victim if he does not pay
and maybe they do it anyway
also called sextortion

 BLACKMAIL

 

  • BUSINESS EMAIL COMPROMISE

The crooks who snatched credentials
of an employee of a company for
scam employees, customers, suppliers
and the same company
sometimes they do it with fake credentials
also called CEO Fraud , wholing
Social Engineering or CFO fraud

BEC

 

  • CONVERSATOR HJIACKING

Hackers get into conversations
company with accounts already taken
and start new conversations
to steal personal data or directly money
but above all to have information
commercial, business and other procedures
for new attacks
It’s less common than impersonation
of the domain, but makes dangerous
targeted attacks

CONVERSATOR HJIACKING

 

  •  SIDE PHISHING

Accounts are used already taken from
to do phishing attacks
to partners or email addresses
of the victim’s contact list
are very successful attacks

 SIDE PHISHING

 

  •  THEFT OF ACCOUNTS

Using Social Engineering, impersonating
brand and phishing , they take an account
therefore access to company data,
gain other account credentials
and exploit such accounts for other attacks

THEFT OF ACCOUNTS