Abnormal Security has released a new blog revealing how attackers attempt to steal payment information by posing as UPS and FedEx and sending false shipment notifications about an upcoming delivery. Mike Britton, the CISO of Abnormal Security, will walk you through both UPS and FedEx impersonation attacks, why this phishing attack is noteworthy, and what makes these attacks challenging to detect.
Within their investigations, Abnormal Security found that shipping service providers were the third most imitated types of attacks. This attack used a remarkable level of detail and impersonation, which made the emails and the accompanying phishing sites especially convincing.
The emails sent out to victims, impersonating UPS, claimed that the package has an unclear transit status and that the recipient must verify info using the provided link. The fake FedEx notification uses a similar tactic stating that delivery was attempted but failed and the recipient must confirm their address through the provided link. In both cases, victims are encouraged to click on a link that unknowingly leads to a detailed, multi-step phishing site.
Posted in Commentary with tags Nikon on June 26, 2024 by itnerd
Nikon Canada Inc. announced the release of the NIKKOR Z 35mm f/1.4, a wide-angle prime lens that is compatible with Z mount full-frame/FX format mirrorless cameras. This fast, versatile lens offers a natural angle of view, popular among street and portrait photographers, with the creative freedom provided by a bright maximum aperture of f/1.4 – all at an affordable price.
Not only does the NIKKOR Z 35mm f/1.4 allow users to enjoy beautiful soft bokeh and three-dimensional rendering at wide apertures, its versatile 35mm focal length and short minimum focus distance of 10.6 in. (0.27 m) also makes it ideal for capturing a wide variety of scenes and subjects. From landscapes and street photography to portraits and photos of flowers and pets, photographers and filmmakers will enjoy outstanding sharpness, beautifully blurred backgrounds, and exceptional versatility in low light.
Despite its large f/1.4 maximum aperture the NIKKOR Z 35mm f/1.4 is a great “carry everywhere” lens for day-to-day shooting, weighing just 14.6 oz (415 g) and measuring only 3.4 in. (86.5mm) in length.
The superior optical performance unique to NIKKOR Z lenses allows for clear images with outstanding clarity including close-up portraits that emphasize the subject with a pleasant background blur. Stopping down the aperture when photographing landscapes realizes incredible sharpness. As a wide-angle prime lens with superior cost performance, the NIKKOR Z 35mm f/1.4 supports the capture of a great range of scenes and subjects, and will appeal to a wide variety of enthusiast creators.
Primary features of the Nikon NIKKOR Z 35mm f/1.4:
Beautiful bokeh: Max aperture of f/1.4 allows photographers and filmmakers to achieve smooth, creamy out-of-focus backgrounds while precisely controlling depth-of-field for ideal subject and background separation.
Versatile focal length: The 35mm focal length is close to that of human vision, making it ideal for capturing a wide range of scenes and subjects. On DX format Z cameras, the NIKKOR Z 35mm f/1.4 becomes a 52mm equivalent prime lens, close to the classic “standard” 50mm.
Close minimum focus: Close focus of just 10.6 in (0.27 m) is ideal for capturing details in food and flowers with a beautifully blurred background.
Compact and well-balanced: The NIKKOR Z 35mm f/1.4 weighs just 14.6 oz (415 g), making it is easy to carry and comfortable to use for hand-held shooting.
Fast and quiet autofocus: The use of a stepping motor (STM) for autofocus ensures fast and quiet autofocus for both stills and video.
Clickless control ring: Easily control key exposure settings including aperture, ISO sensitivity and exposure compensation.
Suppressed focus breathing: Advanced optical design means the NIKKOR Z 35mm f/1.4’s focal length stays consistent during focusing, which is ideal when recording video.
Dust and drip-resistant: Seals throughout the design help prevent dust and water droplets from entering the lens.
Price and Availability The new Nikon NIKKOR Z 35mm f/1.4 lens will be available in late July 2024 for a manufacturers suggested retail price (MSRP) of $819.95. For more information about the latest Nikon products, including the extensive lineup of NIKKOR Z lenses and the entire range of Z series cameras, please visit www.nikon.ca.
Posted in Commentary with tags HP on June 26, 2024 by itnerd
I’ll get right into it. HP via their Omen Transcend 16 laptop has a slim laptop which allows you to take your gaming experience anywhere. That’s important because gaming laptops tend to be big, bulky, and heavy. But slimmer doesn’t necessarily mean you’re giving up power. Here’s why, starting with the specs:
HP IR Camera Which Is Windows Hello Compatible and has a manual privacy shield
NVIDIA GeForce RTX 4070 with 8GB of VRAM
Intel Wi-Fi 7 BE200 (2×2) and Bluetooth 5.4
Gigabit Ethernet
That on paper is a pretty powerful gaming computer. I’ll get to the performance in a bit. But let’s go over the laptop itself.
Here’s the HP Omen Transcend with one of the bigger power supplies that I have seen lately. It uses a barrel connector that connects to the back of the laptop to power it. While the keyboard with the A, S, D, and W keys highlighted is a nice touch (I should not that the keyboard is also capable of RGB backlighting), the real star of the show is the 16.0″ WQXGA mini-LED Display which does 1180 nits, with a 240Hz refresh rate. With such a fast refresh rate and the sort of advantages that a mini-LED display brings in terms of deeper blacks and brighter colours, the graphics that this laptop can produce should make you a better player as you’ll be able to spot or react to enemies much easier. Especially in games where enemies may be hiding in the shadows.
Or put another way. If you buy this laptop and you still suck at Call Of Duty, it’s not the laptop’s fault.
On one side you get a 5Gbps USB 3.1 Type-A port.
On the other side you get a pair of Thunderbolt 4 ports and a headphone jack.
On the back you get gigabit Ethernet, HDMI 2.1, and another 5Gbps USB 3.1 Type-A port. Thus the port selection is quite good. There’s also a ton of ventilation along the sides and the bottom. Plus the laptop’s design raises the back end to put the keyboard at a good angle. That makes typing on the keyboard a bit more comfortable. I should also mention that I like the feel of the keyboard as well as it has really good feedback. The large trackpad is a diving board design and is best used from the bottom of the trackpad.
Now this laptop comes with BANG & OLUFSEN audio. I have to admit that it was just okay but not spectacular. But I don’t think that this will matter to most people as in the box were a pair of HyperX Cloud II Wireless headphones which is a $189.99 CAD value. Having recently reviewed the HyperX Cloud Stinger 2 Wireless Headphones, I feel safe in saying that this might be a better option for audio for competitive gamers rather than using the speakers. Besides, every gamer that I know uses headphones so the built in speakers are surplus to requirements so to speak.
In terms of weight and build quality, the laptop weighs just under 5 pounds. That makes it as heavy as my 16″ MacBook Pro. And as far as I am concerned, that’s impressive as a lot of gaming laptops that I have seen lately are heavier than that. In terms of build quality, the laptop is made of metal and it feels solid. Nothing creaked of moved during my testing. So I would say that the Omen Transcend 16 is going to survive long gaming sessions. The other thing that I will say is that it fit into my backpack and I didn’t find it to heavy to lug around as long as I didn’t take the power supply with me.
Let’s get to the good stuff as I am sure you’re reading this review to see how it performs. Much like the HyperX Cloud Stinger 2 Wireless Headphones, I decided to subject this to a Zwift team time trial race. If you read the headphone review, you can get a better understanding of what a team time trial is all about. But the reason why I chose this as a performance test is that I have an M2 Pro Mac mini that is capable of doing around 120 frames per second on Zwift. Thus I had something that I can do a direct comparison to. So I set up the Omen Transcend 16 to do a 30 KM team time trial to see what it was capable of. This is what I found out:
This laptop is capable of running Swift’s “Ultra” graphics setting which gives you the best visual detail possible. That’s something that the Mac mini, or any Mac isn’t capable of for reasons that only Zwift or maybe Apple can explain to me. The net result is that Zwift simply looks better on this laptop. Not that you notice when you’re suffering like a dog from going all out in a team time trial.
At 4K, I managed to get 160 FPS as a maximum. And I averaged 145 FPS. Both beating the Mac mini easily.
The one thing that I did notice is that 10 minutes into this team time trial that lasted 53:42 and put our team third in our time zone and category, the fans spun up significantly. Which wasn’t a surprise to me as gaming laptops have less thermal headroom when compared to desktops. Which means that a long gaming session will result in you hearing a fair amount of fan noise.
The second last area that I want to cover is the 1080P webcam. It will do if you need to use a webcam for a Zoom or Microsoft Teams meeting. But I have to admit that you need to have good lighting to get decent results out of it. Thus my recommendation would be to get a dedicated camera if you plan on live-streaming your gameplay on Twitch. Having said that, the fact that it includes a privacy shield is a very nice touch. And the fact that this supports Windows Hello is cool as well as I found it fast to recognize my face and log me in.
The last area that I will touch on is battery life. I used this as my daily driver for a week and found that I got about 5 to 6 hours of battery life. This isn’t a surprise to me as gaming laptops tend not to have the best battery life specs. But this would have been something that would have been easier for me to live with if the power adapter (which by the way is a 280W charger which explains why it is so big) were lighter. If I could give HP one piece of advice, maybe in the next version of this laptop they could use a GaN charger to reduce the size and weight. Because by doing that, this laptop would be perfect for those who want a powerful laptop for productivity as well as gaming as the power adapter wouldn’t be a size and weight penalty to those who need to plug in to charge it when required. Bonus points if that power adapter abandoned the barrel connector at the back and used USB-C/Thunderbolt 4 for charging instead as that would open things up to third party chargers as well.
So to conclude, the ideal user of this laptop would be someone who not only plays games, but does a lot of productivity work that needs a fair amount of horsepower. The HP Omen Transcend 16 is a very capable laptop that you won’t be disappointed by. HP has models with screen sizes from 14″ to 17″ and start from $1699 CAD. That gives you a fair amount of room to find a laptop that works for you needs. My Transcend 16 is available at Best Buy $2,799.95. Which I think is a good price given what you get in the box. If you’re the target user of this laptop, I’d be making a point to check it out today.
Posted in Commentary with tags Hacked on June 26, 2024 by itnerd
Over 72,000 Levi’s customers have had their accounts compromised in a credential stuffing attack, according to a notice published by the Maine Office of the Attorney General (OAG). The incident was detected on June 13.
A breach notice detailed an “unusual spike in activity” on Levi’s website that day. Levi’s subsequent investigation indicated it was a credential stuffing attack, where attackers used compromised credentials obtained from third-party data breaches to access accounts on www.levis.com. Levi’s clarified that they were not the source of the compromised credentials.
In response, Levi’s forced a password reset on June 13 for all user accounts accessed during the attack. The notice emphasized that attackers could have viewed order history, names, emails, stored addresses, and partial payment information (last four digits of card numbers, card types, and expiration dates). However, the company stated that no fraudulent purchases appeared to have been initiated using this information due to the secondary authentication required for transactions.
Levi’s advised affected customers to change their passwords for other online accounts, recommending the use of strong and unique passwords as a defense against credential stuffing threats.
“The sensitive nature of customer data and the potential risks associated with its compromise underscores the critical need for robust cybersecurity measures in the retail industry. Modernizing security operations and operationalizing threat intelligence sharing are pivotal in defending against such threats. Ensuring the security of customer information is paramount, and adopting advanced cybersecurity practices is essential in safeguarding trust and maintaining resilience against evolving cyber adversaries.”
While companies need to do better to protect customer data, I have to point out that credential stuffing attacks only work because people use the same passwords on different sites. Thus user education needs to be part of the solution so that this is an attack vector that disappears.
Posted in Commentary with tags Telus on June 25, 2024 by itnerd
TELUS has announced that it has been recognized by TIME Magazine and Statista in their inaugural list of the World’s Most Sustainable Companies, ranking 21st out of 500 global companies overall. Notably, TELUS was ranked the 2nd most sustainable Canadian company and took first place as the most sustainable telecommunications company in Canada. These accolades reflect TELUS’ global leadership in corporate citizenship and philanthropy, innovation management and environmental and social reporting for more than two decades.
TIME Magazines’ World’s Most Sustainable Companies were selected through a rigorous four step process and data analysis that considered over 20 key performance indicators including emissions and energy intensity, disclosure of its sustainability to investors assessed by the Sustainability Accounting Standards Board (SASB) and Carbon Disclosure Project (CDP) Score – reflecting TELUS’ exceptional “A- leadership” ranking of its operations. Of the more than 5,000 eligible companies globally, only 500 companies were recognized as delivering the most impactful sustainability outcomes and building a more sustainable world.
Driven by its leadership in social capitalism, TELUS has committed to ambitious science-based greenhouse gas emission reduction targets and is on track to become a carbon neutral company by 2030 or sooner. TELUS is continuing to implement sustainable practices across its business including:
● Enabling reforestation and nature restoration by planting 12.7 million trees since 2000.
● Diverting 15 million devices from landfills and upcycling and recycling four million mobile devices since 2010.
● Executing four virtual Power Purchase Agreements in Alberta for wind and solar generated electricity, keeping TELUS on track to source 100% of its electricity requirements from renewable or low-emitting sources by 2025.
● Investing in socially-responsible tech start-ups including Flash Forest, a drone reforestation company that is rapidly restoring areas impacted by wildfires and veritree, a nature-based solutions company that provides verified restoration of kelp forests and mangroves to mitigate climate change and enhance biodiversity.
● Becoming the first company in Canada to issue a Sustainability-Linked Bond (SLB) tying our cost of borrowing directly to our success in achieving sustainability targets. To date, TELUS has issued $3.7 billion CAD and $900 million USD under this framework with a target of reducing absolute Scope 1 and 2 GHG emissions by 46 per cent from 2019 levels by 2030.
● Launching TELUS Environmental Solutions, offering a range of tech-enabled nature-based solutions designed to deliver positive social and environmental impacts for customers in the areas that need it most.
● Advancing the agriculture and consumer goods sector by leveraging our technology and digital analytics to reduce waste and optimize resource consumption.
● Enhancing healthcare sustainability through digital health technologies, reducing paper use, energy consumption and carbon emissions while promoting equitable access to care.
To learn more about TELUS’ commitment to social capitalism and sustainability, visit telus.com/sustainability.
Posted in Commentary with tags Cigent on June 25, 2024 by itnerd
Cigent Technology have announced new secure storage drives to ensure data security for the broadest array of devices of any secure storage provider.
Cigent’s family of solutions, originally developed for and with U.S. federal agencies, protect against evolving threats that risk data integrity, including both physical attacks, such as cloning and wiping, and remote attacks. The solutions that Cigent brings to market today address the rampant proliferation of devices at the edge, with insufficient protections to ensure that data is protected.
Today, Cigent expands their portfolio with additional secure storage form factors providing critical data protection for systems operating at the edge, including emerging technologies such as unmanned vehicles. They offer powerful and federally certified protections with full-drive hardware encryption, wiping and cloning prevention, and remote data erasure. New solutions include:
Secure Storage SSD BGA provides new hardware encryption protection that can be embedded in devices. Meeting automotive, and Air Force temperature requirements of -40° to 105°C for operation in extreme conditions, it offers effective protection for data for unmanned vehicles, IoT, OT, and other edge devices.
Secure Storage 2230 – provides protection of PCs and tablets. The 2230 drive supports new preferred drive configuration from leading PC manufacturers including Microsoft Surface, Dell Latitude, and HP EliteBooks. Cigent is the only solution in the market providing NSA CSfC-certified pre-boot authentication (PBA) and full drive hardware encryption for modern PCs. Like the Secure Storage SSD BGA, Secure Storage 2230 meets automotive and Air Force temperature requirements, ensuring the drive can operate in extreme environments.
Secure Storage SD and MicroSD cards provide hardware-encrypted data protection with small form factors. Supporting Linux and Windows OS and meeting industrial temperature requirements, they provide flexible, robust protection for a variety of systems including PCs, tablets, OT, and unmanned vehicles, ensuring data security mission requirements.
All solutions can be managed from an enterprise management console streamline administration. In addition to the full drive encryption, all Cigent Secure Storage solutions have the ability to create hidden partitions to store the most sensitive data and allow remote erasure of data using a combination of crypto and full block wiping.
Emerging technologies and evolving mission requirements are driving significant expansion of sensitive data at the edge. A growing portfolio of systems are collecting, processing, and storing sensitive data. Cigent provides unparalleled breadth of hardware-encrypted secure storage devices that allow program managers to meet compliance mandates and ensure data remains protected. Protections have been verified by experts including NSA, NIAP, and MITRE, and are in use by many U.S. government organizations requiring the highest level of protection.
Cigent storage can be configured and administered at scale through a management console and an efficient Command Line Interface (CLI) tool. Cigent and its ecosystem of device, vehicle, and system integrator partners are ready to support procurement, delivery and deployment requirements.
UserTesting, a SaaS leader in experience research and insights, today announced the findings from its global social commerce survey conducted by Talker Research. The study focused on adults who use social media for shopping, and interestingly, found very similar experiences among American, Australian, and British consumers. This alignment underscores social media’s influence on shopping behaviors and satisfaction levels across these regions.
Key insights from the survey include:
Shopping Habits: Findings in the report suggest a consistent trend amongst adults that use social media across the United States, the United Kingdom, and Australia, and the natural adoption of social media platforms as a vehicle for shopping. 68% of American and Australian adults shop using social media, similar to 65% of adults in the United Kingdom. Americans spend an average of $262.20 per purchase, slightly more than Australians ($211.42 USD) and Brits ($192.40 USD).
Shopping Experiences: 68% of adults from both the United States and the United Kingdom reported positive social commerce experiences, just slightly more than 61% of Australian adults. This aligns with the UserTesting Retail Benchmark Report, highlighting that top retailers excel in digital experiences. Positive experiences drive stronger sales.
Spontaneous Purchases: 72% of Americans and Australians reported spontaneous purchases on social media, essentially the same as 70% of Brits. Happiness was the strongest emotion driving these purchases for 53% of Americans, 49% of Brits, and 45% of Australians.
Common Issues: 46% of Americans, 48% of Australians, and 44% of Brits have purchased items on social media that were not as advertised. Despite this, 73% of Americans and 72% of Brits would continue using the same platforms, just a little more than 66% of Australians.
Popular Purchases: Clothing is the top item purchased for consumers via social media across the three regions, with 52% of Americans, 53% of Australians, and 53% of Brits buying clothing. Gifts and shoes/accessories are also popular in the US, while Brits and Australians prefer gifts and beauty/skincare products.
Shopping Frequency: 23% of Americans shop via social media at least once a week, only slightly more than 20% of Brits and 18% of Australianss. Monthly shopping rates are close as well with 49% for Americans, 47% for Brits, and 45% for Australians.
Trust in Recommendations: Family, friends, and significant others are the most trusted sources for social media shopping recommendations, averaging a total of 75% across all regions. Content creators and influencers are trusted by a smaller percentage at an average of 9% across the three regions, and celebrities trail even further behind at an average of 3%.
The survey also highlighted the growing use of live shopping events on social media. Americans have adopted this trend more readily than their counterparts in Australia and the United Kingdom:
Live Shopping Participation: 21% of Americans have shopped via live social media events, 19% have watched without purchasing, and 40% have not tried it but do not believe it is a fad.
UK Participation: 17% have participated, 17% have watched without purchasing, and 38% have not tried it but do not believe it is a fad.
Australian Participation: 10% have shopped via live events, 15% have watched without purchasing, and 42% have not tried it but do not believe it is a fad.
Survey methodology:
This random double-opt-in survey of 2,000 general population of Americans, 1,000 general population from the United Kingdom, and 1,000 general population of Australians, who use social media platforms, was commissioned by UserTesting between May 3 and May 10, 2024. All respondents were adults. It was conducted by market research company Talker Research, whose team members are members of the Market Research Society (MRS) and the European Society for Opinion and Marketing Research (ESOMAR).
Click the link to access the UserTesting Social Commerce Report.
Pinterest is launching an exciting new feature – Board Sharing, making it easier than ever for users to share their favourite Pinterest boards in a video format across social platforms, including Instagram and TikTok.
Board Sharing allows users to compile their favourite boards into a unique video that they can seamlessly post across their key social channels. The new feature also allows users to add a link back to their boards, inviting others to further explore and engage with their curated content.
With personal curation at the heart of Pinterest, more than 10 billion boards have been created on the platform. Furthermore, Gen Z is leading the growth in the number of boards created since last year. Board Sharing will allow users to share their unique style and vision with the world and inspire others to do the same.
Pinterest pro tip: You can easily embed Pins into stories for great visuals. Simply tap on the ••• on any Pin on the Web and select “Get Pin embed code” to see the embed code.
Upon initial discovery, a reasonably sophisticated malware sample that uses a peer-to-peer (P2P) botnet for its command and control mechanism, P2Pinfect, a rust-based malware covered extensively by Cado Security in the past, mainly appeared dormant.
It would spread primarily via Redis and a limited SSH spreader, but ultimately did not have an objective other than to spread. Recently, Cado Security has observed a new update to P2Pinfect that introduces a ransomware and crypto miner payload.
P2Pinfect is still a highly ubiquitous malware that has spread to many servers. Its latest updates to the crypto miner, ransomware payload, and rootkit elements demonstrate the malware author’s continued efforts to profit off their illicit access and spread the network further as it continues to worm across the internet.
The choice of a ransomware payload for malware primarily targeting a server that stores ephemeral in-memory data is an odd one, and P2Pinfect will likely see far more profit from their miner than their ransomware due to the limited amount of low-value files it can access due to its permission level.
Cado Security can determine the command to start the ransomware was issued on May 16, 2024, and will continue to be active until December 17, 2024.
Posted in Commentary with tags Hacked on June 25, 2024 by itnerd
LockBit 3.0 claims to have pwned another victim. This time they claimed to have pwned the Federal Reserve:
Yesterday Lockbit ransomware group claimed to have ransomed the United States Federal Reserve.
1. Doubt
2. If Lockbit ransomware group actually ransomed the United States Federal Reserve it would be DEFCON 2 and the administrators would need to worry about a drone strike pic.twitter.com/CVwj0aHs5h
Steve Hahn, Executive VP, BullWall had this to say:
“Unless and until the data is released, this remains unconfirmed, but if true it’s certainly a grave situation. In having claimed that LockBit was taken down, the global agencies appear to have further accelerated LockBit’s activities and motivation. One of the leaders behind LockBit – Dmitry Khoroshev – operates a hydra-like organization with multiple heads, with new leaders emerging whenever one is taken down.
“If confirmed, this attack would rachet up the already fraught geopolitical situation by calling into question whether foundational economic and supply chain elements in the US and Western Allies under direct attack, albeit by proxy via LockBit. The Federal Reserve, already under massive scrutiny for soaring inflation, high interest rates, and perceived pandemic-era missteps, could suffer substantial reputational damage. Erosion of trust in this foundational institution would have rippling effects across the US and global economy, and impact policies far beyond those directed by the Fed itself. Stability and trust are at the core of the Fed’s charter. Erosion of that trust could weaken confidence in the dollar.
“The US can do little to prevent these Ransomware attacks, but it can buttress its defenses against them and implement failsafe kill switches that block access to data and critical resources. That requires a fundamental shift in mindset from prevention to containment, which starts with acceptance that threat actors will continuously work to bypass security defenses, and in fact may have already penetrated our most strategic organizations.
“Russian threat actors have taken down hospitals, healthcare systems like United Healthcare, city governments and even cities like the City of Oakland who had to declare a state of emergency after a successful ransomware attack that even disabled 911 services. Prevention alone isn’t working, because it can’t. Stability depends on adopting strategies that immediately contain events, segment the data, limit the attack’s impacts, and enable quick recovery. Prevention alone won’t work.”
Evan Dornbush, former NSA cybersecurity expert follows up with this:
“Responding to an attack like this after the fact is extremely delicate.
“Policy makers need to give serious thought into new strategies to deter this kind of activity from happening in the first place. Clearly sitting and waiting is not effective, and for those waiting for law enforcement or the military to take action on the victims’ behalf’s — be they private, government, or quasi-government like the Fed — all signs point to continued patience.”
Let’s see if this is confirmed in the coming days. If it is confirmed, this will be a significant score for LockBit 3.0.
Abnormal Security Unpacks Latest Phishing Attack: UPS & FedEx Impersonated to Ship Victims Directly to Phishing Sites
Posted in Commentary with tags Abnormal Security on June 26, 2024 by itnerdAbnormal Security has released a new blog revealing how attackers attempt to steal payment information by posing as UPS and FedEx and sending false shipment notifications about an upcoming delivery. Mike Britton, the CISO of Abnormal Security, will walk you through both UPS and FedEx impersonation attacks, why this phishing attack is noteworthy, and what makes these attacks challenging to detect.
Within their investigations, Abnormal Security found that shipping service providers were the third most imitated types of attacks. This attack used a remarkable level of detail and impersonation, which made the emails and the accompanying phishing sites especially convincing.
The emails sent out to victims, impersonating UPS, claimed that the package has an unclear transit status and that the recipient must verify info using the provided link. The fake FedEx notification uses a similar tactic stating that delivery was attempted but failed and the recipient must confirm their address through the provided link. In both cases, victims are encouraged to click on a link that unknowingly leads to a detailed, multi-step phishing site.
You can read the blog post here.
Leave a comment »