SPAM, also called junk mail,

consists of sending mail to millions

of addresses,

they just need to answer a limited number

of people to be successful.

 

The addresses collected are sold
to other spammers,

There are various forms of e-mail,
who commit fraud or fraud
or induce users to
to reveal personal data
as access credentials.

criminals use e-mail to let in
in the computer malicious software said malware

Volumetric malware attacks en masse
known vulnerabilities

ZERO-DAY malware uses vulnerabilities
never attacked

 

URL attacks click on a site
web or malicious attachments that install
malware on target computer

the most famous malware is RANSOMWARE
that encrypts the target disk
and demand the ransom
cause slowdowns, data loss
and restoration costs

DATA EXFILTRATION is the transfer
of data from computer to computer
attacker

  access to data considered important
the damage is also due to incorrect
restore, as an untested backup system

Also known as website counterfeiting,
induces the user to insert credentials in a
counterfeit web site for further
attacks using credentials,
is directed to theft of data or money,
is indirect as access to networks
with credible credentials

just a few recipients who click
the fake site that the campaign is successful
thanks to worm propagation technology
from one computer to another

with fake job listings or false payouts
induce you to put your data
personal in the fake site for further
attacks.

Very often they do fake fundraisers
for tragedies like hurricanes, covid-19 and fail
to be given money directly via the web

Very personalized attack impersonating a trusted colleague
or a trusted website of a known company
The attack leads to steal credentials

 

for other offences, such as fraud or identity theft

also called whaling or targeted phishing
Often leads to reputational damage of the company
attached

Domains are created similar to the real one,
maybe with a different letter or a different suffix.
Victim mistakenly opens dangerous domain

Thinking he’s gonna open the real thing.
Initially criminals buy the domain
with the fake name and then fill it up
of malware to attack

 

There are some types of such attack,
simulating a known company or
common business application

 used to capture important data
personal, credit card numbers also called
Vendor E.Mail
Compromise  

  • BRAND HIJHACHING the solution

BRAND hijacking is a common form of phishing
with false or counterfeit domain names
also called domain spooling

Blackmail is getting more sophisticated
exploit the stolen credentials
of the victim to contact and threaten her
to have money or claim to be

in possession of a compromising video
to be disseminated among all contacts
of the victim if he does not pay
and maybe they do it anyway
also called sextortion

 

The crooks who snatched credentials
of an employee of a company for
scam employees, customers, suppliers
and the same company

sometimes they do it with fake credentials
also called CEO Fraud , wholing
Social Engineering or CFO fraud

 

Hackers get into conversations
company with accounts already taken
and start new conversations
to steal personal data or directly money
but above all to have information

                                                      commercial, business and other procedures
for new attacks
It’s less common than impersonation
of the domain, but makes dangerous
targeted attacks

 

Accounts are used already taken from
to do phishing attacks

                                                     to partners or email addresses
of the victim’s contact list
are very successful attacks

 

Using Social Engineering, impersonating
brand and phishing , they take an account
therefore access to company data,

gain other account credentials
and exploit such accounts for other attacks