transfer
transfer

Phishing, the hook in your inbox

share post

The phishing It is a technique in which a cybercriminal sends an email to a user pretending to be a legitimate entity (social network, bank, public institution, etc.). The goal is to steal private information, make financial charges or infect the device. To achieve this they attach infected files or links to fraudulent pages in the email.

What are the most common online frauds?

Among the most common cases is email spoofing (email spoofing). Through this technique, cybercriminals send emails with a false sender to send spamspread malware or carry out attacks phishing impersonating the identity of profiles with decision-making capacity in the company, suppliers, customers, etc. 

Among the main cases of fraud, in which identity theft is used, it is worth highlighting:

  • Fake Microsoft support: Fraud in which the scammer pretends to be a technician from this company under the pretext of solving certain technical problems in the equipment. The objective is mainly to obtain confidential information from the company.
  • The CEO Fraud: consists of deceiving an employee with the ability to make bank transactions or access company account data. He receives an email, supposedly from his boss (he may be the CEO, president or director of the company), in which he is ordered to carry out an urgent confidential financial operation. The goal is to transfer company funds to the scammer's account.
  • HR fraud: in this case the mail is addressed to the HR staff pretending to be an employee requesting a change of account for the entry of their payroll. Like CEO fraud, the goal is for the company to transfer money to the scammer's account.

Another of the most common frauds is extortion, in which the cybercriminal blackmails the victim with content that he presumes to have in his possession. In the section of notices We find examples like:

  • Sextortion campaign: This type of campaign has many variants, since cybercriminals slightly change the content of the message. The objective is to extort money from the recipients with an alleged video of sexual content, which will be sent to the victim's contact list if the victim does not enter the amount demanded in bitcoin by cyber criminals.

Some recommendations to avoid these attacks:

  • Be wary of emails that appear to be from banks or known services (Dropbox, Facebook, Google Drive, Apple ID, Post and Telegraph, Tax Agency, etc.), you should always be suspicious of alarmist messages or urgent requests.
  • Suspect if there are grammatical errors in the text, they may have used an automatic translator to write the trap message. No reputable service will send poorly worded messages.
  • Communications of the type "Dear customer", "Notification to user" or "Dear friend", are usually a sign of alert.
  • If the message forces you to make a decision imminently or in a few hours, that's a bad sign. Contrast directly whether the urgency is real or not directly with the service or by consulting other trusted sources of information: the OSI, the Police, the Civil Guard, etc.
  • Check if the text of the link provided in the message matches the address it points to, and that it corresponds to the URL of the legitimate service.
  • A reputable service will use its own domains for corporate email addresses. If you receive the communication from a mailbox type @gmail.com, @outlook.com or any other similar, be suspicious.
  • Apply the equation: request for bank details + personal details = fraud.

How can we identify a malicious email?

We receive hundreds of fraudulent emails in our inboxes and although most of them are deleted, others achieve their goal: to be read.

How can we identify these emails so as not to take the bait?

  1. – You should look at the sender, did you expect to receive an email from that entity or person?
  2. – Does the email subject capture your attention? If so, you suspect that most fraudulent emails use flashy or shocking subject lines.
  3. What is the purpose of the mail? If it is the request for your personal data, it has to be an indicator to turn on the alarms. Services such as mail or household supplies will not ask you for this information.
  4. Writing: Are there misspellings or poor writing? Remember that a service provider will never send an email with bad syntax, if you detect this then it is probably a fraud.
  5. Links: do the links lead to a legitimate page? Place the mouse over the link without opening it, if it does not correspond to the real website of the institution that is contacting you, then do not open it.
  6. Does the email contain an unexpected or suspicious attachment? If the answer is yes, it is best not to open them.

Why is it called that?

Ransomware is formed by joining the words "ransom" (from English, ransom) and "ware" (product or merchandise, in English). 

Once the criminal encrypts the data, he demands a ransom from the victim, via a message or pop-up window, performing a virtual hijack. 

This threatening-tone message warns the victim that the only way to decrypt their files, recover their system, or avoid possible information leakage is to pay a ransom. 

They usually include a time limit to pay, before the total destruction of the hijacked files occurs, their publication or an increase in the value of the ransom, if it is not paid on time. Generally, the ransom is requested through some cryptocurrency (virtual currency) such as bitcoins. They often use "mules", which are intermediaries who transfer the money 

In exchange for payment, cybercriminals promise to provide the mechanism to unlock the computer or decrypt the files. However, this does not guarantee 100% that cybercriminals comply with the agreement; for this reason, it is recommended not to pay the ransom to prevent the proliferation of such threats. 

Bailout in cryptocurrencies, why?

Cryptocurrencies are virtual currencies that allow almost anonymous payment between individuals, which makes it difficult to trace them.

They are accessible from the anonymous Tor network; There, the funds from different portfolios are mixed, carrying out a kind of laundering of the cryptocurrency that makes it difficult to follow the trail of transactions. This makes it easy for cybercriminals to extort money from their victims without the police being able to immediately track them down. 

How does the infection occur?

As with other types of malware, cybercriminals use one or more of these routes to infect the victim; They take advantage of security holes (vulnerabilities) in computer software, operating systems, and applications. 

Types and action

Each type of Ransomware acts and penetrates security differently, although they are all based on the same characteristic. From minor to major importance we can classify them in:

Hoax ransomware: It simulates encryption using social engineering techniques to extort money from the user, demanding payment to recover their files or prevent them from being deleted.

Scarware: uses the lure of fake software or support. It usually appears in the form of a pop-up ad reporting a suspected virus infection and provides a quick and easy solution by downloading a cleaning program that is almost always malware.

Screen lockers: They prevent the use of the device by displaying a window that occupies the entire screen and cannot be closed. Two types of messages may appear in the window: on the one hand, the file encryption and the procedure to recover them are reported, but the files are intact. On the other, a message from the security forces appears indicating that illegal activities have been detected and a penalty is requested to unlock the computer. It is also known as the police virus.

Encrypting Ransomware: considered the most dangerous of all. Its main objective is the encryption of information to demand a ransom. Cybercriminals make use of the latest advances in encryption from 2 Ransomware.

Within this variant there is a call wiper, it doesn't return access to the files, it just deletes them.

There is also the variant doxware that uses a technique known as "doxing", this consists of threatening the user with making the extracted personal data public.

Prevention / Think like a hacker:

Many experts affirm that the best prevention for Ransomware is to put yourself in the shoes of hackers and think as they would. To prevent and anticipate it is necessary to put on the mask. For many companies it is not a shame to hire ethical hackers or ex-hackers to improve the security of their company.

    1. Awareness and training of employees and users.
  • Updated antivirus.
    1. requests dangerous pop-up installation.
  • Click on links.
    1. downloads of applications of unknown sources.
  • Backups.
    1. Update of the operating system and applications.
  • Control of privileges.
    1. anti phishing solution for email.
  • action plan

With this real time map created by Kaspersky, all kinds of attacks (including Ransomware) can be observed in real time.

Awareness is the first step to prevention, which is why Ransomware is not one of the largest cyberattacks numerically, although seeing the increase per second is shocking.

Spain is the 9th most attacked country according to graphics obtained by Kaspersky. With this graph we can also see the global need for cybersecurity.

Real case of CEO fraud:

This story tells the case of Aurora and Sergio, titular brothers and owners of a physiotherapy clinic located in the center of Cantabra. 

In the clinic they have a staff of 13 workers, 9 physiotherapists and 2 administrative staff for the management of the clinic and the two of them, in addition to being owners, carry out field work. 

One day one of the administrators, Alfonso, received an email on his mobile device, supposedly from Aurora, asking for speed to carry out a confidential and very urgent financial operation:

Alfonso, unaware of the situation, quickly responded in the affirmative. If we carefully observe the email from the alleged Aurora, it contained significant writing errors that could have raised some type of suspicion.

Cybercriminals responded quickly but made a mistake, asking for sensitive data such as account balance, for the purchase of a new machine and this was not in line with the clinic's strategy and good daily practices.

At this point, Alfonso quickly contacted Aurora to ask if it had indeed been her. Automatically both realized that the clinic had been the object of an information theft attempt through phishing

How did they carry out the deception?

This hoax, also known as whaling for being phishing Aimed at "big fish", its operation is based on sending a fraudulent email to a high-ranking employee, accountant or with the ability to access sensitive data, personal or banking information, making him see that the sender is the CEO or maximum agent of his organization. This message usually asks for help to carry out a confidential and urgent financial operation. 

Real case of fake technical support:

Luis is the owner of a small online store managed from his office in Seville.

One day he received a phone call from a person claiming to be from Microsoft in London. The interlocutor who spoke in English with a threatening tone explained that they had received numerous reports of the company's computers with errors and security warnings, indicating that these computers were in danger and could be blocked, which could affect their work. .

Suspicious, Luis asked the operator to identify the affected equipment and also how he had linked the IP of his equipment with his phone number. Automatically the operator answered him evasively and raising his threatening tone. He finally threatened him with blocking his equipment and business activity and then finally hung up the phone.

What could have happened?

Cybercriminals gain the trust of victims by offering to fix the problem, asking for computer access credentials or installing remote control tools in order to connect and fix the problem. Once this is done, the computer and the sensitive information it contains are vulnerable. With the data provided and control of the computer, they can: hijack the computer and demand a ransom for its release, even steal data or carry out economic transactions if we have given them the bank details or store them by default on the computer.

More than 1 million licensed users

More than 5 million recipients 

Contact us for more information: [email protected]

More articles

Patrocinador del 18Enise

Tranxfer, patrocinador del 18ENISE

Tranxfer, patrocinador del 18ENISE, el evento de ciberseguridad organizado por el Instituto Nacional de Ciberseguridad Los próximos 21, 22 y 23 de octubre llega la decimoctava edición del ENISE, el principal encuentro anual que organiza el Instituto Nacional de Ciberseguridad. En su ya largo recorrido de ediciones, se ha convertido en una cita ineludible en la agenda de la ciberseguridad nacional e internacional, siendo año tras año el punto de encuentro para la industria de un sector en constante crecimiento. Cada vez con más presencia internacional, este encuentro es la oportunidad perfecta para el debate e intercambio de ideas y conocimientos sobre la innovación, el emprendimiento, la internacionalización y las últimas tendencias del sector. El evento cuenta con más de 70 expositores, y podéis asistir de  forma gratuita haciendo el registro aquí. En Tranxfer, siendo conscientes de la importancia de esta nueva cita con la ciberseguridad. Este año tampoco hemos querido perder la oportunidad de ser partícipes, y poder dar a conocer nuestras nuevas soluciones a todos los asistentes. En la zona de exposición, contamos con un stand físico en el cual podéis pasar a saludarnos y os resolveremos cualquier duda que tengáis. Puedes reservar tu cita accediendo al calendario.   18Enise: El Evento Y si te interesa  estar al día de todas las novedades en transferencia segura de archivos, no puedes perderte la sesión. “Tranxfer: Transferencia segura de archivos con externos” impartida por Rosalía Río de Vega y Marco Pérez, especialistas en soluciones de transferencia segura de archivos. Este espacio está diseñado especialmente para organizaciones que buscan fortalecer la seguridad en sus transferencias con colaboradores externos y, en general, para todos aquellos interesados en las innovaciones más recientes en ciberseguridad. No dejes pasar esta oportunidad de mejorar tus procesos y mantenerte a la vanguardia en la protección de datos. Os esperamos en el stand 138 del 22 al 23 de octubre. Anota también en tu agenda el día a las 17:00h. para no perderte nada de la sesión a cargo del equipo de expertos de Tranxfer. Podéis consultar toda la información en la página web del congreso

Read More »
Mtics Colombia

Somos Sponsors del Mtics Cybersecurity Bank & Government en Colombia

Nos complace anunciar nuestra segunda participación como patrocinadores destacados en el evento ‘Cybersecurity Bank & Government’ que se llevará a cabo en Bogotá, Colombia. Este importante encuentro tendrá lugar el 19 de septiembre en el Hotel Marriott Bogotá y es organizado por Mtics Producciones. En esta ocasión, nuestra directora comercial, Eli Bernal, presentará una charla a las 12:50 h titulada ‘Tranxfer: Banking MFT Security as a Service, Desafíos y retos normativos en el tratamiento de la información‘. Invitamos a todos los líderes del sector a acompañarnos para explorar juntos las últimas tendencias, desafíos y regulaciones relacionadas con la seguridad en el manejo de la información. Este evento, que celebra su 12ª edición, se ha convertido en una cita ineludible para innovadores, tecnólogos y líderes empresariales en el ámbito de la Ciberseguridad para Bancos y Gobiernos en América Latina, Centroamérica y el Caribe. Su principal objetivo es fortalecer la protección de redes y activos en un entorno digital que es cada vez más complejo y desafiante. Detalles del evento La edición de este año del Mtics Cybersecurity Bank & Government se realizará el 19 de septiembre en el Hotel Marriott Bogotá, un lugar que ha albergado a más de 30,000 participantes a lo largo de las ediciones anteriores, consolidándose como el evento de ciberseguridad más destacado en la región. Entendemos la importancia de este evento, que reúne a los actores más influyentes del sector, y por eso estamos emocionados de ser parte de él, compartiendo nuestras soluciones de Tranxfer con todos los asistentes. Como patrocinadores, tendremos la oportunidad de ofrecer una presentación sobre los desafíos normativos en el tratamiento de la información. Eli Bernal explicará las nuevas regulaciones que afectan al sector y cómo las empresas pueden adaptarse para cumplir con ellas. Regístrate y ven a conocernos Si te interesa el mundo de la ciberseguridad, te invitamos a inscribirte y asistir presencialmente al Cybersecurity Bank & Government en Bogotá. Si no puedes estar presente, también habrá una plataforma virtual que te permitirá seguir el evento a distancia. A través de esta plataforma podrás acceder a todas las charlas y actividades. Encuentra toda la información en la página web del congreso. ¡No te lo pierdas!

Read More »
Marketplace de Microsoft

Tranxfer ya disponible en el marketplace de Azure

La integración de Tranxfer en el Marketplace de Azure marca un hito significativo para nuestra empresa. Este logro no solo destaca la robustez y la calidad de los productos de Tranxfer, sino que también abre nuevas oportunidades para las organizaciones que buscan soluciones eficientes y seguras. La inclusión de Tranxfer en Azure Marketplace facilita la adquisición de sus soluciones, proporcionando un acceso más sencillo y directo a las herramientas que necesitan las empresas para proteger y gestionar su información. Además, también somos “elegible” para Co-sell y MACC (Microsoft Azure Consumption Commitment), nuestros productos pueden ser adquiridos utilizando los fondos de los contratos MACC, lo que añade una capa adicional de conveniencia para los clientes de Azure. Certificación y Validación de Tranxfer por Microsoft Hemos pasado por un riguroso proceso de certificación y validación por parte del equipo de Microsoft. Este proceso asegura que todos los productos cumplan con los altosaestándares de seguridad, compatibilidad y rendimiento establecidos por Microsoft. El proceso de certificación, involucra múltiples fases de pruebas y evaluaciones técnicas para garantizar que las soluciones no solo funcionen correctamente en la plataforma Azure, sino que también cumplan con las expectativas esperadas de los clientes..  Esta validación también refuerza la confianza en que Tranxfer puede manejar las demandas y los desafíos de un entorno empresarial moderno y dinámico. Beneficios de Tener Tranxfer en Azure Marketplace La disponibilidad de Tranxfer en Azure Marketplace ofrece múltiples beneficios tanto para la empresa como para sus usuarios. En primer lugar, facilita el proceso de adquisición. Los usuarios pueden buscar y comprar los productos directamente desde el Marketplace, eliminando los procesos de compra más tediosos o intermediarios. Además, esta integración asegura que las soluciones de Tranxfer sean compatibles con una amplia gama de servicios y aplicaciones de Azure. Esto permite a las organizaciones construir entornos más cohesivos y eficientes, utilizando el canal seguro de Tranxfer para mejorar la seguridad y la gestión de la información. Finalmente, la elegibilidad para Co-sell y MACC significa que las organizaciones pueden utilizar sus compromisos de consumo de Azure para adquirir los productos de Tranxfer, lo que resulta en una mayor flexibilidad en la gestión de presupuestos. Elegibilidad Co-Sell y MACC de Tranxfer El hecho de ser Co-sell y MACC en Azure Marketplace añade una capa adicional de valor para los clientes. “Co-sell Elegible” se refiere a la capacidad de vender conjuntamente con Microsoft, lo que significa que las soluciones de Tranxfer son promovidas y vendidas en colaboración con el equipo de ventas de Microsoft. Esto no solo aumenta la visibilidad y la credibilidad de los productos, sino que también facilita el acceso a una base de clientes mucho más amplia. Por otro lado, “MACC Elegible” (Microsoft Azure Consumption Commitment) permite a las organizaciones utilizar los fondos comprometidos en sus contratos de consumo de Azure para adquirir los productos de Tranxfer. Este beneficio es particularmente valioso para las empresas que ya tienen compromisos significativos con Azure, ya que pueden optimizar su inversión y utilizar sus fondos de manera más estratégica, y así usar las ventajas de cobro que ofrece Microsoft. Conclusión: Ventajas Competitivas de Tranxfer en Azure Marketplace En conclusión, la inclusión de Tranxfer en el Marketplace de Azure ofrece numerosas ventajas competitivas. La certificación y validación por parte de Microsoft garantizan la calidad y fiabilidad de los productos con los estándares de Microsoft, mientras que la facilidad de adquisición y la elegibilidad para Cosell y MACC mejoran significativamente la experiencia de contratación, al poder consumirse usando los fondos ya reservados para consumo en Azure. Estas ventajas aseguran que las organizaciones puedan aprovechar al máximo sus inversiones en tecnología.

Read More »