Abnormal Blog
Rachelle Chouinard
Former Threat Intelligence Analyst
Rachelle Chouinard is a former Threat Intelligence Analyst at Abnormal Security, spending her time analyzing and writing about email-based cyber threats and the changing landscape over time. Before joining Abnormal, Rachelle spent multiple years in the cybersecurity industry, focused on combating financial fraud. When not at her keyboard, she enjoys reading and being outside.
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Threat actors are posing as businesses and individuals seeking tax preparation services and then providing copies of the Sorillus client remote access tool (RAT).
Actors are now exploiting the customer contact form on websites to bypass email security and encourage BazarLoader downloads.
When the typical person thinks about cybercrime, they may think of ransomware or identity theft, or perhaps the ubiquitous Nigerian prince scams targeting their unsuspecting grandmother
Abnormal Security recently identified a scam aimed at the Canadian electronic travel authorization (eTA) program, which bears a striking resemblance to a long-standing fraud scheme described in our post from several weeks ago targeting TSA travel program applicants.
On November 9, 2021, we identified an unusual phishing email that claimed to be from “Immigration Visa and Travel,” inviting the recipient to renew their membership in the TSA PreCheck program. The email wasn’t sent from a .gov domain, but the average consumer might not immediately reject it as a scam, particularly because it had the term “immigrationvisaforms” in the domain. The email instructed the user to renew their membership at another quasi-legitimate-looking website.
As major social media platforms have expanded the ability of creators to monetize their content in the last few years, they and their users have increasingly found themselves the targets of malicious activity. TikTok is now no exception.
What is unique to this campaign is that these messages contained QR codes offering access to a missed voicemail, handily avoiding the URL scan feature for email attachments present in secure email gateways and native security controls
Unfortunately, physically threatening extortion attempts sent via email continue to impact companies and public institutions when received—disrupting business, intimidating employees, and occasioning costly responses from public safety.