Cybersecurity News in Asia

Features
- Featured
  
  Bridging the data science talent gap for national cyber defenses: Urgent action needed
  
  Monday, April 29, 2024, 10:16 AM Asia/Singapore | Features
- Featured
  
  AI adoption in India: A balancing act worth chatting about
  
  Thursday, April 25, 2024, 2:53 PM Asia/Singapore | Features, Newsletter
- Featured
  
  AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
  
  Monday, April 22, 2024, 4:40 PM Asia/Singapore | Case Study, Features
News
- Featured
  
  Understanding the “multiplier effect” of digital fraud in the region
  
  Thursday, May 2, 2024, 2:05 PM Asia/Singapore | News, Newsletter
- Featured
  
  The LockBit group may have been busted, but its code lives on
  
  Tuesday, April 30, 2024, 11:34 AM Asia/Singapore | News, Newsletter
- Featured
  
  Were cyberattackers evading detection less efficiently in 2023?
  
  Friday, April 26, 2024, 1:42 PM Asia/Singapore | News, Newsletter
Opinions
Tips
Whitepapers
Awards 2024
Directory
E-Learning

News

Hacker pro tip: why use spoofed email domains when free accounts are available?

By CybersecAsia editors and webmaster webmaster | Thursday, August 4, 2022, 10:51 AM Asia/Singapore

An alarming new technique is gaining momentum: threat actors are sending “double-spear” phishing emails using real, trusted corporate domains to disarm victims

Since June 2022, researchers from Check Point Software have been detecting hackers that are using a genuine PayPal domain to send fake invoices and request payments for spear phishing campaigns.

By using free PayPal accounts that they have signed up for, hackers have been sending phishing emails spoofing well-known brands to appear legitimate. A sense of urgency is incorporate by providing an actual phone number for victims to call for verification. In some cases, the recipients of the emails end up calling the listed telephone number and paying what the fake invoice indicates.

This attack is what hackers on the Dark Web call a “double spear”: catching not only an active email address but also the victim’s phone number—data which can be used for future attacks.

End-users of PayPal and similarly established websites are even more vulnerable now because what was previously considered a legitimate source by both security services and end-user, is now a potential threat where phishing invoices are created.

Similarly, users of QuickBooks had been similarly targeted: threat actors created accounts in the official website in order to send emails originating from the brand, impersonating other well-known brands such as Microsoft, and attaching invoices and requests for payment.

So are there ways to prevent yourself from getting phished? According to Clement Lee, Principal Consulting Security Architect (APAC) Check Point Software Technologies there is no foolproof way, but the following cyber hygiene practices can protect corporate users and their employers:

Before calling an unfamiliar service, search for the number online and check your accounts to verify if there are any charges
Implement advanced security solutions that checks for more than one indicator to determine whether an email is clean or not
Encourage all staff to check with IT department when they are in doubt about the legitimacy of an email.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Securing Industry 4.0
The world is advancing to Industry 4.0 in full swing, and this is a key …Download Whitepaper
Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper

Middle-sidebar-banner

Case Studies

How medical devices manufacturer Tuttnauer protects patient and personal-data safety
In running a cloud-based portal to link its smart medical equipment, the firm has also …Read more
AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
To test the safety/security of a generative AI feature, what unchartered bugs and human testing …Read more
Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more

Cybersecurity News in Asia

Featured

Bridging the data science talent gap for national cyber defenses: Urgent action needed

Featured

AI adoption in India: A balancing act worth chatting about

Featured

AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming

Featured

Understanding the “multiplier effect” of digital fraud in the region

Featured

The LockBit group may have been busted, but its code lives on

Featured

Were cyberattackers evading detection less efficiently in 2023?

Hacker pro tip: why use spoofed email domains when free accounts are available?

An alarming new technique is gaining momentum: threat actors are sending “double-spear” phishing emails using real, trusted corporate domains to disarm victims

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar