The Latest in IT Security

Beware of Federal Reserve emails


In the past few days we have received many emails from “the Federal Reserve”:

Since they are not legitimate we have been cataloging them on

However, they are not your typical phishing scam. Sure it is a lure, but the bad guys are not here to gently ask you to fill in a form to steal your credentials. They are choosing the brute-force method:

Clicking on the link triggers a series of exploits:

You can see how it works its way:

From Outlook’s email, to Internet Explorer (click on the link) to a Microsoft Help Center exploit…

The bad guys are using a URL shortener and then off we go to exploit land:

That way you end up with a Trojan on your PC, and maybe a couple of fake AVs…

Thankfully my phishing trap is a VM image I can reset easily…

Jerome Segura

Leave a reply


SUNDAY, MAY 31, 2020

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments