Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Cybercriminal attacks on social media user accounts to gain access to user credentials are becoming more refined and sophisticated. Phishing email tricks, often based on deception, play a primary role in these attacks. Comodo Threat Research Lab experts recently revealed how an attack aimed at LinkedIn users was thwarted, thanks to Comodo software.
“This attack demonstrates how sharply cybercriminals raise the complexity of their attacks. For example, this attack merged cybertechnologies and manipulative psychology,” says Fatih Orhan, head of the Comodo Threat Research Lab. “This trend will definitely increase, making the landscape of online security increasingly dangerous. The cybersecurity community must be prepared for attacks such as these. Comodo clients did not suffer from this attack because Comodo software blocked the phishing emails, preventing the emails from reaching their intended targets.”
Comodo Threat Research Lab discovered that the latest attack was from two IPs: 184.108.40.206 from British Columbia and 220.127.116.11 from Thailand. The attack started on February 1, 2018 at 09:32 UTC, ending at 13:45 UTC.
There were 14 emails sent from the email address firstname.lastname@example.org (inactive domain) with each email addressed to a different user during the month of January. The email imitated a standard LinkedIn message that a user receives when another user wants to connect.
While it did resemble a LinkedIn message, there were inconsistencies. The email address in the “From” field is <email@example.com> and the email address in the “Reply” field is < gellul.Ebcon.firstname.lastname@example.org >, neither of which are actual LinkedIn email addresses.
It also had the LinkedIn logo and familiar design, including the “View profile” and “Accept” option.
Once the user clicked an option – they were then redirected to the page that looked like the official LinkedIn sign in page, putting the user one-click away from a new perspective contact on LinkedIn.
The link led to a page similar the official LinkedIn URL, but instead, it was a phishing site created by cybercriminals to steal LinkedIn user credentials. If users submitted their login and password, the credentials went right into the wrong hands.
Cybercriminals hunt for credentials because it is a powerful springboard for further malicious activity. They can use account information to support a multitude of criminal activities, including fraud, identity theft, even terrorism propaganda.
Cybercriminals also try to use stolen credentials to break into other accounts, including online banking. They know most people use the same password for different accounts and obtain additional private information about users to aid in future spear-phishing or social engineering attack.
LinkedIn is a major interest for cybercriminals because it’s the place of vibrant business activity. A huge number of potential targets can be found on LinkedIn, such as high-ranking C-level employees at leading companies.
LinkedIn attack tricks
First, the users can click on the malicious link only one time, the URL then expires and the phishing page disappears. Comodo Threat Research Lab believes this is a sneaky trick cybercriminals use to cover their tracks, allowing them to remain undetectable for longer time period.
Secondly, a special feature of this attack is the social engineering approach. Comodo Threat Research Lab’s experts have found that similar phishing email attacks imitate senders from Kuwait and Saudi Arabia. This is a psychological trick, as many people in business world associate these countries with wealth, which increases chances the user takes the bait.
Additionally, the phishing email imitated a real LinkedIn message and used the name of the company and person with an account on LinkedIn. These cybercriminals take it a step further, using websites to support the phishing message. For instance, the company noted in the attack leads to: https://www.cad-consultants-kw.com, of the Cad Consultants in Kuwait, which has a logo very similar to the logo in the phishing email:
Neither the company, nor the personal accounts, used in the phishing email attack include photos of their owners. The cybercriminals have the ability to create fake accounts using actual LinkedIn information about a real company and or a real person to cover their malicious activity.
A user may suspect something is wrong when the real LinkedIn page does not populate after putting in credentials. The user can then change their LinkedIn password or even report the incident, thus nullifying the hackers attack.
If the user researches the information in the request, then finds accounts of company and sender of the email, then verifies the company name and website, they may come to the conclusion it was a glitch. Then doing nothing, remaining unaware that their credentials are in the cybercriminals’ hands.
Avoid falling victim to a phishing attack. Keep your credentials safe.
Tags: phishing email
Reading Time: 3 minutes What Is Phishing? Phishing is a method employed by cybercriminals to access email accounts and systems using deception rather than defeating security protections. In basic phishing attacks, cybercriminals send an email that appears to be legal, tempting the victim to open an attachment or click on a link. This click could result in loading malware…
Reading Time: 4 minutes Phishing trap for One Drive users. How to avoid falling prey? Cybercriminals often use very cunning and inventive tricks to manipulate victim’s mind in phishing attacks. They aimed at eliciting data in such a way the victim doesn’t aware of it. For that purpose, the crooks use social engineering tricks. Recently Comodo specialists discovered a…
Reading Time: 4 minutes Cybercriminals’ big hunt for users’ credentials is gaining momentum rapidly. Their strategy usually stays the same: get attention of the victim, use social engineering techniques to make her run a malicious file, and then steal logins and passwords. But the tactic and the malware hackers use constantly changes. Let’s consider in detail the freshest example…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats