Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Cybercriminals not only steal credentials or infect computers with malware. They also hunt for users’ personal data, including passports and IDs, physical addresses, phone numbers and much more. These cybercrimes can be classified as identity theft: utilizing the stolen data, crooks impersonate the victims to provide malicious activity. The perpetrators use a variety of cunning tricks to make users give away their data. Here’s the most recent example: an identity theft attack targeted 409 email addresses of universities and municipalities in the last decade of April.
The attackers used the email message below to lure the users:
The mail imitates a message from EL Cordo Lottery. In order to receive the prize, the email informs the receiver that they’re the lottery winner and asks to fill in a “Login Processing form” available through the link. The message itself is rather simple and obviously doesn’t look extremely enticing. But there are some interesting nuances about it.
The attackers used an e-mail of a well-known university department as the sender address (we don’t name the university here to protect the innocent). But in reality, the malicious message was sent from IP 189.72.174.152 that, as you can see below, belongs to The Secretariat of Public Security and Penitentiary Administration of Brasilia. This agency coordinates the activity of the public security forces in the country.
inetnum: 189.72.174.128/26aut-num: AS8167.abuse-c: CSIOIowner: SECRETARIA DE SEG PÚB E ADMINISTRAÇÃO PENITENCIÁRIownerid: 01.409.606/0001-48responsible: RODRIGO TAPIA PASSOS DE OLIVEIRAowner-c: RTPOLtech-c: RTPOLcreated: 20171109changed: 20171109inetnum-up: 189.72.0.0/14
nic-hdl-br: RTPOLperson: Rodrigo Tapia Passos de Oliveiracreated: 20130104changed: 20130104
nic-hdl-br: CSIOIperson: CSIRT OIcreated: 20140127changed: 20140127
It’s hard to say precisely if whether the attacker is an employee of the Secretariat or the cybercriminals compromised the server of the organization. However, in both cases, Brazilian law enforcement definitely have valid reasons to investigate the situation.
Now, let’s find out what happens if a user takes the bait and clicks on the link.
As you can see, a form to fill in appears.
The form is was created by a legitimate Jotform service, which positioned itself as “the easiest way to create forms and collect data”, so we have here one more example of using legal services and tools for committing a crime. No doubt, this nuance also helps to lure the users. Many of them for sure would give away what the form requires: full name, physical address, email, phone number, date of birth, marital status and even a copy of the passport!
After seeing the graphics, you may be wondering: why do the perpetrators collect this information?
First, they can utilize the stolen data for an identity theft to cover their malicious activity. Identity theft is a crime when perpetrators impersonate a victim by using their private information. They can use it in various ways, to name a few: registering a website for illegal activity, opening a financial account for money laundering or drug selling, and impersonating the victim in state institutions or business companies etc.
Second, they can use this data to attack the victim in the future. They can prepare a spear-phishing attack based on the stolen data. Or even simply penetrate their house — why not, they’ve already got the victim’s physical address and a bunch of private information to make the penetration easier.
At the very least, they can just sell the data to other criminals in the Dark web.
However, cybercriminals are not the only ones hunting for personal data. Intelligence services of many countries also look for such information to provide cover for their agents in clandestine operations.
The attack started on April 20, 2018, at 07:39 UTC and ended on April 20, 2018, at 11:14 UTC. The attackers sent 409 emails, 392 of which were targeted to the email addresses of a few universities.
“Identity theft is a very dangerous cybercrime”, says Fatih Orhan, the Head of Comodo Threat Research Lab. ”Unfortunately, many people still underestimate it and easily give away their personal data. They don’t see any threat in filling in some questionnaire. Thus, for a cybercriminal to extract this information from a victim is even easier than make her download a malicious file. But the consequences of an identity theft may be no less disastrous than a malware infection. That’s why technical means of protection like Comodo KoruMail are especially helpful in such situations: they can identify the threat and neutralize it even before it reaches people. That just what happened in this case. The attack failed, the Comodo clients remained in safety”.
Tags: identity theft,identity theft protection
Reading Time: 4 minutes Yahoo has been hacked. LinkedIn has been hacked. Accounts have been stolen. Identities have been stolen. Identity theft is said to have taken place when personally identifying information such as your name, date of birth, credit card details, bank account information, passwords, PINs or Social Security Number have been stolen and used for committing fraud…
Reading Time: 4 minutes Samsung Pay reportedly has security flaws, as serious as POS security flaws, that could help hackers skim credit cards wirelessly and make fraudulent transactions. Security researcher Salvador Mendoza, who has discovered the limitations in Samsung Pay’s security, has explained that these limitations could be used by a hacker in any other phone to make fraudulent…
Reading Time: 4 minutes Most of the people we recently spoke to on the streets of New York didn’t know that around 50,000 new malware are created daily. We concluded that most people just don’t give it a lot of thought. But it’s important to realize just how many malicious attackers want to steal your credit card numbers, identity…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
agreecheck
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP