is

your

go-to

intelligence

hub

for

social engineering

impersonation

and

insider threats

Threat Intel

The Headlines

spear-phishing-attack-impersonating-c-suite-target

10 February 2022

Spear Phishing Attack Impersonating C-Suite Targets Junior Employees at Law Firm

Our latest threat intelligence example reveals how attackers impersonated a leading law firm's chairman, in an attempt to socially engineer junior staff. In late January 2022 a specialist law firm was the target of a spear phishing campaign flagged by Tessian Defender where the threat actor attempted to impersonate the Chairman of the firm. Leveraging common social engineering tactics, the threat actor then targeted the firm's junior employees. This is known as CEO Fraud.

Read More →

Who are we?

Support our Eagle-Eyed Team.

We know the #1 source of information for security leaders is other security leaders and practitioners. That's why all of our content is crowd-sourced from the security community. We want to hear from you. Email us at threatintel@tessian.com.

Hear from the Security Team

Subscribe for the latest updates.

We will be rolling out new articles and guides on a regular basis. Sign up to get the latest delivered to you.

Sign Up →

Explore Categories

All Posts

  • Filter by

24 May 2022

Analysis of Executive Impersonation Burst Attack

In May 2021 Tessian Defender flagged a series of emails sent to a global law firm. The emails were attempting to impersonate a senior partner at the firm and targeted a list of other partners. Tessian's Research & Intelligence team analyzed an executive impersonation burst attack that was detected and prevented by Tessian Defender.

Read More →

10 May 2022

How Cybercriminals Exploited The Covid-19 Vaccine Roll-Out

The National Cyber Security Centre (NCSC) recently revealed that it removed more online scams in 2020 than in 2016-2019 combined, due to a surge in malicious activity related to the Covid-19 pandemic. It’s revealed that more than 120 phishing campaigns in which the NHS was impersonated were detected in 2020 - up from 36 in 2019. The lure? The vaccine roll-out.

Read More →

08 March 2022

Vendor Email Compromise: Analysis of an Account Takeover Attack

In March 2021 Tessian Defender flagged an email received by one of our customers from one of their trusted vendors. The vendor had suffered from an account takeover when an attacker used compromised credentials to login to the mailbox of one of their employees and send out malicious emails.

Read More →

10 February 2022

Spear Phishing Attack Impersonating C-Suite Targets Junior Employees at Law Firm

Our latest threat intelligence example reveals how attackers impersonated a leading law firm's chairman, in an attempt to socially engineer junior staff. In late January 2022 a specialist law firm was the target of a spear phishing campaign flagged by Tessian Defender where the threat actor attempted to impersonate the Chairman of the firm. Leveraging common social engineering tactics, the threat actor then targeted the firm's junior employees. This is known as CEO Fraud.

Read More →

04 February 2022

Cyber Criminals Leverage Temporary Block on PayPal Account in Phishing Attack

Tessian’s threat intelligence researchers detected a relatively sophisticated phishing attempt impersonating PayPal. We break down the elements of the attack and explain how to spot other scams.

Read More →

04 February 2022

Threat actors use phish kits to launch man-in-the-middle attacks

Threat actors have been found to be using phish kits that leverage transparent reverse proxy, which enables them to man-in-the-middle (MitM) a browser session and steal credentials and session cookies in real-time. 

Read More →

14 January 2022

Comment: Russia takes down REvil hacking group at U.S. request

Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group's members, according to the FSB domestic intelligence service.

Read More →

12 January 2022

Account Takeovers of High-Profile Accounts of ‘FIFA Ultimate Team’ Players

Electronic Arts (EA) announced that cybercriminals “exploited human error” among EA’s customer support staff, using socially engineered phishing emails to compromise less than 50 top trader accounts. A series of takeovers of high-profile accounts of FIFA Ultimate Team players led to accounts being cleared of points and thousands of dollars in game currency.

Read More →

07 April 2021

Cybercriminals Take Advantage of Mass Unemployment in Phishing Scams

The global COVID-19 pandemic has wreaked havoc on job markets. In the US, the unemployment rate stands at 6.2 percent and in the UK, it’s estimated that around 2.2 million people, or 6.5% of all workers, could be unemployed at the end of the year. Cybercriminals are taking note. 

Read More →

subscribe-newsletter.exe

Hear from the Security Team

Subscribe for Email Updates.

We will be rolling out new articles and guides on a regular basis. Sign up to get the latest delivered to you. Get new articles and guides, a curated list of events and job openings, and more.