Tag Archives: attacks

A Forged “From” Address

Email with a forged FROM addressTo the left we see part of a malicious email. The author brags about how the From address is the same as the To address. This is supposed to mean that the author has broken into my email account.

I have been waiting patiently for someone to mail one of these to me. Now I can use it as an example. I’ll show you how to uncover it as a fraud.

Continue reading A Forged “From” Address

Interesting Email Scam I Received

Internet Crime Complaint Center logoI received an impressive email scam recently. My response was to forward it to the email provider’s abuse contact (abuse@outlook.com) and file a complaint with the Internet Crime Complaint Center (ic3.gov). I’ll include the whole email later. The bottom line: Scammer has my password and will humiliate me if I don’t pay $1900 in bitcoin.

The scammer’s email landed in my spam folder. I was given a deadline of July 11. I didn’t clean out my spam folder till today (July 15).

In fact, the scammer does have one of my passwords: a throwaway password I use with throwaway accounts. When a web site makes me “register for an account” to retrieve information I want, this is the type of password I used to use. Now that I use password manager software (Lastpass specifically) I choose passwords more randomly and let the manager remember them.

Continue reading Interesting Email Scam I Received

The Six Types of Cyber-Risks

BombMy textbook lists categories of cyber-attacks that focus on an attack’s lasting impact: how does it affect the target’s assets and resources? Since the categories really reflect the attack’s impact on the target, they really represent risks. Here are the categories I use right now:

Denial of service – Pillage – Subversion

Masquerade – Forgery – Disclosure

This is a work in progress as I figure out some conceptual ideas.

Continue reading The Six Types of Cyber-Risks