In the following article I talk about some approaches to mitigate the damage from a criminal attack. I am not sure if what I am talking about is legal in all countries, so do your research first. Or use a VPS in Russia 😀 Telegram is one of the main tools used by criminals to … Continue reading How to use a Telegram token →

Today I found an email with an SVG attachment in my secondary email account. The account is Office 365 and the email was not in spam, this is not good, especially considering how much 365 costs! Anyway, back to the email, it was clearly suspicious also considering the attachment, an svg file with the name … Continue reading Phishing using SVG →

Yesterday I came back from a weekend in Latvia and now I have come across an attack on Artea, a Lithuanian bank… The Baltics are calling me 🙂 Matrix has identified a series of patterns that have allowed them to quickly identify the various domains involved: banklithuanial.net lithuaniabankasl.net arteasite-login.net arteabankslogin.net italyingbank.net One of the sites … Continue reading Artea and ING phishing kit →

Looking at what ends up in the Matrix network I noticed a kit that targets Kraken customers. As usual, the victim is frightened with an alleged compromise of their account. The interesting aspect of this kit is that instead of asking the victim to enter their wallet details, the application suggests the victim to schedule … Continue reading Business breakfast with fraud →

Free time is less and less, nevertheless I try to dedicate at least a couple of hours every week to the analysis of the Matrix evidence. I dedicate some time to the analysis of phishing kits and to the sharing of the email and Telegram token indicators on my public ioc repo: https://github.com/ecarlesi/ioc.git From this … Continue reading Why aren’t criminals’ email accounts closed? →