Akamai Diversity

Akamai Security Intelligence
& Threat Research

Recently by Or Katz

Or Katz

Or Katz

May 5, 2021 8:00 AM

Two Years of Tax Phishing - The Oldest Scam in the B ...

Tax scams are some of the oldest scams in a criminal's book, and they're highly attractive to criminals for many reasons. The most obvious reason is the potential financial gain of a successful scam. Successful scams can lead to the compromise of sensitive information, resulting in identity theft or fraudulent activity.

Or Katz

Or Katz

February 18, 2021 9:00 AM

Massive Campaign Targeting UK Banks Bypassing 2FA

On 14 July, 2020, Oliver Hough, a security researcher from Cyjax, published a report centered on a phishing campaign targeting banking customers in the United Kingdom, which evades two-factor authentication (2FA). On 16 December, 2020, researchers from the Global Threat Intelligence Team at WMC disclosed that they were tracking a threat actor who goes by the alias "Kr3pto".

Or Katz

Or Katz

January 27, 2021 9:00 AM

When Destiny is Knocking on Your Door Again - Data M ...

A few years ago, I wrote a blog post trying to explain, with humor, why choosing application security as a career path is destiny derived by my parents calling me "Or", and why a personal name that is a conditional word can sometimes be challenging in daily routines, since some attack payloads contain conditional words.

Or Katz

Or Katz

December 8, 2020 9:00 AM

Phishing Summary 2020 - Trends and Highlights

2020 was a challenging year for many of us, as the COVID-19 pandemic disrupted life and introduced challenges in almost all elements of living. 2020 was also challenging from a cybersecurity point of view, as nearly the entire workforce moved to remote working and enterprise boundaries were never so vague, which introduced complexities on that end. As this year comes to an end, it's time to look back and highlight

Or Katz

Or Katz

October 30, 2020 5:00 AM

Phishing JavaScript Obfuscation Techniques Soars

In our previous blogs, first where we explained JavaScript Obfuscation techniques and introduced a detailed overview on how JavaScript is being used to obfuscate page content to make phishing attacks and other web scams as evasive as possible; followed by one where we took a deep dive to examine double JavaScript obfuscation techniques, presenting a tale of an obfuscated scam seen in the wild and showing how the same phishing

Or Katz

Or Katz

October 28, 2020 5:00 AM

The Tale of Double JavaScript Obfuscated Scam

Overview The phishing landscape is constantly evolving. Over the years, it has evolved into a more scalable threat, with an overwhelming amount of campaigns being launched daily. Phishing also changed when criminals started adding more capabilities and features to their toolkits, which make the phishing websites long lived and difficult to detect.

Or Katz

Or Katz

October 26, 2020 5:00 AM

Catch Me if You Can - JavaScript Obfuscation

While conducting threat research on phishing evasion techniques, Akamai came across threat actors using obfuscation and encryption, making the malicious page harder to detect. The criminals were using JavaScript to pull this off.

Or Katz

Or Katz

July 30, 2020 8:00 AM

Question Quiz - The Forgotten Scam

Overview Over a year ago, Akamai's threat research team published research regarding a widely-used phishing toolkit we referred to as the "Three Question Quiz". It's now time to review the evolution of the toolkit, the associated campaigns that we tracked in the wild, and the potential damage caused by those campaigns in the past year.

Or Katz

Or Katz

April 28, 2020 8:00 AM

Brazil Targeted by Phishing Scam Harnessing COVID-19 ...

Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming them out of personal information, and in some cases, convincing them to install Adware on their computer.