Hello, welcome to the Wednesday, June 23rd, 2021 edition of the Sandstone Storm Center's Stormcast. My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida.

Quick note today from Jan about fishing and how the bad guys are trying to decrease the chances of a particular fishing email

being reported to a security or system administrator. In the first example, and that's actually

quite common, also seen this in legitimate emails, of course, which may be the reason why

this works relatively well. The attacker

will just add a paragraph at the end suggesting that, well, it's possible that you received

the email by mistake, and if so, then pretty much just ignore it, or hey, maybe even click

on this link.

So a victim that doesn't recognize the charge and doesn't necessarily believe a refund is necessary, will more likely believe that this email was just a simple mistake and ignore it.

Now, another phishing email that Jan came across, and that one was

actually written in Hungarian, just added a simple sentence. Hey, your system administrator

told you not to report abuse. Pretty simple statement and of course that's one I don't really

believe will make a big difference but who knows

maybe the bad guys have figured out here something that I'm not aware of. Jan is spending

quite a bit of time with fishing emails and of course typically the ones that work are the ones

that use well-known respected and trusted cloud services to host their fishing campaigns,

and then also the ones that will include, for example, logos and other identifiers for the

targeted company.

And Solotype ran into six different Pi Pi libraries that are likely trying to impersonate

the quite popular Mad Lip package.

These libraries are more or less typos around Matl like merit lip and p.

...