• 210 Kings Way, South Melbourne
  • 130024CYBER
  • info@triskelelabs.com
  • Sign Up
  • About
  • Services
    • Penetration Testing
      • Web Application Penetration Testing
      • Mobile Application Penetration Testing
      • Internal Network Penetration Testing
      • External Network Penetration Testing
      • Network Segmentation Testing
      • Wireless Penetration Testing
      • Social Engineering
      • Red Teaming
      • SCADA & Control System Penetration Testing
    • Consulting Services
      • ISO270001 Advisory & Compliance
      • NIST Cybersecurity Review
      • Cybersecurity Strategy & Roadmap
      • PCI Audit and Advisory
      • Security Health Check
      • CPS234 Assessments
      • Secure Code Review
    • Fully Australian 24x7x365 SOC
    • Training
      • Secure Developer Training
      • Security Awareness Training
    • Incident Response
    • Managed Simulated Phishing Service
    • Security Team as a Service
  • Case Studies
  • Blog
  • Contact Us
  • About
  • Services
      • Penetration Testing
      • Consulting Services
      • Fully Australian 24x7x365 SOC
      • Training
      • Incident Response
      • Managed Simulated Phishing Service
      • Security Team as a Service
      • Web Application Penetration Testing
      • Mobile Application Penetration Testing
      • Internal Network Penetration Testing
      • External Network Penetration Testing
      • Network Segmentation Testing
      • Wireless Penetration Testing
      • Social Engineering
      • Red Teaming
      • SCADA & Control System Penetration Testing
      • ISO270001 Advisory & Compliance
      • NIST Cybersecurity Review
      • Cybersecurity Strategy & Roadmap
      • PCI Audit and Advisory
      • Security Health Check
      • CPS234 Assessments
      • Secure Code Review
      • Secure Developer Training
      • Security Awareness Training
    • ISO27001

      As an Information Security company, we should be ensuring certification with the frameworks we advise on. For this reason, we certified with ISO27001 in 2018.

      Read More
      Australian SOC

      We are excited to announce our Security Operations Centre has commenced a shift to Australia with 3/4 of the Security Analysts now located in our Australian SOC. All Triskele Labs services will be completely Australian based by 1 July 2019.

      Read More
      24/7/365 Security Operations Center

      Triskele Labs have been recognised at the AT&T (AlienVault) APAC Partner of the Year 2018. This was based on our client service delivery and rapid growth. We appreciate the recognition from AlienVault and look forward to continuing our relationship.

      Read More
      Cybersponse

      Triskele Labs are excited to announce our partnership with CyOps making us the first SOC to deploy a dedicated standalone Security Orchestration Automation & Remediation (SOAR) for clients under 1,000 assets.

      Read More
    • Featured
      https://triskelelabs.com/wp-content/uploads/2019/04/ISO27001.jpg
      https://triskelelabs.com/wp-content/uploads/2019/04/Australian-Flag.jpg
      https://triskelelabs.com/wp-content/uploads/2019/02/AV-Partner-of-the-Year.png
      https://triskelelabs.com/wp-content/uploads/2019/02/Cybersponse-Logo-1.png
  • Case Studies
  • Blog
    • Holiday cheers and fears: Why your cyber safety might be at risk this Christmas

      Unlike many other businesses and industries, here at Triskele Labs, the Christmas season is one of the busiest times of...

    • 10 reasons why the holidays can be a hotbed for cybercrime

      The holidays are, indeed, a time for celebration, relaxation, and plenty of merrymaking. Did you know, though, that it’s also...

    • 5 tips on how to avoid online scams targeting your business

      In this day and age, online scams are more of a reality than ever before. Gone are the days when...

    • Recent Blogs
      • Holiday cheers and fears: Why your cyber safety might be at risk this Christmas
      • 10 reasons why the holidays can be a hotbed for cybercrime
      • 5 tips on how to avoid online scams targeting your business
      • The Forrester report on cybersecurity consulting: Triskele Labs highlighted as a legacy MSSP
      • Now this is how you run a phishing campaign…
      View All
  • Contact Us
    • Suspected Security Breach?

      Contact Us 24/7 For Immediate Support

      130024CYBER info@triskelelabs.com

      Contact Us
    • Contact Office
      Melbourne Head Office

      Level 4, 210 Kings Way

      South Melbourne Vic 3205 Australia

      130024CYBER
      Sydney Office

      5 Martin Place

      Sydney NSW 2000 Australia

      130024CYBER

      Canberra Office

      7 Lonsdale St,

      Braddon ACT 2612 Australia

      130024CYBER
      Security Operations Centre

      Contact Us

      Melbourne Vic

      130024CYBER

    • Your Contacts
        Nick Morgan
      Chief Executive Officer
      nick.morgan@triskelelabs.com
           
        Sal Unwin
      Chief Commercials Officer
      sal.unwin@triskelelabs.com
           
        Rob Barry
      Chief Operations Officer
      rob.barry@triskelelabs.com
           
Login
  • Home
  • Blog

category list

Recent Post

  • https://triskelelabs.com/wp-content/uploads/2019/12/shutterstock_514344898-80x80.png
    10 Dec, 2019 - By
    Holiday cheers and fears: Why your cyber safety might be at risk this Christmas
  • https://triskelelabs.com/wp-content/uploads/2019/12/shutterstock_161318552-80x80.png
    03 Dec, 2019 - By
    10 reasons why the holidays can be a hotbed for cybercrime
  • https://triskelelabs.com/wp-content/uploads/2019/11/shutterstock_412243102-80x80.png
    26 Nov, 2019 - By
    5 tips on how to avoid online scams targeting your business
  • https://triskelelabs.com/wp-content/uploads/2019/11/shutterstock_669226189-80x80.png
    12 Nov, 2019 - By
    The Forrester report on cybersecurity consulting: Triskele Labs highlighted as a legacy MSSP
  • https://triskelelabs.com/wp-content/uploads/2019/02/Phishing-80x80.jpg
    08 Nov, 2019 - By Nick Morgan
    Now this is how you run a phishing campaign…
  • https://triskelelabs.com/wp-content/uploads/2019/11/shutterstock_581234542-80x80.jpg
    05 Nov, 2019 - By
    How can you ensure mobile application security?
  • https://triskelelabs.com/wp-content/uploads/2019/10/shutterstock_572176240-1-80x80.jpg
    29 Oct, 2019 - By
    AI for cybersecurity in the healthcare industry
  • https://triskelelabs.com/wp-content/uploads/2019/10/shutterstock_725365696-80x80.jpg
    22 Oct, 2019 - By
    Applying AI to safeguard cybersecurity in government agencies
  • https://triskelelabs.com/wp-content/uploads/2019/10/shutterstock_516454909-80x80.jpg
    15 Oct, 2019 - By
    Cybersecurity risk assessment: How to protect your organisation from the big, bad world
  • https://triskelelabs.com/wp-content/uploads/2019/02/Secure-Finger-80x80.jpg
    08 Oct, 2019 - By
    Everything you need to know about a Security Operations Centre

Archives

  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019

tags

  • Christmas
  • Cyber safety
  • Cybercriminals
  • Phishing
  • Social engineering
  • Christmas
  • Cybercrime
  • Cybercriminal
  • Holiday
  • Cybersecurity consulting
  • Cybersecurity training
  • Online scams
  • Cybersecurity consulting
  • Forrester
  • Legacy MSSP
  • MSSP
  • App security
  • Mobile app security
  • Mobile security
  • AI
  • Artificial intelligence
  • cybersecurity
  • Healthcare cybersecurity
  • AI
  • Artificial intelligence
  • Cybersecurity in government
  • Phishing
  • cybersecurity
  • Cybersecurity risk assessment
  • penetration testing
  • red teaming
  • Cybersecurity professionals
  • Security Operations Centre
  • SOC
https://triskelelabs.com/wp-content/uploads/2019/02/Phishing-970x643.jpg 08 Nov, 2019

Now this is how you run a phishing campaign...

So we all see phishing attacks. They are happening more and more. Most of the time, they are easy to spot. Sometimes not so much. This is probably one of the best attempts I have seen and only the most cautious of users will be able to spot this.

First of all, an email came directly from Dropbox so it is legit.

Rather than clicking the link (which would have been picked up by Mimecast if it was dodgy anyway) I signed into Dropbox. As expected, a document was there. Instead of downloading (again, would have been picked up by Carbon Black if it was dodgy) I previewed the document and this is where the attack came to life.

The document has been blurred and embedded with a link to "view the whole document". This link directs to a site that is where the fun starts.

Checking this site, this is a template that has just been spun up!

This site has been compromised to then throw a login page that links to a compromised download.

I am in sheer amazement of how great this phishing campaign is. Obviously not for those who get caught out, but it shows the criminals are getting smarter. It is not enough to tell users to look at links etc anymore. The bad guys are getting smarter and we need to get there as the defenders. Watch out, we will be adding a new phishing mechanism to our red teaming bag!

Cheers,

Nick.

0 comments

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

WE ARE AUSTRALIA'S LEADING ONE STOP CYBER PROVIDER

CALL US TODAY: 130024CYBER

Get in touch

Triskele Labs is a leading provider of cybersecurity services across Australia. Our partnership approach to deliver end to end services including Governance, Risk & Compliance, Penetration Testing and a 24x7x365 Security Operations Centre (SOC) makes us the one stop shop for all your security needs.

useful links

  • Home
  • About
  • Services
  • Blog
  • FAQ
  • Contact Us

OUR LOCATIONS

  • 210 Kings Way, South Melbourne, VIC
  • 5 Martin Place, Sydney, NSW
  • 7 Lonsdale St, Braddon, ACT

Our mail

info@triskelelabs.com

Our Website

https://triskelelabs.com/

Connect

Register to receive our monthly newsletter to find out more about what we are doing in the world of cyber.

© 2019 Triskele Labs. All Rights Reserved.

  • Privacy Policy
  • Terms of Use