At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Cybercriminals Impersonate DHS Amid Deportation Efforts

    Researchers at INKY warn that criminals are impersonating the US Department of Homeland Security to launch phishing scams.

    The crooks are taking advantage of heightened emotions and tensions surrounding the Trump Administration’s deportation efforts.

    Some of the phishing emails reference a recent executive order on immigration, while others attempt to trick users into believing they have a stake in unclaimed funds.

    The phishing sites are designed to filter out security crawlers and researchers, making them more likely to reach users who will fall for the scam.

    “When we visited the link associated with the first example, departmentimmigration[.]info, it actually redirected us to the official website of the U.S. Citizenship and Immigration Services which is a department within DHS,” INKY explains.

    “When we tried the second link, departmentimmigration[.]life, we were greeted with a 403 Forbidden message which means that the server understood the request but was refusing to fulfill it. Because of this, we believe that this phishing campaign could be a targeted phishing technique often referred to as host-based cloaking or IP-targeted phishing. This type of attack ensures that only users from a specific hostname, IP range, or even device fingerprint see the malicious content.”

    INKY says users should be on the lookout for red flags associated with phishing emails, especially regarding emails designed to convey a sense of urgency.

    “Be leery of links and look closely at the domains,” the researchers write. “Official U.S. government domains usually end in .gov or .mil rather than .com or another suffix. In this case, it should be a red flag to the email recipients that none of these sender email addresses, domains, or links came from an address that ended in .gov or .mil.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    INKY has the story.

    Stop Advanced Phishing Attacks with KnowBe4 Defend

    KnowBe4 Defend takes a new approach to email security by addressing the gaps in M365 and Secure Email Gateways (SEGs). Defend helps you respond to threats quicker, dynamically improve security and stop advanced phishing threats. It reduces admin overhead, enhances detection and engages users to build a stronger security culture.

    With KnowBe4 Defend you can:

    • Reduce risk of data breaches by detecting threats missed by M365 and SEGs
    • Free up admin resources by automating email security tasks
    • Educate users with color-coded banners to turn risks into teachable moments
    • Continuously assess and dynamically adapt security detection reducing admin overhead
    • Leverage live threat intelligence to automate training and simulations

    PS: Don’t like to click on redirected buttons? Cut and paste this link in your browser:https://info.knowbe4.com/phishing-reply-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top