Cyber Threats Vulnerabilities

SMTP Smuggling Technique in Email Spoofing Attacks

SMTP Smuggling is a technique that allows you to send e-mail from almost any e-mail address by hiding another e-mail message in the data flow of an e-mail communication. Basically, another e-mail is injected into the message by exploiting interpretation differences in the SMTP protocol. Since the main message successfully passes security checks such as SPF, DKIM and DMARC, the injected message is delivered to the recipient boxes without any warning.

Cyber Threats

Increase in the Theft of Credit Cards Using “Sniffer” in Recent

Sniffing method is an attack method used by cyber fraudsters to steal private information such as passwords and credit cards of website customers by compromising/hacking an e-commerce website.

Cyber fraudsters on the dark web target e-commerce sites and can gain access through passwords obtained from stealer logs or through webshells they install on the systems as a result of exploiting web application/server security vulnerabilities on the site. Then, they can steal users’ credit card information by placing sniffers on the forms where customer credit card information is entered on payment pages or by embedding their own phishing pages with “iframe” tags on the payment page that opens when the user wants to purchase a product. It is known that cyber fraudsters use the stolen credit cards to shop on websites without 3D Secure protection, called “cardable”, or to sell them on the dark web.

Cyber Threats

What is BEC (Business E-mail Compromise) Attack and Prevention Methods

A BEC (Business Email Compromise) attack is a cash-oriented type of cyber fraud that targets companies that work with foreign suppliers and make bank transfers. The attacker somehow obtains the email address of a company executive or an employee responsible for financial transactions, whether corporate or public. They then hunt for words such as request, payment, transfer and urgent in email messages. In the final phase, they try to deceive individuals by impersonating them and inserting themselves into conversations in order to transfer the money to their own account.