There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).
We'd like to urge any of you who are thinking of sending out "heartbleed" password reset emails: *please avoid those login links*.
Help us to help everyone get geared up to avoid phishing attacks.
An identity theft focused spam campaign is doing the rounds pretending to be a winning notification from the American "green card lottery". Worse yet, the spammers decided to utilize imagery hosted on Naked Security.
Last week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.
This week, it's a Bitcoin phish that relies on typosquatting.
Paul Ducklin offers some tips to keep you safe...
A new Google Chrome browser extension lets email senders using Google accounts see when recipients open email, who exactly opened the email, and where the recipient is located. And sorry, but no, recipients don't have a say in the matter whatsoever, since we don't have to sign up for the extension to have it blab about us.
When we look at some of the biggest security headlines of the past year - Target data breach, Cryptolocker ransomware, Snowden/NSA leaks - there's one big lesson we can all be taught: secure everywhere.
The group known as the Syrian Electronic Army (SEA) attempted to commandeer the DNS records of Facebook, but were thwarted by DNS provider MarkMonitor. Are the basic protocols up to the task of protecting us in 2014?
Security researcher Ariel Sanchez recently published a fascinating report on the sort of security you can expect if you do your internet banking on an iPhone or iPad.
The answer, sadly, seems to be, "Very little."
Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.
This time, it's a "followup phish" aimed at JP Morgan Chase customers...
Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?
Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.
It has been a busy week for cyber law enforcement this week. Two interesting sentences were handed out to a 24-year-old American hacker, as well as 49-year-old Ukrainian national Roman Vega, co-founder of CarderPlanet.
Gmail's new default is to automatically display all those HTML glamour shots that marketers desperately hope we'll click on. Does this really help our privacy and security, and how can you turn it off again?
"Almost everybody who received the email took the bait," one government source told a news outlet. Any cognitive behavioralists out there who can tell us how to overcome the impulse to click on such a well-nigh-irresistible lure?
Edwin Vargas was charged with using PayPal to hire someone to hack login details for at least 43 personal email accounts, including those of 20 current or former NYPD officers.