Phishing

(get it in RSS or Atom)

US Nuclear Regulatory Commission hacked 3 times in 3 years

US Nuclear Regulatory Commission hacked 3 times in 3 years

According to documents obtained under an open-records request, two of the hacks, perpetrated via phishing emails, are believed to have originated in foreign countries, while the source of the third remains unknown because incident logs have been destroyed. The report does not say when the attacks occurred, nor does it divulge what, if any, data was compromised.

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Using non-Latin characters that look very similar to their ASCII counterparts helps scammers, spammers and phishing crooks send emails from legitimate-looking addresses. Now Google's putting a stop to that with a set of new spam filters.

Monday review - the hot 22 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

chet-chat-logo-featured-250

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

How not to tell your customers how much you care about their security

phish-warning-250

We've written before about "what not to do" when sending emails to your customers.

Here's another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run.

Coinbase wallet app in SSL/TLS SNAFU

Bitcoin digital wallet

The popular Bitcoin wallet Coinbase has a security flaw in its Android apps which could allow an attacker to steal authentication codes and access users' accounts, according to a security researcher.

Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps?

37% of Canadian Justice Department fail phishing awareness test

37% of Canadian Justice Department fail phishing awareness test

An in-house awareness test run late last year at Department of Justice Canada has revealed that a good percentage of its employees are for the most part fairly easy to trick with phishing scams.

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Code dynamically inserted into Reuters web pages by content serving company, Taboola, appears to have been poisoned by the Syrian Electronic Army in order to redirect visitors to another page under the hackers' control. It highlights the need for websites to consider security in a broad context and to not rely solely on traditional server-based defenses.

SCAMwatch - 5 tips to keep your friends and family out of scammers' clutches

scam-watch-250

It's National Consumer Fraud Week in Australia, so the government's SCAMwatch team has published 5 straight-talking anti-scammer tips.

With Aussies alone taken for about $90M last year, this is a battle we need to keep on fighting all around the globe...

SSCC 151 - Measuring vulns, Apple and Wi-Fi privacy, Android ransomware and more [PODCAST]

sscc-151-250

It's our weekly security pocast!

Chester Wisniewski and Paul Ducklin dig into the latest security news for lessons we can all learn...

Phish or legit - Can you tell the difference?

Phish or legit - Can you tell the difference?

If a legitimate email looks like a phishing email, then how are you supposed to spot what is genuine and what isn't? John Shier takes a look.

US charges Chinese military officers with cyber espionage

chinese-usa-flags-250

Tensions between China and the United States over spying go back a long way. But - in a first - the US has indicted five Chinese military officials for alleged cyber espionage, which could ratchet up the tension to a new level.

Google and Facebook join forces to take down fake tech support scammers

Online ad clicks

Web giants Google and Facebook are striking back against tech support scammers who use the companies' ad networks to snag victims.

AOL Mail accounts breached, users advised to change passwords

AOL Mail accounts breached, users advised to change passwords

AOL users, change your passwords. AOL said it is investigating a large-scale breach of AOL Mail accounts in which user passwords, security questions, mail addresses, and contact lists were compromised.

Monday review - the hot 21 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Phishing boom in China bucks global trends

Fish. Image courtesy of Shutterstock.

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).