A threat that doesn't just attack, but asks you to put in a password first?
Sounds weird, but the trick worked for malware in the past, and is now being used in phishing
Fraser Howard of SophosLabs explains...
Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion.
Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates...
Italian computer scientist Michele Spagnuolo recently wrote about what he considered a security issue in the popular iPhone and iPad email app "Mailbox."
Not everyone agreed with him...
Malware rarely gets into your network without some sort of tell-tale signs beforehand.
Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.
The UK is to trial a national emergency alerting system based on text messaging to your mobile phone.
Other countries have already done this, so it sounds uncontroversial - but can it be made to work safely and securely?
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Naked Security reader Lisa Goodlin is a website designer and a WordPress user.
She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...
Adrian-Tiberiu Oprea, whose gang targeted hundreds of Subway branches in the US, has been sentenced to a hefty 15 years in jail. Meanwhile a US business exec faces 5 years for stealing company data from his former employers, an Anonymous hacker has been hit with a gagging order, and a gang of phishers has been rounded up in South Africa.
As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.
Google Docs is the latest target, so look out!
The Syrian Electronic Army attacked an internet domain name provider today taking down for a short time the websites of The New York Times and Twitter for some users,
The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.
This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.
The Syrian Electronic Army (SEA) claimed on Tuesday that it had taken over the support page for instant messaging/VoIP service Viber.
Viber itself announced that the claims are overblown and that only two minor systems were breached - a customer support panel and a support administration system.
Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.
Of course, this is one "competition" in which getting promoted into the Premier Division - the SPAMMIERSHIP - is a cause for disappointment, not jubilation...
Google has expanded its Transparency Report data to include stats from their 'Safe Browsing' system, which keeps tabs on where malware and phishing sites are hosted. The data is a little short on definition, but shows which hosting providers are doing the worst job of keeping their IP space clean.
Do you know someone who's been scammed online?
Chances are that you do - or you may have been scammed yourself.
The National Consumer Fraud Week aims to spread the word about how to avoid becoming a victim online.
It's more Cape of Storms than it is Cape of Good Hope for an alleged phishing gang reportedly busted in Cape Town in South Africa's Western Cape.
The gang supposedly used a mixture of email and SMS to lure their victims into giving away PII...