Phishing

(get it in RSS or Atom)

Spammers take advantage of Naked Security writing about spammers

GreenCard3-250

An identity theft focused spam campaign is doing the rounds pretending to be a winning notification from the American "green card lottery". Worse yet, the spammers decided to utilize imagery hosted on Naked Security.

Bitcoin user loses $10K to typosquatters - tips to avoid opening your wallet to imposters

bc-logo-250

Last week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.

This week, it's a Bitcoin phish that relies on typosquatting.

Paul Ducklin offers some tips to keep you safe...

Our brains work hard to spot phishing scams, but still often fail

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

How emails can be used to track your location and how to stop it

Chrome extension 'Streak' betrays what time you open mail and your location

A new Google Chrome browser extension lets email senders using Google accounts see when recipients open email, who exactly opened the email, and where the recipient is located. And sorry, but no, recipients don't have a say in the matter whatsoever, since we don't have to sign up for the extension to have it blab about us.

Why we need to rethink how we view security

Why we need to rethink how we view security

When we look at some of the biggest security headlines of the past year - Target data breach, Cryptolocker ransomware, Snowden/NSA leaks - there's one big lesson we can all be taught: secure everywhere.

LinkedIn's iPhone 'Intro' tool goes outro

LinkedIn's iPhone 'Intro' tool goes outro. Image Twin Design / Shutterstock

LinkedIn's email plug-in for Apple iOS, designed to suction LinkedIn profile information and insert it into emails received on phones, was destined for a short life and a load of criticism.

SEA attempts to hack Facebook and other MarkMonitor domain customers

Facebook Photo Sync: Nine things you should know

The group known as the Syrian Electronic Army (SEA) attempted to commandeer the DNS records of Facebook, but were thwarted by DNS provider MarkMonitor. Are the basic protocols up to the task of protecting us in 2014?

Just how secure is that mobile banking app?

https-tablet-250

Security researcher Ariel Sanchez recently published a fascinating report on the sort of security you can expect if you do your internet banking on an iPhone or iPad.

The answer, sadly, seems to be, "Very little."

"Followup phish" targets possible victims of last month's JP Morgan Chase card breach

chp-250

Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.

This time, it's a "followup phish" aimed at JP Morgan Chase customers...

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

Jail for phishing gang member who stole £393k from students

Jail for man who phished £393k from UK students

Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.

18 months for supercomputer hacker, 18 years for CarderPlanet boss

18 months for supercomputer hacker, 18 years for CarderPlanet boss

It has been a busy week for cyber law enforcement this week. Two interesting sentences were handed out to a 24-year-old American hacker, as well as 49-year-old Ukrainian national Roman Vega, co-founder of CarderPlanet.

Gmail takes image loading out of users' hands - here's how to take it back

Gmail's automatic image viewing, and how to turn it off

Gmail's new default is to automatically display all those HTML glamour shots that marketers desperately hope we'll click on. Does this really help our privacy and security, and how can you turn it off again?

Nude Carla Bruni pics masking Trojan lured G20 attendees to click

Nude Carla Bruni pics masking Trojan lured G20 attendees to click

"Almost everybody who received the email took the bait," one government source told a news outlet. Any cognitive behavioralists out there who can tell us how to overcome the impulse to click on such a well-nigh-irresistible lure?

Festive season security myth: "If there are no links in an email, it can't be a phish."

topiary-chain-250

The festive season is a good time to make sure your friends and family haven't fallen in with falsehoods when it comes to computer security.

Paul Ducklin examines an email with no clickable links that was nevertheless a classic phish...

Cloned Facebook accounts hit up friends with spam and money requests

Cloned Facebook accounts hit up friends with spam and money requests

The scam hit a TV news station in the US, with attackers scraping photos from reporters' profiles and using them on bogus accounts taken out under their victims' names. Using those fake accounts, they then milked their targets' friend lists to spam out malicious links.

NYPD detective pleads guilty to hacking fellow police officers' email and phone

NYPD detective pleads guilty to hacking fellow police officers' email and phone

Edwin Vargas was charged with using PayPal to hire someone to hack login details for at least 43 personal email accounts, including those of 20 current or former NYPD officers.

Fake femme fatale dupes IT guys at US government agency

Femme Fatale

Some offered her jobs, asked her out to dinner, or offered to help her get network access and a laptop. In short, men who should know better flocked to "Emily", supposedly a 28-year-old MIT grad with 10 years of experience and fake social-media profiles to die for, like moths to the social engineering flame.

Anonymous threatens Singapore with hacking attacks, calls for November 5 protest... perhaps

gf-250

An anonymous person, claiming to be Anonymous, recently fired off a hacking threat against Singapore's financial systems.

Should this threat be taken seriously?

Making phishing more complex - on purpose

postepay-170

A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...