Phishing

(get it in RSS or Atom)

AOL Mail accounts breached, users advised to change passwords

AOL Mail accounts breached, users advised to change passwords

AOL users, change your passwords. AOL said it is investigating a large-scale breach of AOL Mail accounts in which user passwords, security questions, mail addresses, and contact lists were compromised.

Monday review - the hot 21 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Phishing boom in China bucks global trends

Fish. Image courtesy of Shutterstock.

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

Spammers take advantage of Naked Security writing about spammers

GreenCard3-250

An identity theft focused spam campaign is doing the rounds pretending to be a winning notification from the American "green card lottery". Worse yet, the spammers decided to utilize imagery hosted on Naked Security.

Bitcoin user loses $10K to typosquatters - tips to avoid opening your wallet to imposters

bc-logo-250

Last week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.

This week, it's a Bitcoin phish that relies on typosquatting.

Paul Ducklin offers some tips to keep you safe...

Our brains work hard to spot phishing scams, but still often fail

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

How emails can be used to track your location and how to stop it

Chrome extension 'Streak' betrays what time you open mail and your location

A new Google Chrome browser extension lets email senders using Google accounts see when recipients open email, who exactly opened the email, and where the recipient is located. And sorry, but no, recipients don't have a say in the matter whatsoever, since we don't have to sign up for the extension to have it blab about us.

Why we need to rethink how we view security

Why we need to rethink how we view security

When we look at some of the biggest security headlines of the past year - Target data breach, Cryptolocker ransomware, Snowden/NSA leaks - there's one big lesson we can all be taught: secure everywhere.

LinkedIn's iPhone 'Intro' tool goes outro

LinkedIn's iPhone 'Intro' tool goes outro. Image Twin Design / Shutterstock

LinkedIn's email plug-in for Apple iOS, designed to suction LinkedIn profile information and insert it into emails received on phones, was destined for a short life and a load of criticism.

SEA attempts to hack Facebook and other MarkMonitor domain customers

Facebook Photo Sync: Nine things you should know

The group known as the Syrian Electronic Army (SEA) attempted to commandeer the DNS records of Facebook, but were thwarted by DNS provider MarkMonitor. Are the basic protocols up to the task of protecting us in 2014?

Just how secure is that mobile banking app?

https-tablet-250

Security researcher Ariel Sanchez recently published a fascinating report on the sort of security you can expect if you do your internet banking on an iPhone or iPad.

The answer, sadly, seems to be, "Very little."

"Followup phish" targets possible victims of last month's JP Morgan Chase card breach

chp-250

Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.

This time, it's a "followup phish" aimed at JP Morgan Chase customers...

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

Jail for phishing gang member who stole £393k from students

Jail for man who phished £393k from UK students

Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.

18 months for supercomputer hacker, 18 years for CarderPlanet boss

18 months for supercomputer hacker, 18 years for CarderPlanet boss

It has been a busy week for cyber law enforcement this week. Two interesting sentences were handed out to a 24-year-old American hacker, as well as 49-year-old Ukrainian national Roman Vega, co-founder of CarderPlanet.

Gmail takes image loading out of users' hands - here's how to take it back

Gmail's automatic image viewing, and how to turn it off

Gmail's new default is to automatically display all those HTML glamour shots that marketers desperately hope we'll click on. Does this really help our privacy and security, and how can you turn it off again?

Nude Carla Bruni pics masking Trojan lured G20 attendees to click

Nude Carla Bruni pics masking Trojan lured G20 attendees to click

"Almost everybody who received the email took the bait," one government source told a news outlet. Any cognitive behavioralists out there who can tell us how to overcome the impulse to click on such a well-nigh-irresistible lure?

Festive season security myth: "If there are no links in an email, it can't be a phish."

topiary-chain-250

The festive season is a good time to make sure your friends and family haven't fallen in with falsehoods when it comes to computer security.

Paul Ducklin examines an email with no clickable links that was nevertheless a classic phish...

Cloned Facebook accounts hit up friends with spam and money requests

Cloned Facebook accounts hit up friends with spam and money requests

The scam hit a TV news station in the US, with attackers scraping photos from reporters' profiles and using them on bogus accounts taken out under their victims' names. Using those fake accounts, they then milked their targets' friend lists to spam out malicious links.