(get it in RSS or Atom)

Fake femme fatale dupes IT guys at US government agency

Femme Fatale

Some offered her jobs, asked her out to dinner, or offered to help her get network access and a laptop. In short, men who should know better flocked to "Emily", supposedly a 28-year-old MIT grad with 10 years of experience and fake social-media profiles to die for, like moths to the social engineering flame.

Anonymous threatens Singapore with hacking attacks, calls for November 5 protest... perhaps


An anonymous person, claiming to be Anonymous, recently fired off a hacking threat against Singapore's financial systems.

Should this threat be taken seriously?

Making phishing more complex - on purpose


A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Security education cuts both ways - why marketers need retraining too

Security education cuts both ways - why marketers need retraining too

Legitimate businesses need to be more aware of the impact their emails have on the public - the marketers whose attempts at putting across their messages stray over the line into spamming, and the communications people whose irresponsible use of email risks undoing the good work of educators in training us to spot scams and cons.

Microsoft "failed update" phish might well sound believable - watch out!


Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion.

Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates...

"Mailbox" app on iPads and iPhones runs JavaScript from emails - vulnerability or feature?


Italian computer scientist Michele Spagnuolo recently wrote about what he considered a security issue in the popular iPhone and iPad email app "Mailbox."

Not everyone agreed with him...

Defending against web-based malware: Spot the smoke, don't wait for fire


Malware rarely gets into your network without some sort of tell-tale signs beforehand.

Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.

UK to trial national emergency alerts via mobile phones - what are the risks?


The UK is to trial a national emergency alerting system based on text messaging to your mobile phone.

Other countries have already done this, so it sounds uncontroversial - but can it be made to work safely and securely?

Monday review - the hot 17 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Anatomy of a phish - a "generic mass targeted attack" against WordPress admins


Naked Security reader Lisa Goodlin is a website designer and a WordPress user.

She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...

15 years jail time for Romanian card heist ringleader, 5 for light-fingered company president

15 years jail time for Romanian card heist ringleader, 5 for light-fingered company president

Adrian-Tiberiu Oprea, whose gang targeted hundreds of Subway branches in the US, has been sentenced to a hefty 15 years in jail. Meanwhile a US business exec faces 5 years for stealing company data from his former employers, an Anonymous hacker has been hit with a gagging order, and a gang of phishers has been rounded up in South Africa.

Monday review - the hot 19 stories of the week

Monday review

Catch up with everything we've written in the last seven days with our handy roundup.

Secure Google Docs email results in mailbox compromise


As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.

Google Docs is the latest target, so look out!

Syrian Electronic Army brings down Twitter and The New York Times through domain name provider hack


The Syrian Electronic Army attacked an internet domain name provider today taking down for a short time the websites of The New York Times and Twitter for some users,

Humans still the weakest link as phishing gets smarter and more focused


The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

Monday review - the hot 20 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

Viber admits to swallowing 'Syrian Electronic Army' phishing bait

Viber admits to swallowing Syrian Electronic Army phishing bait

The Syrian Electronic Army (SEA) claimed on Tuesday that it had taken over the support page for instant messaging/VoIP service Viber.

Viber itself announced that the claims are overblown and that only two minor systems were breached - a customer support panel and a support administration system.

The Dirty Dozen spamming countries - introducing the SophosLabs SPAMMIERSHIP League Tables!


Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.

Of course, this is one "competition" in which getting promoted into the Premier Division - the SPAMMIERSHIP - is a cause for disappointment, not jubilation...

Google adds (some) malware and phishing info to Transparency Report

Google adds (some) malware and phishing info to Transparency Report

Google has expanded its Transparency Report data to include stats from their 'Safe Browsing' system, which keeps tabs on where malware and phishing sites are hosted. The data is a little short on definition, but shows which hosting providers are doing the worst job of keeping their IP space clean.

Australia's National Consumer Fraud Week starts today - the motto is, "Outsmart the scammers!"


Do you know someone who's been scammed online?

Chances are that you do - or you may have been scammed yourself.

The National Consumer Fraud Week aims to spread the word about how to avoid becoming a victim online.