Phishing

(get it in RSS or Atom)

Making phishing more complex - on purpose

postepay-170

A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Security education cuts both ways - why marketers need retraining too

Security education cuts both ways - why marketers need retraining too

Legitimate businesses need to be more aware of the impact their emails have on the public - the marketers whose attempts at putting across their messages stray over the line into spamming, and the communications people whose irresponsible use of email risks undoing the good work of educators in training us to spot scams and cons.

Microsoft "failed update" phish might well sound believable - watch out!

phishhook-250

Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion.

Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates...

"Mailbox" app on iPads and iPhones runs JavaScript from emails - vulnerability or feature?

mbox-250

Italian computer scientist Michele Spagnuolo recently wrote about what he considered a security issue in the popular iPhone and iPad email app "Mailbox."

Not everyone agreed with him...

Defending against web-based malware: Spot the smoke, don't wait for fire

chn-250

Malware rarely gets into your network without some sort of tell-tale signs beforehand.

Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.

UK to trial national emergency alerts via mobile phones - what are the risks?

mobile-phone-250

The UK is to trial a national emergency alerting system based on text messaging to your mobile phone.

Other countries have already done this, so it sounds uncontroversial - but can it be made to work safely and securely?

Monday review - the hot 17 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Anatomy of a phish - a "generic mass targeted attack" against WordPress admins

wpphish-250

Naked Security reader Lisa Goodlin is a website designer and a WordPress user.

She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...

15 years jail time for Romanian card heist ringleader, 5 for light-fingered company president

15 years jail time for Romanian card heist ringleader, 5 for light-fingered company president

Adrian-Tiberiu Oprea, whose gang targeted hundreds of Subway branches in the US, has been sentenced to a hefty 15 years in jail. Meanwhile a US business exec faces 5 years for stealing company data from his former employers, an Anonymous hacker has been hit with a gagging order, and a gang of phishers has been rounded up in South Africa.

Monday review - the hot 19 stories of the week

Monday review

Catch up with everything we've written in the last seven days with our handy roundup.

Secure Google Docs email results in mailbox compromise

GDocs250

As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.

Google Docs is the latest target, so look out!

Syrian Electronic Army brings down Twitter and The New York Times through domain name provider hack

T250

The Syrian Electronic Army attacked an internet domain name provider today taking down for a short time the websites of The New York Times and Twitter for some users,

Humans still the weakest link as phishing gets smarter and more focused

apwg-250

The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

Monday review - the hot 20 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

Viber admits to swallowing 'Syrian Electronic Army' phishing bait

Viber admits to swallowing Syrian Electronic Army phishing bait

The Syrian Electronic Army (SEA) claimed on Tuesday that it had taken over the support page for instant messaging/VoIP service Viber.

Viber itself announced that the claims are overblown and that only two minor systems were breached - a customer support panel and a support administration system.

The Dirty Dozen spamming countries - introducing the SophosLabs SPAMMIERSHIP League Tables!

spammiership-250

Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.

Of course, this is one "competition" in which getting promoted into the Premier Division - the SPAMMIERSHIP - is a cause for disappointment, not jubilation...

Google adds (some) malware and phishing info to Transparency Report

Google adds (some) malware and phishing info to Transparency Report

Google has expanded its Transparency Report data to include stats from their 'Safe Browsing' system, which keeps tabs on where malware and phishing sites are hosted. The data is a little short on definition, but shows which hosting providers are doing the worst job of keeping their IP space clean.

Australia's National Consumer Fraud Week starts today - the motto is, "Outsmart the scammers!"

oustsmart-250

Do you know someone who's been scammed online?

Chances are that you do - or you may have been scammed yourself.

The National Consumer Fraud Week aims to spread the word about how to avoid becoming a victim online.

LinkedIn flips the two-factor authentication switch

LinkedIn flips the two-factor authentication switch

Just in time for the one-year anniversary of getting its socks knocked off in an attack that saw 6.5 million passwords swiped. Thanks: that's a good anniversary gift, LinkedIn.

Fake payment phishers busted in South Africa

It's more Cape of Storms than it is Cape of Good Hope for an alleged phishing gang reportedly busted in Cape Town in South Africa's Western Cape.

The gang supposedly used a mixture of email and SMS to lure their victims into giving away PII...