phish

(get it in RSS or Atom)

Monday review - the hot 22 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

How not to tell your customers how much you care about their security

phish-warning-250

We've written before about "what not to do" when sending emails to your customers.

Here's another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run.

Anatomy of a Bitcoin phish - don't be too quick before you click!

bc-250

Paul Ducklin looks at a recent Bitcoin phish, and offers some tips on how not to get suckered in just because things look familiar...

Making phishing more complex - on purpose

postepay-170

A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Humans still the weakest link as phishing gets smarter and more focused

apwg-250

The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

Beware Twitter "password check" sites - there are fakes, and there are fake fakes!

fakefake-250

After a widely publicised hack or data breach, you'll often find "password check" sites springing up.

Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...

Monday review - the hot 22 stories of the week

Monday review - the hot stories of the week

In case you missed any recent stories, here's everything we wrote in the last seven days.

Anatomy of a phish - how to spot a Man-in-the-Middle attack, and other security tips

Even if you are used to phishing scams, it still pays to take the occasional look at a scam campaign, just to remind yourself not to let your guard down.

Paul Ducklin digs into a recent "tax refund" phish with an added Man-in-the-Middle attack...

Facebook Class Action email - it looks like a phish but it's the real deal

A number of you have asked about a Facebook-related email that's doing the rounds lately.

It certainly has some of the hallmarks of a phish.

But is it? And how can you tell?

Anatomy of a phish - how crooks hack legitimate websites to steal your details

Are you a "safe surfer"?

What about sites that were perfectly good yesterday, but today are serving phishing pages for the crooks?

Paul Ducklin takes you on a four-country phishing trip...

Comcast users phished by Constant Guard spam lure

Comcast users phished by Constant Guard spam lure

A round of phishing emails is targeting Comcast cable internet users purporting to be a security service from the company called Constant Guard.

Australian Taxation Office scam preys on those still awaiting refunds

ato-sampler-250

The personal income tax year in Australia ends on 30 June. Many refunds will already have been processed and paid out.

That hasn't stopped the scammers. They've added a few weasel-words about "delays", as a sort of general-purpose excuse.

HMRC phishing scam promises end of year refund

HMRC250logo

It is the season once again for phishers to try and lure in their victims with bogus tax rebates, income tax mistakes and other nonsense. Read on for the latest tax related scam targeting citizens of the United Kingdom.

Telstra Bigpond users targeted in post-data-breach phishing campaign

at-on-hook-250

A phishing campaign targeting users of Telstra Bigpond, Australia's largest ISP, is urging users to confirm their billing information or risk suspension.

All pretty run-of-the-mill, but neatly timed given that Telstra suffered a data breach of customer information last Friday.

Xbox Live customers not hacked but phished

A wireless black Microsoft Xbox 360 controller with white background.

Xbox Live customers are the latest gamers to fall victim to an online attack with thousands of accounts hit across 35 countries.

Fresh Phish disguised as a PayPal Urgent Account Review Notification

CCNoPhish-alex_lee2001-250

A wave of phishing emails targeting users of PayPal has been hitting mailboxes this weekend preying on your fear that someone has compromised your account.

Twitter is not charging in October, there is no petition, you're being phished

Twitter245

Twitter messages claiming people need to sign a petition or Twitter will begin charging this fall are false. What you really get is your password stolen and a bit of shame for clicking an unknown link. Lesson learned?

Infected Phish targeting Commonwealth Bank of Australia

Image (1) infected-phish.jpg for post 20060

This week we've seen more phishing spam targeting the Commonwealth Bank of Australia, an institution that many scammers have aimed at in the past. The emails have a subject of "Update your Commonwealth Bank" and look like this: The text Read more…

Filet-O-Phish - Thieves target McDonald's

Image (2) mcdonaldsphish500.png for post 3465

I ran across an interesting and improbable phish today while looking through our spam feeds. The attackers in this case decided that enough people in the world eat at McDonald's that it was worth having a go at convincing people Read more…