phish
Beware Twitter "password check" sites - there are fakes, and there are fake fakes!
After a widely publicised hack or data breach, you'll often find "password check" sites springing up.
Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...
Monday review - the hot 22 stories of the week
In case you missed any recent stories, here's everything we wrote in the last seven days.
Anatomy of a phish - how to spot a Man-in-the-Middle attack, and other security tips
Even if you are used to phishing scams, it still pays to take the occasional look at a scam campaign, just to remind yourself not to let your guard down.
Paul Ducklin digs into a recent "tax refund" phish with an added Man-in-the-Middle attack...
Facebook Class Action email - it looks like a phish but it's the real deal
A number of you have asked about a Facebook-related email that's doing the rounds lately.
It certainly has some of the hallmarks of a phish.
But is it? And how can you tell?
Anatomy of a phish - how crooks hack legitimate websites to steal your details
Are you a "safe surfer"?
What about sites that were perfectly good yesterday, but today are serving phishing pages for the crooks?
Paul Ducklin takes you on a four-country phishing trip...
Comcast users phished by Constant Guard spam lure
A round of phishing emails is targeting Comcast cable internet users purporting to be a security service from the company called Constant Guard.
Australian Taxation Office scam preys on those still awaiting refunds
The personal income tax year in Australia ends on 30 June. Many refunds will already have been processed and paid out.
That hasn't stopped the scammers. They've added a few weasel-words about "delays", as a sort of general-purpose excuse.
HMRC phishing scam promises end of year refund
It is the season once again for phishers to try and lure in their victims with bogus tax rebates, income tax mistakes and other nonsense. Read on for the latest tax related scam targeting citizens of the United Kingdom.
Telstra Bigpond users targeted in post-data-breach phishing campaign
A phishing campaign targeting users of Telstra Bigpond, Australia's largest ISP, is urging users to confirm their billing information or risk suspension.
All pretty run-of-the-mill, but neatly timed given that Telstra suffered a data breach of customer information last Friday.
Xbox Live customers not hacked but phished
Xbox Live customers are the latest gamers to fall victim to an online attack with thousands of accounts hit across 35 countries.
Fresh Phish disguised as a PayPal Urgent Account Review Notification
A wave of phishing emails targeting users of PayPal has been hitting mailboxes this weekend preying on your fear that someone has compromised your account.
Twitter is not charging in October, there is no petition, you're being phished
Twitter messages claiming people need to sign a petition or Twitter will begin charging this fall are false. What you really get is your password stolen and a bit of shame for clicking an unknown link. Lesson learned?
Infected Phish targeting Commonwealth Bank of Australia
This week we've seen more phishing spam targeting the Commonwealth Bank of Australia, an institution that many scammers have aimed at in the past. The emails have a subject of "Update your Commonwealth Bank" and look like this: The text Read more…
Filet-O-Phish - Thieves target McDonald's
I ran across an interesting and improbable phish today while looking through our spam feeds. The attackers in this case decided that enough people in the world eat at McDonald's that it was worth having a go at convincing people Read more…
Zeus - Exploiting Spear Phishing to Spear Phish
The Zeus crimeware family has moved into new territory with its latest spam campaign - purporting to be a warning about targeted phishing attacks on ".gov" and ".mil" domains, by Zeus Trojans no less! In fact, one of the latest Read more…
Australian Taxation Office scammers strike yet again
Scammers have targeted the Australian Taxation Office (ATO) once again, offering a tax refund which you can search for and claim on-line. The emails are obviously fakes (the from addresses are garbage, the link in the email doesn't go to Read more…
Twitter phishers are after your password
Twitter has warned its ardent users to be on the lookout for dangerous direct messages, which could lead to cybercriminals phishing their account login details. As SophosLabs briefly reported earlier today, the offending direct messages take the form of: hi. Read more…
Yahoo phish caught in action
Many customers and journalists have been asking if I have any sample phishes that could be representative of the disclosed usernames and passwords this week. A colleague of mine actually received one today and I thought I would share it Read more…
Hotmail passwords heisted by hackers
Neowin.net is reporting that over 10,000 usernames and passwords were publicly disclosed from users of hotmail.com, msn.com, and live.com email services. All of the accounts initially posted begin with the letter a or b, suggesting that this may be the Read more…
