phishing

(get it in RSS or Atom)

Phishing boom in China bucks global trends

Fish. Image courtesy of Shutterstock.

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

sscc-139-thumb-250

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

Our brains work hard to spot phishing scams, but still often fail

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

"Followup phish" targets possible victims of last month's JP Morgan Chase card breach

chp-250

Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.

This time, it's a "followup phish" aimed at JP Morgan Chase customers...

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

Jail for phishing gang member who stole £393k from students

Jail for man who phished £393k from UK students

Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.

Online bank thieves arrested with £80k and a grenade

Online bank thieves arrested in UK with £80k and grenade

Specialist explosives officers in the UK removed what they suspected might have been a live hand grenade in a Tuesday morning raid on what detectives believe is an organized ring of cyber-criminals.

Festive season security myth: "If there are no links in an email, it can't be a phish."

topiary-chain-250

The festive season is a good time to make sure your friends and family haven't fallen in with falsehoods when it comes to computer security.

Paul Ducklin examines an email with no clickable links that was nevertheless a classic phish...

Dutch banks set common rules for online banking. But have they gone far enough?

Dutch banks set common rules for online banking

Dutch banks have agreed on a common framework of rules for their online banking customers, which they will require people to follow if they are to qualify for refunds of money stolen through phishing, carding or other forms of online fraud.

Making phishing more complex - on purpose

postepay-170

A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Microsoft "failed update" phish might well sound believable - watch out!

phishhook-250

Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion.

Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates...

8 tips for safer online banking

8 tips for safer online banking

Most of us use online banking. But are you making sure you're doing it as safely as possible? Check to make sure you're doing all of these 8 things!

Cybersecurity Awareness Month: 10th anniversary, 10 topical tales

10-tales-250

October 2013 marks the 10th anniversary of the USA's annual Cybersecurity Awareness Month (CSAM).

So we thought we'd come up with 10 topics, in vaguely chronological order, that have burst into our collective security concerns at various times in the last decade.

Defending against web-based malware: Spot the smoke, don't wait for fire

chn-250

Malware rarely gets into your network without some sort of tell-tale signs beforehand.

Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.

SSCC 116 - Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]

sscc-116-250

Here you are! Episode #116 of the Sophos Security Chet Chat.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.

Monday review - the hot 17 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Anatomy of a phish - a "generic mass targeted attack" against WordPress admins

wpphish-250

Naked Security reader Lisa Goodlin is a website designer and a WordPress user.

She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...

Secure Google Docs email results in mailbox compromise

GDocs250

As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.

Google Docs is the latest target, so look out!