phishing

(get it in RSS or Atom)

US Nuclear Regulatory Commission hacked 3 times in 3 years

US Nuclear Regulatory Commission hacked 3 times in 3 years

According to documents obtained under an open-records request, two of the hacks, perpetrated via phishing emails, are believed to have originated in foreign countries, while the source of the third remains unknown because incident logs have been destroyed. The report does not say when the attacks occurred, nor does it divulge what, if any, data was compromised.

Sophos Techknow - Firewalls Demystified [PODCAST]

techknow-logo-250-150

The word firewall has a lot more shades of meaning in 2014 than it did in 1994.

So...who better to help us to demystify the modern firewall than Sophos security expert Chester Wisniewski?

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

chet-chat-logo-featured-250

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Code dynamically inserted into Reuters web pages by content serving company, Taboola, appears to have been poisoned by the Syrian Electronic Army in order to redirect visitors to another page under the hackers' control. It highlights the need for websites to consider security in a broad context and to not rely solely on traditional server-based defenses.

Ransom-taking iPhone hackers busted by Russian authorities

iphone-lock-250

The mystery of the ransom messages from "Oleg Pliss," and the iDevice locking attack that popped up in Australia and the US last month, appears to have been solved.

Phish or legit - Can you tell the difference?

Phish or legit - Can you tell the difference?

If a legitimate email looks like a phishing email, then how are you supposed to spot what is genuine and what isn't? John Shier takes a look.

AOL Mail accounts breached, users advised to change passwords

AOL Mail accounts breached, users advised to change passwords

AOL users, change your passwords. AOL said it is investigating a large-scale breach of AOL Mail accounts in which user passwords, security questions, mail addresses, and contact lists were compromised.

Phishing boom in China bucks global trends

Fish. Image courtesy of Shutterstock.

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

sscc-139-thumb-250

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

Our brains work hard to spot phishing scams, but still often fail

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

"Followup phish" targets possible victims of last month's JP Morgan Chase card breach

chp-250

Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.

This time, it's a "followup phish" aimed at JP Morgan Chase customers...

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

Jail for phishing gang member who stole £393k from students

Jail for man who phished £393k from UK students

Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.

Online bank thieves arrested with £80k and a grenade

Online bank thieves arrested in UK with £80k and grenade

Specialist explosives officers in the UK removed what they suspected might have been a live hand grenade in a Tuesday morning raid on what detectives believe is an organized ring of cyber-criminals.

Festive season security myth: "If there are no links in an email, it can't be a phish."

topiary-chain-250

The festive season is a good time to make sure your friends and family haven't fallen in with falsehoods when it comes to computer security.

Paul Ducklin examines an email with no clickable links that was nevertheless a classic phish...

Dutch banks set common rules for online banking. But have they gone far enough?

Dutch banks set common rules for online banking

Dutch banks have agreed on a common framework of rules for their online banking customers, which they will require people to follow if they are to qualify for refunds of money stolen through phishing, carding or other forms of online fraud.