Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.
This time, it's a "followup phish" aimed at JP Morgan Chase customers...
Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?
Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.
Specialist explosives officers in the UK removed what they suspected might have been a live hand grenade in a Tuesday morning raid on what detectives believe is an organized ring of cyber-criminals.
Dutch banks have agreed on a common framework of rules for their online banking customers, which they will require people to follow if they are to qualify for refunds of money stolen through phishing, carding or other forms of online fraud.
A threat that doesn't just attack, but asks you to put in a password first?
Sounds weird, but the trick worked for malware in the past, and is now being used in phishing
Fraser Howard of SophosLabs explains...
Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion.
Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates...
Most of us use online banking. But are you making sure you're doing it as safely as possible? Check to make sure you're doing all of these 8 things!
Malware rarely gets into your network without some sort of tell-tale signs beforehand.
Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.
Here you are! Episode #116 of the Sophos Security Chet Chat.
News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Naked Security reader Lisa Goodlin is a website designer and a WordPress user.
She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...
As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.
Google Docs is the latest target, so look out!
The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.
This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.
Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.
Of course, this is one "competition" in which getting promoted into the Premier Division - the SPAMMIERSHIP - is a cause for disappointment, not jubilation...