phishing

(get it in RSS or Atom)

Monday review - the hot 21 stories of the week

Did you miss anything in the past week?

Here's a recap of the hot 21 stories of the past seven days, so you can catch up quickly!

Humans still the weakest link as phishing gets smarter and more focused

apwg-250

The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

The Dirty Dozen spamming countries - introducing the SophosLabs SPAMMIERSHIP League Tables!

spammiership-250

Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.

Of course, this is one "competition" in which getting promoted into the Premier Division - the SPAMMIERSHIP - is a cause for disappointment, not jubilation...

Monday review - the hot 18 stories of the week

dow-250

Missed any stories in the past seven days?

Here's our weekly roundup, just in case...

Fake payment phishers busted in South Africa

It's more Cape of Storms than it is Cape of Good Hope for an alleged phishing gang reportedly busted in Cape Town in South Africa's Western Cape.

The gang supposedly used a mixture of email and SMS to lure their victims into giving away PII...

It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

With a cybercrime plan as poorly thought out as this, maybe it's no wonder the Soviet Union didn't survive.

Phishers waste woman's £1m life savings on cheeseburgers, champagne and gold

internet_scammer_250

Crooks who swindled a woman out of her £1 million ($1.5 million) life savings, and blew their ill-gotten gains on cheeseburgers, gold and computers, are now facing jail time.

Monday review - the hot 20 stories of the week

Monday review

Catch up with all the security news from the last seven days - it's weekly roundup time.

Beware Twitter "password check" sites - there are fakes, and there are fake fakes!

fakefake-250

After a widely publicised hack or data breach, you'll often find "password check" sites springing up.

Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...

Mali offers free .ML domains to anyone. What could *possibly* go wrong?

Mali offers free .ML domains to anyone. What could *possibly* go wrong?

It's good news if you're a cybercriminal.

But probably not something that's going to do much good for one of the world's poorest countries.

Linkless Italian phishers quote Shakespeare in an attempt to defeat security products

Linkless Italian phishers quote Shakespeare in an attempt to defeat security products

O, frailty, thy name is insecure pet supply website operators...

Spammers think quoting Hamlet is a way to help them steal usernames and passwords - but they're wrong.

Monday review - the hot 13 stories of the week

Monday review - the hot stories of the week

Catch up with everything we've written in the last seven days with this handy weekly roundup

Spicing up phishing attacks

Spicing up phishing attacks

Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm.

Five Slovenians arrested for $2.5M email banking fraud

email scammer

Slovenian police on Thursday raided 12 homes and arrested five Slovenian citizens in connection with sending malware-packed email to small and medium businesses' accounting departments.

Evernote shoots itself in foot over "never click on 'reset password' requests" advice

Evernote shoots itself in foot over "never click on 'reset password' requests" advice

Have you taken a close look at the email that Evernote has sent out, with the subject line "Evernote Security Notice: Service-wide Password Reset"?

It looks like the hacked company has made a blunder.

Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours

Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours

Flooded with phishing attacks, which staff and students were falling for, the IT team at Oxford University blocked access to Google Docs - hoping to wake up users to the threat..

Would such a technique work in your organisation?

Google says it is winning the war against Gmail account hijackers

Gmail

Account takeovers are down a mammoth 99.7% compared with what they were at the height of the spear-phishing plague of 2011, the company (rightfully) brags.

Do not relax: such success doesn't let us users off the hook when it comes to account security beef-up.

Phishing attack attempts to steal Google passwords via Red Cross website

Phishing for Google passwords

"Please log into Google Docs, and then you'll be able to read my message."

"I've provided a handy link..."

Phishing attack against MSN/Hotmail users - a new year, but old tricks still persist

MSN and Hotmail

You would like to think that computer users are getting smarter about securing their systems, and not falling for the age-old tricks used by cybercriminals.

However, we still see our fair share of elementary unsophisticated attacks designed to steal credentials from the unwary.