phishing

(get it in RSS or Atom)

Making phishing more complex - on purpose

postepay-170

A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Microsoft "failed update" phish might well sound believable - watch out!

phishhook-250

Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion.

Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates...

8 tips for safer online banking

8 tips for safer online banking

Most of us use online banking. But are you making sure you're doing it as safely as possible? Check to make sure you're doing all of these 8 things!

Cybersecurity Awareness Month: 10th anniversary, 10 topical tales

10-tales-250

October 2013 marks the 10th anniversary of the USA's annual Cybersecurity Awareness Month (CSAM).

So we thought we'd come up with 10 topics, in vaguely chronological order, that have burst into our collective security concerns at various times in the last decade.

Defending against web-based malware: Spot the smoke, don't wait for fire

chn-250

Malware rarely gets into your network without some sort of tell-tale signs beforehand.

Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.

SSCC 116 - Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]

sscc-116-250

Here you are! Episode #116 of the Sophos Security Chet Chat.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.

Monday review - the hot 17 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Anatomy of a phish - a "generic mass targeted attack" against WordPress admins

wpphish-250

Naked Security reader Lisa Goodlin is a website designer and a WordPress user.

She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...

Secure Google Docs email results in mailbox compromise

GDocs250

As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.

Google Docs is the latest target, so look out!

Monday review - the hot 21 stories of the week

Did you miss anything in the past week?

Here's a recap of the hot 21 stories of the past seven days, so you can catch up quickly!

Humans still the weakest link as phishing gets smarter and more focused

apwg-250

The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

The Dirty Dozen spamming countries - introducing the SophosLabs SPAMMIERSHIP League Tables!

spammiership-250

Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.

Of course, this is one "competition" in which getting promoted into the Premier Division - the SPAMMIERSHIP - is a cause for disappointment, not jubilation...

Monday review - the hot 18 stories of the week

dow-250

Missed any stories in the past seven days?

Here's our weekly roundup, just in case...

Fake payment phishers busted in South Africa

It's more Cape of Storms than it is Cape of Good Hope for an alleged phishing gang reportedly busted in Cape Town in South Africa's Western Cape.

The gang supposedly used a mixture of email and SMS to lure their victims into giving away PII...

It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

With a cybercrime plan as poorly thought out as this, maybe it's no wonder the Soviet Union didn't survive.

Phishers waste woman's £1m life savings on cheeseburgers, champagne and gold

internet_scammer_250

Crooks who swindled a woman out of her £1 million ($1.5 million) life savings, and blew their ill-gotten gains on cheeseburgers, gold and computers, are now facing jail time.

Monday review - the hot 20 stories of the week

Monday review

Catch up with all the security news from the last seven days - it's weekly roundup time.

Beware Twitter "password check" sites - there are fakes, and there are fake fakes!

fakefake-250

After a widely publicised hack or data breach, you'll often find "password check" sites springing up.

Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...

Mali offers free .ML domains to anyone. What could *possibly* go wrong?

Mali offers free .ML domains to anyone. What could *possibly* go wrong?

It's good news if you're a cybercriminal.

But probably not something that's going to do much good for one of the world's poorest countries.