phishing

(get it in RSS or Atom)

Linkless Italian phishers quote Shakespeare in an attempt to defeat security products

Linkless Italian phishers quote Shakespeare in an attempt to defeat security products

O, frailty, thy name is insecure pet supply website operators...

Spammers think quoting Hamlet is a way to help them steal usernames and passwords - but they're wrong.

Monday review - the hot 13 stories of the week

Monday review - the hot stories of the week

Catch up with everything we've written in the last seven days with this handy weekly roundup

Spicing up phishing attacks

Spicing up phishing attacks

Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm.

Five Slovenians arrested for $2.5M email banking fraud

email scammer

Slovenian police on Thursday raided 12 homes and arrested five Slovenian citizens in connection with sending malware-packed email to small and medium businesses' accounting departments.

Evernote shoots itself in foot over "never click on 'reset password' requests" advice

Evernote shoots itself in foot over "never click on 'reset password' requests" advice

Have you taken a close look at the email that Evernote has sent out, with the subject line "Evernote Security Notice: Service-wide Password Reset"?

It looks like the hacked company has made a blunder.

Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours

Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours

Flooded with phishing attacks, which staff and students were falling for, the IT team at Oxford University blocked access to Google Docs - hoping to wake up users to the threat..

Would such a technique work in your organisation?

Google says it is winning the war against Gmail account hijackers

Gmail

Account takeovers are down a mammoth 99.7% compared with what they were at the height of the spear-phishing plague of 2011, the company (rightfully) brags.

Do not relax: such success doesn't let us users off the hook when it comes to account security beef-up.

Phishing attack attempts to steal Google passwords via Red Cross website

Phishing for Google passwords

"Please log into Google Docs, and then you'll be able to read my message."

"I've provided a handy link..."

Phishing attack against MSN/Hotmail users - a new year, but old tricks still persist

MSN and Hotmail

You would like to think that computer users are getting smarter about securing their systems, and not falling for the age-old tricks used by cybercriminals.

However, we still see our fair share of elementary unsophisticated attacks designed to steal credentials from the unwary.

PayPal phishing scams - take care of yourself online this Christmas

paypal-scam-login-250

PayPal users are being targeted in what is a now-typical pattern of phishing against the global payment service.

The trick is short and simple: you receive an email "acknowledging" a smallish payment. It's $79 to an eBay advertising service in our example...

How to report a computer crime: Phishing attack

How to report a computer crime: Phishing attack

What would you do if you unwittingly became a victim of a phishing attack? Do you know how you'd go about reporting the phishing to the authorities?

Phishing attack promises a free version of Windows 8

Phishing attack promises a free version of Windows 8

On Friday, Microsoft launched Windows 8 to consumers.

Today, the experts at SophosLabs have intercepted a phishing attack which plays upon interest in the new operating system.

Huawei UK makes a blunder with its online careers page

Huawei UK makes a blunder with its online careers page

Chinese technology giant Huawei, under the spotlight following US concerns that its technology could be used for undercover surveillance, has made an elementary mistake in regards to its UK careers page.

India spews more spam than ever before, report finds

India spews more spam than ever before, report finds

You can thank India for one out of six spam messages in your inbox, up from one in 10 when SophosLabs last put out its list of the Dirty Dozen top spam-relaying countries. The UK has upped its spam output as well, meaning it's rejoined the dirty dozen after an 18-month hiatus.

Bogus Apple Store discount card offer attempts to steal users' identities

Apple updates iOS fixing 27 vulnerabilities and TURKTRUST revocation

Spam messages have been sent out by cybercriminals claiming to reward loyal Apple customers with $100 of credit to spend in-store if they just buy a $9 discount card.

It's a wonder that Apple makes any money with marketing campaigns like this! (Or rather it would be, if the email could be trusted).

Invited to change your Twitter profile's header image? Beware, it could be drug spam

Invited to change your Twitter profile's header image? Careful, it could be drug spam

Inventive spammers are up to their old tricks again, desperate to do whatever it takes to get you to click on a link to their websites.

Microsoft Windows Update emails try to steal your Gmail, Yahoo, AOL passwords...

Microsoft Windows Update emails try to steal your Gmail, Yahoo, AOL passwords...

Beware any emails which claim to come from privacy@microsoft.com - it could be that you're being targeted in an attack designed to steal your AOL, Gmail, Yahoo or Windows Live password.

Facebook glitch lets spear phishers impersonate users' friends and family

Facebook glitch lets spear-phishers impersonate users' friends and family

Facebook blames a "temporary misconfiguration" for allowing spammers to get their hands on users' personal details and then pose as trusted friends to lure victims into clicking.

But is the problem properly fixed yet?

Phishing without a webpage - researcher reveals how a link *itself* can be malicious

Phish without a web page? Yes you can!

Can you phish without a phishing page? Research by a student at the University of Oslo in Norway finds that, with the help of a trusty URI, ‘Yes, you can.’

How to report phishing to Facebook

How to report phishing to Facebook

Facebook has today announced a new way in which it hopes to combat phishing scams targeting its 955 million users.