Social Engineering

(get it in RSS or Atom)

Fake femme fatale dupes IT guys at US government agency

Femme Fatale

Some offered her jobs, asked her out to dinner, or offered to help her get network access and a laptop. In short, men who should know better flocked to "Emily", supposedly a 28-year-old MIT grad with 10 years of experience and fake social-media profiles to die for, like moths to the social engineering flame.

Security education cuts both ways - why marketers need retraining too

Security education cuts both ways - why marketers need retraining too

Legitimate businesses need to be more aware of the impact their emails have on the public - the marketers whose attempts at putting across their messages stray over the line into spamming, and the communications people whose irresponsible use of email risks undoing the good work of educators in training us to spot scams and cons.

Yahoo says unleashing people's old accounts will be fine, just fine

Yahoo says unleashing people's old accounts will be fine, just fine

It will be OK, the company says. We're not giving away your content or personal details, and we're sending bouncebacks for a month. Has that convinced critics? Unlikely.

"G'day, the Queen speaking" - socially engineering the Duchess of Cambridge's hospital

"G'day, the Queen speaking" - socially engineering the Duchess of Cambridge's hospital

Pranksters at a Sydney radio station called the Duchess of Cambridge's hospital in London, pretending to be Her Majesty the Queen and Prince Charles.

To their astonishment, their social engineering succeeded. How would your organisation fare?

SSCC 97 - Black Hat and DEF CON review, broken crypto, Frak, smart meters and hacking transit

Sophos Security Chet Chat

Peter Szabo from SophosLabs joins Chet to chat about 4 more talks from this year's Black Hat and DEF CON conferences. Topics include MS-CHAPv2, Frak, smart meters and hacking public transit.

Targeted emails exploit new Acrobat Reader vulnerability

Target was warned of payment system vulnerabilities before data breach

Attackers are taking advantage of the latest zero-day vulnerability in Adobe's Reader software sending malicious attachments to specific targets. Adobe promises a fix is coming by the week of December 12 at the latest and Reader X users are protected already.

Kevin Mitnick - ghost in the wires, or scourge of the internet?


Duck has just finished reading Kevin Mitnick's autobiography, Ghost in the Wires.

He decided to review it for Naked Security.

Will you enjoy it? Should you buy it?

How hackers tried to break into my wife's 1&1 account - via the phone

How hackers tried to break into my wife's 1&1 account - via the phone

Sophos senior security engineer David Schwartzberg describes how scammers tried to break into his wife's online account at web-hosting firm 1&1 - via the telephone.

Fake iTunes receipt spam

Fake iTunes spam

A rather poorly crafted email campaign is making the rounds today. People around the world are receiving messages that appear to be iTunes receipts from Apple. On closer inspection however there are several oddities. The message arrives as an iTunes Read more…

Are signed files safer than others?

Default image

Mike Wood of SophosLabs Vancouver presented "Want my autograph? The use and abuse of digital signatures by malware" at the 2010 Virus Bulletin conference. Mike's talk was focused on the trust that people and technology put into certificates and how Read more…

MS Patch Tuesday, Adobe Vulns and Firefox 3.6.10 - Sept 2010

Image (1) tuesday250.jpg for post 3509

What a busy week! Aside from not having time to blog, there were a lot of stories about new vulnerabilities and patches for recent vulnerabilities. Microsoft, Adobe, and Mozilla all had news. Microsoft released nine patches addressing 14 vulnerabilities, four Read more…

Sophos Security Chet Chat 25 & 26

Sophos Security Chet Chat 25 & 26

Sophos Security Chet Chat episode 25 is now live in the Sophos podcast archive. Last week Michael Argast and I discussed this weeks social media news as well as Google's new adoption of OpenID with Yahoo! allowing federated login to Read more…

If I had a nickel for every Facebook scam. . .

Image (1) omgschool1-500.png for post 3495

I'd be rich! Not to have my blog turn into the 24/7 social-media-scam network, but another Facebook scam is on the loose. This one is called "OMG! Look What this Kid did to his School after being Expelled!" and follows Read more…

Filet-O-Phish - Thieves target McDonald's

Image (2) mcdonaldsphish500.png for post 3465

I ran across an interesting and improbable phish today while looking through our spam feeds. The attackers in this case decided that enough people in the world eat at McDonald's that it was worth having a go at convincing people Read more…

Spam roundup - Am I getting Google's spam?

Image (1) windowsspam550.png for post 3269

I spent some time today scouring the massive spam queues in SophosLabs and thought I would share some information on the latest email threats. I had a chuckle thinking I had accidentally received mail destined for Google. The subject of Read more…

Hot chick on Twitter? Bet it's a spammer

Hot chick on Twitter? Bet it's a spammer

A new Twitter follower whose profile picture is a hot girl is usually a clue that you may be led to a spam. Especially if they are following hundreds of people and don't have a lot of followers. Fortunately this Read more…

Evolution of spam: Explained

Image (1) skypeviagra514.jpg for post 2803

Spammers are taking advantage of all this cloud computing nonsense to get past our best defenses. I presented at Infosec Europe on how Russian affiliate networks (Partnerka) have eased up on spamming via email and have migrated to the web, Read more…

Mac users need to wake up to the social engineering threat

Image (1) computing-scan.jpg for post 16098

Clu-blog reader Peter directed my attention to a letter in this week's edition of "Computing" (a popular British IT magazine) earlier today. The letter from Jamie Forder is in response to an article written in a previous edition by Laurent Read more…