Search Results for: phishing

Google unveils Password Alert Chrome extension, an early warning system against phishing attacks

Google developers have created Password Alert, an open-source Chrome extension that aims to protect users from phishing attacks.

More iCloud phishing: don't get sucked in

It's easy to justify checking out spams and scams, on the "better safe than sorry" principle.

Don't do it!

You just end up one click closer to catastrophe.

"Obamacare" phishing email leads to banking malware‏

dol-fake-250

Unfortunately, official emails and web bulletins are a handy source of believable content for scammers.

This time, it's a Department of Labor bulletin "borrowed" to help distributed a variant of the infamous Vawtrak banking malware.

Old-time phishing scams are working just fine, Google finds

Old-time phishing scams are working just fine, Google finds

A new Google study has found that the true masterpieces of phishing are successful 45% of the time. It's just another example of how phishers may be old dogs, but they can sure learn new tricks.

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

moz-250

Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Using non-Latin characters that look very similar to their ASCII counterparts helps scammers, spammers and phishing crooks send emails from legitimate-looking addresses. Now Google's putting a stop to that with a set of new spam filters.

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

37% of Canadian Justice Department fail phishing awareness test

37% of Canadian Justice Department fail phishing awareness test

An in-house awareness test run late last year at Department of Justice Canada has revealed that a good percentage of its employees are for the most part fairly easy to trick with phishing scams.

Phishing boom in China bucks global trends

Fish. Image courtesy of Shutterstock.

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

sscc-139-thumb-250

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

Our brains work hard to spot phishing scams, but still often fail

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

Jail for phishing gang member who stole £393k from students

Jail for man who phished £393k from UK students

Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.

Making phishing more complex - on purpose

postepay-170

A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

SSCC 116 - Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]

sscc-116-250

Here you are! Episode #116 of the Sophos Security Chet Chat.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.

Humans still the weakest link as phishing gets smarter and more focused

apwg-250

The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

Viber admits to swallowing 'Syrian Electronic Army' phishing bait

Viber admits to swallowing Syrian Electronic Army phishing bait

The Syrian Electronic Army (SEA) claimed on Tuesday that it had taken over the support page for instant messaging/VoIP service Viber.

Viber itself announced that the claims are overblown and that only two minor systems were breached - a customer support panel and a support administration system.

Google adds (some) malware and phishing info to Transparency Report

Google adds (some) malware and phishing info to Transparency Report

Google has expanded its Transparency Report data to include stats from their 'Safe Browsing' system, which keeps tabs on where malware and phishing sites are hosted. The data is a little short on definition, but shows which hosting providers are doing the worst job of keeping their IP space clean.

It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

With a cybercrime plan as poorly thought out as this, maybe it's no wonder the Soviet Union didn't survive.

Spicing up phishing attacks

Spicing up phishing attacks

Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm.