Search Results for: phishing

More iCloud phishing: don't get sucked in

by Paul Ducklin on February 6, 2015 | 4 Comments

It's easy to justify checking out spams and scams, on the "better safe than sorry" principle.

Don't do it!

You just end up one click closer to catastrophe.

"Obamacare" phishing email leads to banking malware‏

by Paul Ducklin on January 14, 2015 | Leave a comment

Unfortunately, official emails and web bulletins are a handy source of believable content for scammers.

This time, it's a Department of Labor bulletin "borrowed" to help distributed a variant of the infamous Vawtrak banking malware.

Old-time phishing scams are working just fine, Google finds

by Lisa Vaas on November 11, 2014 | 3 Comments

A new Google study has found that the true masterpieces of phishing are successful 45% of the time. It's just another example of how phishers may be old dogs, but they can sure learn new tricks.

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

by Paul Ducklin on September 25, 2014 | 5 Comments

Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

by Lee Munson on August 13, 2014 | 1 Comment

Using non-Latin characters that look very similar to their ASCII counterparts helps scammers, spammers and phishing crooks send emails from legitimate-looking addresses. Now Google's putting a stop to that with a set of new spam filters.

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

by Lisa Vaas on July 21, 2014 | 5 Comments

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

by Paul Ducklin on July 10, 2014 | 2 Comments

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

37% of Canadian Justice Department fail phishing awareness test

by John Hawes on June 25, 2014 | 1 Comment

An in-house awareness test run late last year at Department of Justice Canada has revealed that a good percentage of its employees are for the most part fairly easy to trick with phishing scams.

Phishing boom in China bucks global trends

by John Hawes on April 17, 2014 | Leave a comment

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

by Paul Ducklin on March 20, 2014 | 2 Comments

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

Our brains work hard to spot phishing scams, but still often fail

by John Hawes on March 4, 2014 | 5 Comments

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

Jail for phishing gang member who stole £393k from students

by Lee Munson on December 19, 2013 | 1 Comment

Olajide Onikoyi was one of many criminals who tricked students via a phishing campaign. Victims received emails prompting them to visit a fake student loans website.

Making phishing more complex - on purpose

by Fraser Howard on October 18, 2013 | 2 Comments

A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

SSCC 116 - Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]

by Paul Ducklin on September 10, 2013 | Leave a comment

Here you are! Episode #116 of the Sophos Security Chet Chat.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.

Humans still the weakest link as phishing gets smarter and more focused

by John Hawes on August 2, 2013 | 8 Comments

The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

Viber admits to swallowing 'Syrian Electronic Army' phishing bait

by Lisa Vaas on July 24, 2013 | 3 Comments

The Syrian Electronic Army (SEA) claimed on Tuesday that it had taken over the support page for instant messaging/VoIP service Viber.

Viber itself announced that the claims are overblown and that only two minor systems were breached - a customer support panel and a support administration system.

Google adds (some) malware and phishing info to Transparency Report

by John Hawes on June 28, 2013 | 3 Comments

Google has expanded its Transparency Report data to include stats from their 'Safe Browsing' system, which keeps tabs on where malware and phishing sites are hosted. The data is a little short on definition, but shows which hosting providers are doing the worst job of keeping their IP space clean.