Phishing

(get it in RSS or Atom)

SSCC 178 - Are we there yet? [PODCAST]

Here's the latest episode of our weekly security podcast.

Enjoy...and "Happy Holidays," whether you're away on vacation yourself, or a sysadmin enjoying the time when everyone else is on vacation!

Yes, ICANN keep your data safe...oops, sorry, no I can't - 60 Sec Security [VIDEO]

Time for the latest episode of our weekly 60 Second Security video!

The news, in just one minute...enjoy.

Spear-phishers grab emails from internet overseer ICANN

ICANN logo

Yes, the DNS overlord fell for spear phishing. No, the internet's spine was NOT broken, given that the intruders only gained "read", not "write", access. Thank goodness!

Don’t let the Grinch steal Christmas: how to avoid festive fraudsters

Don’t let the Grinch steal Christmas: tips for avoiding festive fraudsters

Take a little more time to record what you've bought, from who or where, and how much it cost - and don't let your guard slip at this hectic time of year.

5 online scams to watch out for this Black Friday and Cyber Monday

Special offer. Image courtesy of Shutterstock

The traditional kickoff to the holiday shopping season is also an opportune time for cybercriminals, scam artists and conmen to gear up their activities.

Here are the top 5 online scams to watch out for...

Old-time phishing scams are working just fine, Google finds

Old-time phishing scams are working just fine, Google finds

A new Google study has found that the true masterpieces of phishing are successful 45% of the time. It's just another example of how phishers may be old dogs, but they can sure learn new tricks.

SSCC 172 - Ransomware's not dead! [PODCAST]

Here's the latest episode of our weekly security podcast.

News you can use!

GATSO! Speed camera phish leads to CryptoLocker ransomware clone...

gatso-250

Recently, we came across an intriguing phishing campaign that combines two feared products of the information age.

Gatsos (speed cameras) and ransomware, rolled into one attack!

Google goes beyond two-step verification with new USB Security Key

Google 2SV

Google's adding support for a physical USB second factor that will first verify the login site as being a true Google website, not a fake site pretending to be Google, before it hands over a cryptographic signature.

Attacker takes over Facebook page set up for 'Bucket List Baby' Shane, posts porn

Attacker takes over Facebook page set up for 'Bucket List Baby' Shane, posts porn

A Facebook page set up to chronicle the extremely short life of a baby with the rare, terminal condition of anencephaly was hijacked within days of the infant's death and set to display lewd images. The parents, who had lost their child mere days before, fell for one of the most vile phishing attacks ever.

5 steps to lock down your webmail account

5 steps to lock down your webmail account

For most people Gmail, Outlook.com or Yahoo! Mail is their main personal account. Here are some of the most important steps to keep unwanted people out of your web-based email account.

Kim Kardashian, Vanessa Hudgens, et al. targeted in latest naked celebrity photo leak

Celebgate redux: Alleged nudies of Kim Kardashian, Vanessa Hudgens et al. doxed

Early on Saturday morning, Celebgate flooded the same sites as it did three weeks ago - 4Chan and Reddit, among others - as cyber crooks again posted nude celebrity photos, despite the scuffle of threatened lawsuits and attention from the FBI.

US Nuclear Regulatory Commission hacked 3 times in 3 years

US Nuclear Regulatory Commission hacked 3 times in 3 years

According to documents obtained under an open-records request, two of the hacks, perpetrated via phishing emails, are believed to have originated in foreign countries, while the source of the third remains unknown because incident logs have been destroyed. The report does not say when the attacks occurred, nor does it divulge what, if any, data was compromised.

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Using non-Latin characters that look very similar to their ASCII counterparts helps scammers, spammers and phishing crooks send emails from legitimate-looking addresses. Now Google's putting a stop to that with a set of new spam filters.

Monday review - the hot 22 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

How not to tell your customers how much you care about their security

phish-warning-250

We've written before about "what not to do" when sending emails to your customers.

Here's another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run.