(get it in RSS or Atom)

More iCloud phishing: don't get sucked in

It's easy to justify checking out spams and scams, on the "better safe than sorry" principle.

Don't do it!

You just end up one click closer to catastrophe.

"Obamacare" phishing email leads to banking malware‏


Unfortunately, official emails and web bulletins are a handy source of believable content for scammers.

This time, it's a Department of Labor bulletin "borrowed" to help distributed a variant of the infamous Vawtrak banking malware.

Monday review - the hot 22 stories of the week


Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

How not to tell your customers how much you care about their security


We've written before about "what not to do" when sending emails to your customers.

Here's another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run.

Anatomy of a Bitcoin phish - don't be too quick before you click!


Paul Ducklin looks at a recent Bitcoin phish, and offers some tips on how not to get suckered in just because things look familiar...

Making phishing more complex - on purpose


A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Humans still the weakest link as phishing gets smarter and more focused


The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

Beware Twitter "password check" sites - there are fakes, and there are fake fakes!


After a widely publicised hack or data breach, you'll often find "password check" sites springing up.

Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...

Monday review - the hot 22 stories of the week

Monday review - the hot stories of the week

In case you missed any recent stories, here's everything we wrote in the last seven days.

Anatomy of a phish - how to spot a Man-in-the-Middle attack, and other security tips

Even if you are used to phishing scams, it still pays to take the occasional look at a scam campaign, just to remind yourself not to let your guard down.

Paul Ducklin digs into a recent "tax refund" phish with an added Man-in-the-Middle attack...

Facebook Class Action email - it looks like a phish but it's the real deal

A number of you have asked about a Facebook-related email that's doing the rounds lately.

It certainly has some of the hallmarks of a phish.

But is it? And how can you tell?

Anatomy of a phish - how crooks hack legitimate websites to steal your details

Are you a "safe surfer"?

What about sites that were perfectly good yesterday, but today are serving phishing pages for the crooks?

Paul Ducklin takes you on a four-country phishing trip...

Comcast users phished by Constant Guard spam lure

Comcast users phished by Constant Guard spam lure

A round of phishing emails is targeting Comcast cable internet users purporting to be a security service from the company called Constant Guard.

Australian Taxation Office scam preys on those still awaiting refunds


The personal income tax year in Australia ends on 30 June. Many refunds will already have been processed and paid out.

That hasn't stopped the scammers. They've added a few weasel-words about "delays", as a sort of general-purpose excuse.

HMRC phishing scam promises end of year refund


It is the season once again for phishers to try and lure in their victims with bogus tax rebates, income tax mistakes and other nonsense. Read on for the latest tax related scam targeting citizens of the United Kingdom.

Telstra Bigpond users targeted in post-data-breach phishing campaign


A phishing campaign targeting users of Telstra Bigpond, Australia's largest ISP, is urging users to confirm their billing information or risk suspension.

All pretty run-of-the-mill, but neatly timed given that Telstra suffered a data breach of customer information last Friday.

Xbox Live customers not hacked but phished

A wireless black Microsoft Xbox 360 controller with white background.

Xbox Live customers are the latest gamers to fall victim to an online attack with thousands of accounts hit across 35 countries.

Fresh Phish disguised as a PayPal Urgent Account Review Notification


A wave of phishing emails targeting users of PayPal has been hitting mailboxes this weekend preying on your fear that someone has compromised your account.

Twitter is not charging in October, there is no petition, you're being phished


Twitter messages claiming people need to sign a petition or Twitter will begin charging this fall are false. What you really get is your password stolen and a bit of shame for clicking an unknown link. Lesson learned?