phishing

(get it in RSS or Atom)

Phish of the Week - when adjectives just aren't enough

by Paul Ducklin on January 12, 2015 | 28 Comments

We aren't really supposed to chuckle at spams and scams.

But here's a phishing story that will make you smile yet still be educational...

SSCC 179 - What kind of a name is "Lizard Squad"? [PODCAST]

by Paul Ducklin on December 31, 2014 | Leave a comment

Here's the latest episode of our regular security podcast.

This week: phishing, spamming, zombification, SCADA and the Internet of Things, and the curiously named cybervandals that go by "Lizard Squad."

Can malware and hackers really cause giant physical disasters?

by Paul Ducklin on December 29, 2014 | 14 Comments

Could you really have a hacker or malware initiated meltdown?

Yes, says the 2014 report of the German Office for Information Security...

Yes, I got an iTunes gift card for Christmas - but HOW DID THE CROOKS KNOW THAT?

by Paul Ducklin on December 29, 2014 | 2 Comments

You *are* being doubly cautious for phishing campaigns over the holiday season, aren't you?

Spammers and scammers don't have to know anything about you to hit the bullseye in what might feel like a targeted attack.

The email that caused a literal meltdown - 60 Sec Security [VIDEO]

by Paul Ducklin on December 27, 2014 | Leave a comment

Enjoy the last episode of "60 Second Security" for 2014!

Learn from the week's news in just one minute...

SSCC 178 - Are we there yet? [PODCAST]

by Paul Ducklin on December 24, 2014 | Leave a comment

Here's the latest episode of our weekly security podcast.

Enjoy...and "Happy Holidays," whether you're away on vacation yourself, or a sysadmin enjoying the time when everyone else is on vacation!

Yes, ICANN keep your data safe...oops, sorry, no I can't - 60 Sec Security [VIDEO]

by Paul Ducklin on December 20, 2014 | Leave a comment

Time for the latest episode of our weekly 60 Second Security video!

The news, in just one minute...enjoy.

Don’t let the Grinch steal Christmas: how to avoid festive fraudsters

by Louisa Hardwick on December 18, 2014 | 1 Comment
Don’t let the Grinch steal Christmas: tips for avoiding festive fraudsters

Take a little more time to record what you've bought, from who or where, and how much it cost - and don't let your guard slip at this hectic time of year.

Old-time phishing scams are working just fine, Google finds

by Lisa Vaas on November 11, 2014 | 3 Comments
Old-time phishing scams are working just fine, Google finds

A new Google study has found that the true masterpieces of phishing are successful 45% of the time. It's just another example of how phishers may be old dogs, but they can sure learn new tricks.

SSCC 172 - Ransomware's not dead! [PODCAST]

by Paul Ducklin on November 5, 2014 | Leave a comment

Here's the latest episode of our weekly security podcast.

News you can use!

GATSO! Speed camera phish leads to CryptoLocker ransomware clone...

by Paul Ducklin on November 3, 2014 | 13 Comments
gatso-250

Recently, we came across an intriguing phishing campaign that combines two feared products of the information age.

Gatsos (speed cameras) and ransomware, rolled into one attack!

US Nuclear Regulatory Commission hacked 3 times in 3 years

by Lee Munson on August 19, 2014 | Leave a comment
US Nuclear Regulatory Commission hacked 3 times in 3 years

According to documents obtained under an open-records request, two of the hacks, perpetrated via phishing emails, are believed to have originated in foreign countries, while the source of the third remains unknown because incident logs have been destroyed. The report does not say when the attacks occurred, nor does it divulge what, if any, data was compromised.

Sophos Techknow - Firewalls Demystified [PODCAST]

by Paul Ducklin on August 8, 2014 | 2 Comments
techknow-logo-250-150

The word firewall has a lot more shades of meaning in 2014 than it did in 1994.

So...who better to help us to demystify the modern firewall than Sophos security expert Chester Wisniewski?

Anatomy of an iTunes phish - tips to avoid getting caught out

by Paul Ducklin on July 28, 2014 | 9 Comments

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

by Lisa Vaas on July 21, 2014 | 5 Comments
Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

by Paul Ducklin on July 10, 2014 | 2 Comments

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

by Lee Munson on June 23, 2014 | 7 Comments
Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Code dynamically inserted into Reuters web pages by content serving company, Taboola, appears to have been poisoned by the Syrian Electronic Army in order to redirect visitors to another page under the hackers' control. It highlights the need for websites to consider security in a broad context and to not rely solely on traditional server-based defenses.

Ransom-taking iPhone hackers busted by Russian authorities

by John Zorabedian on June 10, 2014 | 1 Comment
iphone-lock-250

The mystery of the ransom messages from "Oleg Pliss," and the iDevice locking attack that popped up in Australia and the US last month, appears to have been solved.

Phish or legit - Can you tell the difference?

by John Shier on June 6, 2014 | 23 Comments
Phish or legit - Can you tell the difference?

If a legitimate email looks like a phishing email, then how are you supposed to spot what is genuine and what isn't? John Shier takes a look.