phishing

(get it in RSS or Atom)

Secure Google Docs email results in mailbox compromise

by Chester Wisniewski on August 29, 2013 | 20 Comments

As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.

Google Docs is the latest target, so look out!

Monday review - the hot 21 stories of the week

by Paul Ducklin on August 5, 2013 | Leave a comment

Did you miss anything in the past week?

Here's a recap of the hot 21 stories of the past seven days, so you can catch up quickly!

Humans still the weakest link as phishing gets smarter and more focused

by John Hawes on August 2, 2013 | 8 Comments

The latest figures from the APWG show a decline in phishing reports. Verizon, on the other hand, implies that almost all incidents of cyber espionage reported in the last year included some phishing component.

This seems to confirm that phishing attacks are becoming less scatter-gun, focusing more on specific targets.

The Dirty Dozen spamming countries - introducing the SophosLabs SPAMMIERSHIP League Tables!

by Paul Ducklin on July 16, 2013 | 14 Comments

Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.

Of course, this is one "competition" in which getting promoted into the Premier Division - the SPAMMIERSHIP - is a cause for disappointment, not jubilation...

Monday review - the hot 18 stories of the week

by Paul Ducklin on June 10, 2013 | Leave a comment

Missed any stories in the past seven days?

Here's our weekly roundup, just in case...

Fake payment phishers busted in South Africa

by Paul Ducklin on June 3, 2013 | 3 Comments

It's more Cape of Storms than it is Cape of Good Hope for an alleged phishing gang reportedly busted in Cape Town in South Africa's Western Cape.

The gang supposedly used a mixture of email and SMS to lure their victims into giving away PII...

Why Twitter's two-factor authentication isn't going to stop media organisations from being hacked

by Graham Cluley on May 23, 2013 | 6 Comments

Twitter's new two factor authentication system will be welcomed by some users, but ignored by others who will find it a nuisance.

Notably, it's unlikely to be much use at all to media companies who have suffered at the hands of hackers, as Graham Cluley explains.

It's VKontakte, not Vikontakte. Twitter phishing, Soviet-style

by Graham Cluley on May 22, 2013 | 6 Comments

With a cybercrime plan as poorly thought out as this, maybe it's no wonder the Soviet Union didn't survive.

Phishers waste woman's £1m life savings on cheeseburgers, champagne and gold

by Lisa Vaas on May 13, 2013 | 2 Comments

Crooks who swindled a woman out of her £1 million ($1.5 million) life savings, and blew their ill-gotten gains on cheeseburgers, gold and computers, are now facing jail time.

Monday review - the hot 20 stories of the week

by Anna Brading on April 29, 2013 | Leave a comment

Catch up with all the security news from the last seven days - it's weekly roundup time.

Beware Twitter "password check" sites - there are fakes, and there are fake fakes!

by Paul Ducklin on April 24, 2013 | 13 Comments

After a widely publicised hack or data breach, you'll often find "password check" sites springing up.

Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...

Mali offers free .ML domains to anyone. What could possibly go wrong?

by Graham Cluley on April 11, 2013 | 17 Comments

It's good news if you're a cybercriminal.

But probably not something that's going to do much good for one of the world's poorest countries.

Linkless Italian phishers quote Shakespeare in an attempt to defeat security products

by Graham Cluley on April 10, 2013 | 2 Comments

O, frailty, thy name is insecure pet supply website operators...

Spammers think quoting Hamlet is a way to help them steal usernames and passwords - but they're wrong.

Monday review - the hot 13 stories of the week

by Anna Brading on April 1, 2013 | Leave a comment

Monday review - the hot stories of the week

Catch up with everything we've written in the last seven days with this handy weekly roundup

Spicing up phishing attacks

by Fraser Howard on March 27, 2013 | 5 Comments

Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm.

Five Slovenians arrested for $2.5M email banking fraud

by Lisa Vaas on March 26, 2013 | Leave a comment

Slovenian police on Thursday raided 12 homes and arrested five Slovenian citizens in connection with sending malware-packed email to small and medium businesses' accounting departments.

Evernote shoots itself in foot over "never click on 'reset password' requests" advice

by Graham Cluley on March 3, 2013 | 19 Comments

Have you taken a close look at the email that Evernote has sent out, with the subject line "Evernote Security Notice: Service-wide Password Reset"?

It looks like the hacked company has made a blunder.

Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours

by Graham Cluley on February 21, 2013 | 8 Comments

Flooded with phishing attacks, which staff and students were falling for, the IT team at Oxford University blocked access to Google Docs - hoping to wake up users to the threat..

Would such a technique work in your organisation?

Google says it is winning the war against Gmail account hijackers

by Lisa Vaas on February 21, 2013 | 5 Comments

Account takeovers are down a mammoth 99.7% compared with what they were at the height of the spear-phishing plague of 2011, the company (rightfully) brags.

Do not relax: such success doesn't let us users off the hook when it comes to account security beef-up.