search result

Phish Phood for Thought

In 2007, David Harley and Andrew Lee suggested at Virus Bulletin that poorly-designed phish quizzes did more harm than good. Has the picture changed much?

Philosophical Phish

…this is a phish mailed out indiscriminately in the hope of catching a Xoom customer…

Phish Allergy – Recognizing Phishing Messages

While phishing-related malware is still mostly Windows targeting, attacks that rely purely on social engineering and fake web sites might be delivered by any platform, including smartphones and tablets. The more cautious you are, the better informed you are, and the more you think before you click, the more chance you have of leaving phishing craft stranded.

Google Eye Phish: Bait Me A Hook In The Morning

…I’ve been seeing quite a few scrawny, toothless piranha mailed from email addresses that are often spoofed but invariably dubious like google.phishing.team@a_latvian_mail_provider.com…

Phish Phlags

Here’s a phish one of ESET’s partners drew our attention to: it’s aimed at users of Maybank (http://www.maybank2u.com), the largest financial services group in Malaysia. The scam is somewhat more elaborate than many we see, and it’s worth a little analysis to see what flags we can extract from it for spotting a phisher at work From: Maybank

Bumper Phish Phry or a Drop in the Bucket?

We’re very interested in the whole Phishing problem, not just the malware/banking Trojans side of the issue. So while free publicity for job sites is not exactly the business we’re in, I thought you might find this item interesting. The PhishBucket site describes itself as a  nonprofit organization dedicated to protecting job seekers from fraudulent

Phish to phry: The Thoughtful Phisher Revisited…

[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a

PayPal and Phishing Continued: Grooming Phish Victims

In view of some of the discussion generated by Randy's blog on PayPal's "confession" of "phishing", it's refreshing to see a straightforward summary of the issue from the estimable Larry Seltzer for PC Mag (see http://blogs.pcmag.com/securitywatch/2009/12/paypal_admits_to_phishing_its.php?sms_ss=twitter). PayPal's view of the issue seems equivocal. They've gone to some lengths to dismiss this issue as the agenda of

LinkedIn Phish – So Easy to Avoid

Security vendor Trusteer blogged about a wave of fake LinkedIn emails that download malware on to your computer. The images Trusteer shows of the phish demonstrate how tricky the criminals are and how authentic the message looks, yet just yesterday I shared with you a foolproof method to prevent yourself from falling victim to such

Premium Phish

Our IT Director shared a phishing email with me noting how professional it looked. While professionals, such as our IT director would not be fooled by a phish like this, many people would be fooled. A picture of the body of the email is below. The “from” address would fool many people. The “to” address

Netflix phish, tech support scam, same phrying pan

Yet another innovative tech support scam, using Netflix phishing to get remote access to the victim’s system.

How cybercriminals ‘market’ email attacks – and why LinkedIn lures are today’s prize phish

Cybercriminals ‘manage’ phishing emails using techniques similar to those used by marketing agencies, including the use of ‘test audiences’ to see how effective a particular email is, according to an email security specialist.

Big phish, small pond: How to stay safe from SMS phishing scams

Phishing emails are a sad fact of life, and most of us are used to dealing with them – but cybercriminals are increasingly turning to SMS to reel in their victims. Our tips should help you avoid clicking something you’ll regret.

Phish Phodder: Is User Education Helping or Hindering

Evaluates research on susceptibility to phishing attacks, and looks at web-based educational resources such as phishing quizzes. Do phished institutions and security vendors promote a culture of dependence that discourages computer users from helping themselves? First published in 2007 Virus Bulletin Conference Proceedings.*

A Phish or a Real Email

One of the problems about trying to teach people to avoid Phishing attacks is that the banks often use the exact same tactics that the phishers use. It is mind-numbingly stupid of them to do so, but still we see emails from banks that contain links in them. As a rule I tell people not

Spring Brings Tax-related Scams, Spams, Phish, Malware, and the IRS

Spring is here and that means scam artists are thinking about income taxes and the IRS. Not that scam artists pay income taxes, they just know taxes and any mention of the IRS is a good way to get your attention, which explains a steady stream of deceptive emails targeting tax-paying Americans who now have

Online Shopping and a Phishing Pheeding Phrenzy [3]

A shortened and updated version of the advice that David Harley and Andrew Lee gave to potential phish victims in an earlier paper. Part 3 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

PayPal Anti-Phishing – The Good, the Bad, and the Ugly

So, my recent blog about PayPal calling its own email phishing seems to have received a bit of attention. The Good In response, I got an email from their Principal Security Engineer who asked me for a copy of the email that was incorrectly identified as a phish so he could use it to help

Hackers phish for data with fake Apple Watch giveaway

Apple fans keen to get their hands on the Apple Watch are advised to think before they click, after hackers exploited a wave of enthusiasm around the launch with a phishing scam linked to a fake giveaway.

Bad password choices: don't miss the point

Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of

Copyright © 2017 ESET, All Rights Reserved.