search result

Phish Phood for Thought

In 2007, David Harley and Andrew Lee suggested at Virus Bulletin that poorly-designed phish quizzes did more harm than good. Has the picture changed much?

Philosophical Phish

…this is a phish mailed out indiscriminately in the hope of catching a Xoom customer…

Phish Allergy – Recognizing Phishing Messages

While phishing-related malware is still mostly Windows targeting, attacks that rely purely on social engineering and fake web sites might be delivered by any platform, including smartphones and tablets. The more cautious you are, the better informed you are, and the more you think before you click, the more chance you have of leaving phishing craft stranded.

Google Eye Phish: Bait Me A Hook In The Morning

…I’ve been seeing quite a few scrawny, toothless piranha mailed from email addresses that are often spoofed but invariably dubious like google.phishing.team@a_latvian_mail_provider.com…

Phish Phlags

Here’s a phish one of ESET’s partners drew our attention to: it’s aimed at users of Maybank (http://www.maybank2u.com), the largest financial services group in Malaysia. The scam is somewhat more elaborate than many we see, and it’s worth a little analysis to see what flags we can extract from it for spotting a phisher at work From: Maybank

Bumper Phish Phry or a Drop in the Bucket?

We’re very interested in the whole Phishing problem, not just the malware/banking Trojans side of the issue. So while free publicity for job sites is not exactly the business we’re in, I thought you might find this item interesting. The PhishBucket site describes itself as a  nonprofit organization dedicated to protecting job seekers from fraudulent

Phish to phry: The Thoughtful Phisher Revisited…

[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a

LinkedIn Phish – So Easy to Avoid

Security vendor Trusteer blogged about a wave of fake LinkedIn emails that download malware on to your computer. The images Trusteer shows of the phish demonstrate how tricky the criminals are and how authentic the message looks, yet just yesterday I shared with you a foolproof method to prevent yourself from falling victim to such

Premium Phish

Our IT Director shared a phishing email with me noting how professional it looked. While professionals, such as our IT director would not be fooled by a phish like this, many people would be fooled. A picture of the body of the email is below. The “from” address would fool many people. The “to” address

Netflix phish, tech support scam, same phrying pan

Yet another innovative tech support scam, using Netflix phishing to get remote access to the victim’s system.

How cybercriminals ‘market’ email attacks – and why LinkedIn lures are today’s prize phish

Cybercriminals ‘manage’ phishing emails using techniques similar to those used by marketing agencies, including the use of ‘test audiences’ to see how effective a particular email is, according to an email security specialist.

Big phish, small pond: How to stay safe from SMS phishing scams

Phishing emails are a sad fact of life, and most of us are used to dealing with them – but cybercriminals are increasingly turning to SMS to reel in their victims. Our tips should help you avoid clicking something you’ll regret.

A Phish or a Real Email

One of the problems about trying to teach people to avoid Phishing attacks is that the banks often use the exact same tactics that the phishers use. It is mind-numbingly stupid of them to do so, but still we see emails from banks that contain links in them. As a rule I tell people not

Online Shopping and a Phishing Pheeding Phrenzy [3]

A shortened and updated version of the advice that David Harley and Andrew Lee gave to potential phish victims in an earlier paper. Part 3 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

PayPal Anti-Phishing – The Good, the Bad, and the Ugly

So, my recent blog about PayPal calling its own email phishing seems to have received a bit of attention. The Good In response, I got an email from their Principal Security Engineer who asked me for a copy of the email that was incorrectly identified as a phish so he could use it to help

Hackers phish for data with fake Apple Watch giveaway

Apple fans keen to get their hands on the Apple Watch are advised to think before they click, after hackers exploited a wave of enthusiasm around the launch with a phishing scam linked to a fake giveaway.

Bad password choices: don't miss the point

Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of

The Less Thoughtful Phisher

Less innovative than the scam mails described in my previous articles (Phish to phry  and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is

Online Shopping and a Phishing Pheeding Phrenzy

Basics of phishing. Part 1 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

Twitter Security: Tweetie Pie Panic

[Update info moved to new blog post on 6th January] In deference to all those old enough to get a panic attack when reminded of how bad pop music was capable of being in the 1970s, I’ll try to overcome by the urge to mention "Chirpy Chirpy Tweet Tweet". Anyway, to business. Having all the

Copyright © 2016 ESET, All Rights Reserved.