America’s Nuclear Regulatory Commission was successfully attacked three times within the past hree years, by unknown attackers, some foreign – and largely using standard phishing emails.
A California oil company that lost thousands after being attacked by hackers has won $350,000 in a legal settlement after suing its bank.
[A shorter version of this article was originally published – without illustrations – on the Anti-Phishing Working Group’s eCrime blog.] Phishing attacks targeting academia aren’t the most high-profile of attacks, though they’re more common than you might think. Student populations in themselves constitute a sizeable pool of potential victims for money mule recruitment and other
A shortened and updated version of the advice that David Harley and Andrew Lee gave to potential phish victims in an earlier paper. Part 3 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.
Phishing scams and online shopping. Part 2 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.
Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of
Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later,
You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads
[UPDATE #1 at 12:15PM: Added more information about location of earthquake and prior scams. AG] We have just heard about the early September 4 (Saturday morning) earthquake near Christchurch, New Zealand, currently estimated at a Richter magnitude of 7.4. Our New Zealand distributor in Auckland is unaffected, but communications with the area are difficult. As with
We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities. The poisoned search term du jour is "erin andrews death threat". Apparently,
The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day. With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait
It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a
* http://en.wikipedia.org/wiki/Pushmi-pullyu#The_Pushmi-pullyu In an article in the Register with the eye-catching title of "Verified by Visa bitchslapped by Cambridge researchers", John Leyden comments on the argument by Cambridge researchers Ross Anderson and Steve Murdoch that the 3D Secure system, better known as Verified by Visa or Mastercard Securecode is better suited to shifting liability for