Phishing

LinkedIn security woes – and what to do about it

This morning when I logged into LinkedIn I was greeted with several front page references to the reported hacking of the site, and instructions for changing my password, which I did immediately. This is a good time to change all of your social media passwords, making sure you create a fresh password that is hard

Phishing Using HTML and Intranet Security Settings

Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later,

CeCOS VI: The Counter eCrime Operations Summit

CeCOS, to be held in Prague between 25-27 April,will again look at operational issues and the development of communal resources for first responders and forensic professionals.

Spring Brings Tax-related Scams, Spams, Phish, Malware, and the IRS

Spring is here and that means scam artists are thinking about income taxes and the IRS. Not that scam artists pay income taxes, they just know taxes and any mention of the IRS is a good way to get your attention, which explains a steady stream of deceptive emails targeting tax-paying Americans who now have

Facebook’s Gross Video Scam: Watch the rest of the story

Scumbags posts links on Facebook that can lead to malware infected websites, phishing forms, identity theft, financial losses, or worse. One hopes that all Facebook users have been warned about this by now, but how many have seen what these scams look like in action? When security experts advise "Do not click" with respect to

Scary Halloween cyber pranks

I just looked in my junk box to find an “Amazing” sale on pirated software, but I have to act fast, as it’s only good until Halloween. My colleague Stephen Cobb points out the rate of effectiveness of scams would soar if the Nigerian scammers could afford a proof reader who spoke fluent English. David

Gaddafi search poisoning

Here’s an example of search poisoning somewhat similar to that predicted by Stephen Cobb. It uses the death of Gaddafi as a hook, as noted by our colleague Raphael Labaca Castro.

Google Eye Phish: Bait Me A Hook In The Morning

…I’ve been seeing quite a few scrawny, toothless piranha mailed from email addresses that are often spoofed but invariably dubious like google.phishing.team@a_latvian_mail_provider.com…

Do you Use Tumblr? Beware!

Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it. According to the article, hijacked web pages of Tumbler users

New your.brand domain names to increase phishing?

ICANN has just approved a new batch of individualized TLD’s (Top Level Domains), so now you can register your.brand, whatever yourbrand is, instead of the usual yourbrand.com, .net, etc., if you can prove to ICANN you deserve it. The problem? Users tricked by similar looking domain names have long been a boon for phishing exploits,

LinkedIn Phish – So Easy to Avoid

Security vendor Trusteer blogged about a wave of fake LinkedIn emails that download malware on to your computer. The images Trusteer shows of the phish demonstrate how tricky the criminals are and how authentic the message looks, yet just yesterday I shared with you a foolproof method to prevent yourself from falling victim to such

Social engineers don’t care about your OS: and nor should you

Security companies in general and, unfortunately, anti-malware companies in particular, are often accused of ‘hyping’ threats because of a perceived self-interest. However, in the main, legitimate vendors and researchers like those at ESET typically try to resist overhyping or playing up threats where possible, in favor of more balanced discussion that can help customers take

Phishphloods: Not all Phishing is Spear-Phishing

You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads

Spearphishing APT-itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack.  Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself

How to Avoid a Phishing Attack

With the breach of Epsilon, we are going to see a huge influx of phishing attacks before it settles back down to the normal level of tons of phishing attacks. So you aren’t a computer expert, how do you protect yourself? Don't worry about spotting the phish, it is more important that you do not

Inside a phishing attack: 35 credit cards in 5 hours

Phishing attacks have grown steadily in recent years, becoming a highly profitable attack for cyber criminals. In ESET Latin America’s Laboratory, we are used to finding and informing about phishing attack outbreaks in our region. A few days ago, we found a new case of phishing, for which we investigated the effectiveness of the attack.

Why do phishing attacks work better on mobile phones?

During my regular reading on the main feeds on information security this week, I found a small and particular news that, I consider, invites us to think about it. It turns out that according to a post by Mickey Boodaei, CEO of Trusteer, mobile phones users are three times more likely to become victims of

Is it the iPhone or the User?

The folks at Trusteer got their hands on the logs from some phishing sites and found that people using iPhones are more likely to fall for phishing attacks than users of other devices, including PCs. Some of the findings included: Mobile users get to the phishing site sooner than PC users. Mobile users are 3

Premium Phish

Our IT Director shared a phishing email with me noting how professional it looked. While professionals, such as our IT director would not be fooled by a phish like this, many people would be fooled. A picture of the body of the email is below. The “from” address would fool many people. The “to” address

Earthquake in New Zealand likely to bring cybershocks

[UPDATE #1 at 12:15PM:  Added more information about location of earthquake and prior scams. AG] We have just heard about the early September 4 (Saturday morning) earthquake near Christchurch, New Zealand, currently estimated at a Richter magnitude of 7.4. Our New Zealand distributor in Auckland is unaffected, but communications with the area are difficult. As with

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
06 Jun 2012
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.