Phishing

PayPal and Phishing Continued: Grooming Phish Victims

In view of some of the discussion generated by Randy's blog on PayPal's "confession" of "phishing", it's refreshing to see a straightforward summary of the issue from the estimable Larry Seltzer for PC Mag (see http://blogs.pcmag.com/securitywatch/2009/12/paypal_admits_to_phishing_its.php?sms_ss=twitter). PayPal's view of the issue seems equivocal. They've gone to some lengths to dismiss this issue as the agenda of

PayPal Admits to Phishing Users

Yes, it is true, I am not making this up. I do not believe that PayPal has stolen anything from users, but they have told me that their own email is phishing. Here’s what happened. I sent them one of their own legitimate emails and told them it was a bad idea to include a

The Perils of Craig’s List

Frankly, I am really amazed that Craig’s list has not been much more attacked. They must be doing something right. Still, the opportunities for social engineering attacks seem quite bountiful to me. So far the majority of scams I have heard about involve old fashioned attacks, like having someone send an item they sold after

PayPal Phishing

With the holiday purchasing season in full swing, expect to see a rise in PayPal phishing attacks. The bad guys know that there is a high likelihood of increased PayPal use. As we get closer to Christmas, the need for timely orders will increase. This will probably result in a lot more of the phishing

The Blame Game

I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was

A Phish or a Real Email

One of the problems about trying to teach people to avoid Phishing attacks is that the banks often use the exact same tactics that the phishers use. It is mind-numbingly stupid of them to do so, but still we see emails from banks that contain links in them. As a rule I tell people not

Extended Validation SSL

  We received and interesting comment in reply to the blog post http://www.eset.com/threat-center/blog/2009/10/13/phishing-the-fbi-and-terror. Joseph A’Deo, who apparently works for Verisign, mentioned the use of extended validation SSL (EV SSL). I am sure that some of you are familiar with EV SSL. Some of you have seen the results of it and perhaps not noticed. Some

Phishing, the FBI, and Terror

In a recent speech given by Robert S. Mueller, III, Director of the FBI, he claimed that he had almost been the victim of a phishing attack targeting his bank account. Mueller went on to say that at his wife insistence he has since given up on-line banking. The article I saw was http://www.eweek.com/c/a/Security/FBI-Director-Nearly-Hooked-in-Phishing-Scam-Swears-Off-Online-Banking-616671/. It’s

The Truth About Cybercrime

I was quoted last month in an article at PC Retail (http://www.pcr-online.biz/features/305/The-truth-about-cyber-crime), which is nice. However, I just came across the notes I made at the time of the original enquiry/interview, most of which wasn’t used, so here are my full responses to the questions Andrew Wooden asked, in case they’re of interest. (Actually, they’re slightly expanded and I’ve

Cybersecurity Awareness Month – Awareness for the Next Generation

"Now may I suggest some of the things we must do if we are to make the American dream a reality. First, I think all of us must develop a world perspective if we are to survive. The American dream will not become a reality devoid of the larger dream of brotherhood and peace and

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2013 ESET, All Rights Reserved.