In the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some
[A much shorter version of this article appeared in the October 2013 Threat Radar Report as 'The Thoughtful Phisher'. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a
It so happens that I live over 5,000 miles from the ESET North America office in San Diego, and so tend not to have water cooler conversations with the people located there. Of course, researchers working for and with ESET around the world maintain contact through the wonders of electronic messaging, but there are lots
Major companies such as Disney, Boeing and General Electric are still handing out information to “hackers” using the most basic tool of all – the human voice, according to a report on a competition at DefCon.
ESET researchers explain the difficulties in attribution of targeted attacks; evidence is often circumstantial and the source never positively identified.
Google claims to have spotted and disrupted several phishing campaigns in Iran – attempts to compromise tens of thousands of email accounts in the run-up to the country’s presidential elections this Friday.
Twitter has warned media companies that attacks on their official Twitter accounts are liable to continue, after Britain’s Guardian newspaper became the latest high-profile news site to fall victim.
Most cyber attacks are simple and predictable, relying on basic tactics and preventable employee errors, according to Verizon’s annual Data Breach Investigations Report. The problem is made worse by the fact that companies often take months or even years to detect such breaches.
Twitter accounts used by CBS News were compromised on Saturday – and began serving up bogus news stories with links to malware.
A three-day “cyber war” ended in victory for a team from the U.S. Air Force Academy, who beat off attacks from hackers from the National Security AGency in the 13th annual Cyber Defense Exercise (CDX).
Utility companies have been warned not to share information such as email addresses on company websites, after a spear-phishing attack on an American electricity company.
Malicious spam may still be spreading across Yahoo! Mail accounts. We show you how to turn on the added verification process that Yahoo! offers.
Issues with malware are always with us. There may or may not be a current media storm, or companies hoping for a slice of the anti-malware pie by proclaiming the death of antivirus in a press release, but AV labs continue to slog their way every day through tens of thousands of potentially malicious samples.
In the middle of working on a blog post about SMS phishing scams at my desk last night, I received a rather strange call. The number displayed on the Caller ID was +1 (360) 474-3925. I did not recognize the number, but since it was 7:10PM, I assumed it was a colleague trying to reach
News of SMS (text) phishing scams are nothing new to readers of this blog. ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen
At ESET, we spend a great deal of time researching the latest technologies and how they may be affected by frauds and scams. Sometimes these are “old fashioned” spam through email, or they may be programs like fake antivirus programs or ransomware. And we certainly have blogged extensively about PC support scams where the caller
Fraudsters continue to innovate their scam propagation methods. Again using Facebook and a pretense of a shocking video, they also utilize browser plugins to execute malicious scripts. We also see how the malware scene is intertwined, when the user is directed to a dubious Potentially Unwanted Application. Facebook auto-like scams have been commonplace on the
Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty. We will see increased interest in
Since yesterday’s Much Ado About Facebook post in the ESET Threat Blog, we have written additional articles, received a few comments, and also received updated information on the “threat,” so it seems that now is a good time for a follow-up article. Reports continue to come in of pornographic and violent imagery on Facebook, and