In just a couple of weeks you will be out of time to shop online and have that gift delivered in time for the holiday. I expect that there will be a surge in phishing attacks designed to take advantage of the panic factor. You get an email that says something to the effect that
So, my recent blog about PayPal calling its own email phishing seems to have received a bit of attention. The Good In response, I got an email from their Principal Security Engineer who asked me for a copy of the email that was incorrectly identified as a phish so he could use it to help
December 3, 2009, marked the 150th episode of the Malware Report Podcast (http://www.eset.com/podcasts). We talk about a lot more than malware and for the 150th we invited Marcus Sachs, director of the SANS Internet Storm Center to be our special guest to chat about the current cyber security landscape as well as the government’s role
Yes, it is true, I am not making this up. I do not believe that PayPal has stolen anything from users, but they have told me that their own email is phishing. Here’s what happened. I sent them one of their own legitimate emails and told them it was a bad idea to include a
Frankly, I am really amazed that Craig’s list has not been much more attacked. They must be doing something right. Still, the opportunities for social engineering attacks seem quite bountiful to me. So far the majority of scams I have heard about involve old fashioned attacks, like having someone send an item they sold after
With the holiday purchasing season in full swing, expect to see a rise in PayPal phishing attacks. The bad guys know that there is a high likelihood of increased PayPal use. As we get closer to Christmas, the need for timely orders will increase. This will probably result in a lot more of the phishing
The much reported/blogged iPhone worm does not affect all iPhones. Specifically it affects SOME iPhones that have been jailbroken. A significant part of the iPhone and iPod Touch security model is a technique called “whitelisting”. This is not new and is known to be a very effective security technology that can be used to prevent
Yes, the time is now here for Thanksgiving e-Cards. Before you click on a link to go get your eCard, make sure that your operating system is fully patched. Even if you use automatic updates, it’s a good idea to go to update.microsoft.com and make sure you’re fully patched. Next try out the Secunia vulnerability
I wanted to share with you some more results from the cybercrime survey ESET commission and recently released. You can find the entire report at http://www.eset.com/company/CERC_Poll_2009_Oct.pdf. 57% of American computer owners now bank online, however the more money a person makes the more likely they are to bank online. 2/3rds of computer owners who earn
An Australian company claims to have launched a “virus-proof” computer. They even say “ A fast, easy to use, computer that never gets viruses, EVER !” and then on the same page say “In the rare event that you manage to catch a virus on your virus-proof computer, we will re-load both Zone 1 and
Cyber Monday is the Monday that follows Thanksgiving in the USA. This is said to be the busiest online shopping day of the year. Does that mean that there is more risk of cybercrime? The answer is yes and no. There is more risk simply because more people are shopping online so malicious web pages,
Recently I blogged (Once Upon A Cybercrime…) about a survey ESET commissioned which indicated that Mac users are victims of cybercrime as often as PC users. This finding was not the main point of the survey, but was an interesting finding. The survey is titled “Securing Our e-City National Cybercrime Survey” and was commissioned to
Remember Microsoft Bob? It was a shiny new windowing system on top of a windows kernel. Now Google is announcing the imminent release of the Chrome OS which, according to the official Google blog http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html is a new windowing system on top of a Linux kernel. So is it an OS or a GUI? Chrome
Recently ESET commissioned Competitive Edge Research and Communications, Inc. to conduct a study about attitudes, beliefs, and experiences of Americans with respect to cybercrime. There were some interesting results. One of the findings is that most American’s are not aware that cybercrime is linked to organized crime. Viruses and Trojans are no longer the purview
Today I read an article in the National Journal concerning cyberwarfare. You can read the article at http://www.nationaljournal.com/njmagazine/cs_20091114_3145.php. I think people have some misconceptions about “cyberwar”. There isn’t going to be a war, at least anytime soon which is fought with only computers. Computers are simply being used as a weapon in conjunction with traditional
I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was
Specifically spear-phishing, where the target is deliberately selected, as opposed to a random untargeted attack. An article at Dark Reading.com discusses the entirely unsurprising results of a test that concluded that the iPhone, BlackBerry, and Palm have essentially no protection against spear-phishing attacks. http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=221100150&cid=nl_DR_WEEKLY_T LinkedIn was used as the service to send a fake invitation
For many years banks and credit card vendors have accepted that there will be some amount of fraud and built those costs in to the operational model. The thinking goes that if the loss is small enough then it isn’t worth pursuing so they simply pass the cost on to the public through fee structures,
One of the problems about trying to teach people to avoid Phishing attacks is that the banks often use the exact same tactics that the phishers use. It is mind-numbingly stupid of them to do so, but still we see emails from banks that contain links in them. As a rule I tell people not
Oh brother, don’t tell me you fell for that one! All capital letters, lots of exclamation marks, the classic signs of bad news. Yeah, Halloween is around the corner and it is about time for the fake e-cards to make their rounds and the emails with links to “videos” that are not really videos at
