Yes, it is true, I am not making this up. I do not believe that PayPal has stolen anything from users, but they have told me that their own email is phishing. Here’s what happened. I sent them one of their own legitimate emails and told them it was a bad idea to include a
Frankly, I am really amazed that Craig’s list has not been much more attacked. They must be doing something right. Still, the opportunities for social engineering attacks seem quite bountiful to me. So far the majority of scams I have heard about involve old fashioned attacks, like having someone send an item they sold after
With the holiday purchasing season in full swing, expect to see a rise in PayPal phishing attacks. The bad guys know that there is a high likelihood of increased PayPal use. As we get closer to Christmas, the need for timely orders will increase. This will probably result in a lot more of the phishing
The much reported/blogged iPhone worm does not affect all iPhones. Specifically it affects SOME iPhones that have been jailbroken. A significant part of the iPhone and iPod Touch security model is a technique called “whitelisting”. This is not new and is known to be a very effective security technology that can be used to prevent
Yes, the time is now here for Thanksgiving e-Cards. Before you click on a link to go get your eCard, make sure that your operating system is fully patched. Even if you use automatic updates, it’s a good idea to go to update.microsoft.com and make sure you’re fully patched. Next try out the Secunia vulnerability
I wanted to share with you some more results from the cybercrime survey ESET commission and recently released. You can find the entire report at http://www.eset.com/company/CERC_Poll_2009_Oct.pdf. 57% of American computer owners now bank online, however the more money a person makes the more likely they are to bank online. 2/3rds of computer owners who earn
An Australian company claims to have launched a “virus-proof” computer. They even say “ A fast, easy to use, computer that never gets viruses, EVER !” and then on the same page say “In the rare event that you manage to catch a virus on your virus-proof computer, we will re-load both Zone 1 and
Cyber Monday is the Monday that follows Thanksgiving in the USA. This is said to be the busiest online shopping day of the year. Does that mean that there is more risk of cybercrime? The answer is yes and no. There is more risk simply because more people are shopping online so malicious web pages,
Recently I blogged (Once Upon A Cybercrime…) about a survey ESET commissioned which indicated that Mac users are victims of cybercrime as often as PC users. This finding was not the main point of the survey, but was an interesting finding. The survey is titled “Securing Our e-City National Cybercrime Survey” and was commissioned to
Remember Microsoft Bob? It was a shiny new windowing system on top of a windows kernel. Now Google is announcing the imminent release of the Chrome OS which, according to the official Google blog http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html is a new windowing system on top of a Linux kernel. So is it an OS or a GUI? Chrome
Recently ESET commissioned Competitive Edge Research and Communications, Inc. to conduct a study about attitudes, beliefs, and experiences of Americans with respect to cybercrime. There were some interesting results. One of the findings is that most American’s are not aware that cybercrime is linked to organized crime. Viruses and Trojans are no longer the purview
Today I read an article in the National Journal concerning cyberwarfare. You can read the article at http://www.nationaljournal.com/njmagazine/cs_20091114_3145.php. I think people have some misconceptions about “cyberwar”. There isn’t going to be a war, at least anytime soon which is fought with only computers. Computers are simply being used as a weapon in conjunction with traditional
I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was
Specifically spear-phishing, where the target is deliberately selected, as opposed to a random untargeted attack. An article at Dark Reading.com discusses the entirely unsurprising results of a test that concluded that the iPhone, BlackBerry, and Palm have essentially no protection against spear-phishing attacks. http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=221100150&cid=nl_DR_WEEKLY_T LinkedIn was used as the service to send a fake invitation
For many years banks and credit card vendors have accepted that there will be some amount of fraud and built those costs in to the operational model. The thinking goes that if the loss is small enough then it isn’t worth pursuing so they simply pass the cost on to the public through fee structures,
One of the problems about trying to teach people to avoid Phishing attacks is that the banks often use the exact same tactics that the phishers use. It is mind-numbingly stupid of them to do so, but still we see emails from banks that contain links in them. As a rule I tell people not
Oh brother, don’t tell me you fell for that one! All capital letters, lots of exclamation marks, the classic signs of bad news. Yeah, Halloween is around the corner and it is about time for the fake e-cards to make their rounds and the emails with links to “videos” that are not really videos at
Comcast has announced that they are trialing a new service that alerts users when their computers are infected. You can read about it here: http://news.cnet.com/8301-27080_3-10370996-245.html. Essentially what happens is that when Comcast notices traffic that looks like bot related traffic they will pop up a message on the subscriber’s computer that indicates there is a
October is National Cyber Security month. Groups like the National Cyber Security Alliance are promoting awareness of cyber security. On Tuesday at 11 AM Eastern Daylight Time (8 AM PDT and 4 PM GMT) Department of Homeland Defense Secretary Janet Napolitano will be giving a speech that will be broadcast live at www.dhs.gov. The Secretary
We received an interesting comment in reply to the blog post http://www.eset.com/threat-center/blog/2009/10/13/phishing-the-fbi-and-terror. Joseph A’Deo, who apparently works for Verisign, mentioned the use of extended validation SSL (EV SSL). I am sure that some of you are familiar with EV SSL. Some of you have seen the results of it and perhaps not noticed. Some of
