A team of academics says that, if exploited, the vulnerabilities can reveal the plaintext of encrypted emails, including those sent years ago
Most of the White House's email domains have yet to deploy an email authentication protocol known as DMARC that is designed to reduce the risk of attackers impersonating legitimate email addresses for distributing spam or phishing messages.
Yahoo has announced that its email system has recently been subject to a “coordinated effort to gain unauthorized access”.
News of SMS (text) phishing scams are nothing new to readers of this blog. ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen
Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later,
I just looked in my junk box to find an “Amazing” sale on pirated software, but I have to act fast, as it’s only good until Halloween. My colleague Stephen Cobb points out the rate of effectiveness of scams would soar if the Nigerian scammers could afford a proof reader who spoke fluent English. David
A recent report from Commtouch finds about one third of Gmail, Yahoo, Hotmail and Facebook users even noticed when they were hacked, and more than half found out later after friends alerted them. This lag time provides a wide open window for scammers to use social engineering techniques to target more valuable targets, and harvest
On Guard Online, has a number of other useful-looking pages, though I haven’t checked them all out personally: for example, talking to children about privacy and the internet, other forms of fraud and abuse, and social networking.
There have been recent reports that University of Toronto researchers have been observing the workings of a cyber-espionage botnet. This botnet, called the "Shadow Network", appears to be a network that targeted government, business and academic computers at the United Nations and the Embassy of Pakistan in the US, among others including the Office of
It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a
Urban Schrott, IT Security & Cybercrime Analyst at ESET Ireland, reports seeing more e-mail pretending to be from Microsoft is circulating, "warning" computer users that "Conflicker" is again spreading rapidly. ESET's ThreatSense engine identifies the malware as Win32/Kryptik.CLU trojan, and running it would result in further malware infections. Here's an example Urban quotes of one
Recently there were reports of tens of thousands of hotmail passwords being posted on the web. In reality Hotmail, Gmail, Yahoo mail, and all email services are regularly being phished. If you receive an email telling you to provide your password it is a phish. That is as simple as it gets. Never give out
I received an email from an acquaintance this morning. It said: Please Urgent Needed Hello, How are you doing?hope all is well, I"m sorry that i didn’t inform you about my traveling to England for a Seminar.I need a favor from you as soon as you receive this e-mail because i misplaced my wallet
Do you ever use a public computer? Do you realize that potentially everything you type and read may be public information? I was checking a hotel business center computer this weekend. I found some interesting stuff. A military document for a local air force base. It wasn’t classified. The confidential test results for a semi-synthetic
The news broke a short time ago that pop star Michael Jackson died of a heart attack. It is all too predictable that the bad guys will use this news event to spam out fake videos or links to alleged pictures in order to trick users into installing their malicious software. If you receive an
Pierre Marc just posted about “Win32/Waledac for Valentine’s Day”. The fake greeting cards are an ongoing scam. As Pierre Marc indicated, this one is using polymorphism, which is a fancy way to say the malicious software disguises itself to look different each time someone encounters it. This is done to break signature based detection, which
As talk goes on in Washington DC about a 2009 Stimulus payment, the phisher are still trying to exploit the 2008 stimulus program. One such attack claims to be the secure way to get your stimulus payment. There was only one secure way to do that, and it was by going through the IRS. There
“What hath God wrought?” were the contents of the first ever telegraph message. http://memory.loc.gov/ammem/today/may24.html An ominous message that would seem to reveal that Samuel Morse understood some security implications of technology, except, it was his friend’s young daughter who appears to have suggested the biblical verse. Perhaps “What hath God wrought” would have been a
I recently received an email stating “It is a privilege to inform you that you are being considered for inclusion into the 2009/2010 Princeton Premier Honors Edition Registry. This recognition is an honor shared by only the most accomplished professionals who have demonstrated excellence within their careers and communities.” I had always assumed these were
Welcome to prime-time scam season. This is when the advertisements for taxes in the USA really start to pick up. Granted, they go on all year long, but now is when we traditionally see an increase in volume. There are a variety of such scams. The worst of the scams are the phishing attacks. If