Microsoft reveals breach affecting webmail users
Some users of Microsoft’s web-based email services such as Outlook.com had their account information exposed in an incident that, as it later emerged, also impacted email contents
Attack at email provider wipes out almost two decades’ worth of data
Instead of financial gain or other, more usual, goals, the attacker leaves ‘scorched digital earth’ behind
Email security does not end with your password
A strong password is a great start, but there are more ways to make sure that your email is as secure as possible
I saw what you did…or did I?
It might seem legit but there are several reasons why you should not always hit the panic button when someone claims to have your email password
Researchers reveal flaws that may expose encrypted emails to prying eyes
A team of academics says that, if exploited, the vulnerabilities can reveal the plaintext of encrypted emails, including those sent years ago
Study: White House email domains at risk of being misused for phishing scams
Most of the White House's email domains have yet to deploy an email authentication protocol known as DMARC that is designed to reduce the risk of attackers impersonating legitimate email addresses for distributing spam or phishing messages.
Yahoo Mail falls victim to password hack
Yahoo has announced that its email system has recently been subject to a “coordinated effort to gain unauthorized access”.
SMSmishing Unabated: Best Buy targeted by fake gift card campaign
News of SMS (text) phishing scams are nothing new to readers of this blog. ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen
Phishing Using HTML and Intranet Security Settings
Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later,
Scary Halloween cyber pranks
I just looked in my junk box to find an “Amazing” sale on pirated software, but I have to act fast, as it’s only good until Halloween. My colleague Stephen Cobb points out the rate of effectiveness of scams would soar if the Nigerian scammers could afford a proof reader who spoke fluent English. David
Hacked account? Many users don’t even notice
A recent report from Commtouch finds about one third of Gmail, Yahoo, Hotmail and Facebook users even noticed when they were hacked, and more than half found out later after friends alerted them. This lag time provides a wide open window for scammers to use social engineering techniques to target more valuable targets, and harvest
Email Scam Resource
On Guard Online, has a number of other useful-looking pages, though I haven’t checked them all out personally: for example, talking to children about privacy and the internet, other forms of fraud and abuse, and social networking.
Shadows, Skinless Cats And Fired Up Bulls
There have been recent reports that University of Toronto researchers have been observing the workings of a cyber-espionage botnet. This botnet, called the "Shadow Network", appears to be a network that targeted government, business and academic computers at the United Nations and the Embassy of Pakistan in the US, among others including the Office of
The Return of Jacques Tits
It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a
Fake Conficker Alerts
Urban Schrott, IT Security & Cybercrime Analyst at ESET Ireland, reports seeing more e-mail pretending to be from Microsoft is circulating, "warning" computer users that "Conflicker" is again spreading rapidly. ESET's ThreatSense engine identifies the malware as Win32/Kryptik.CLU trojan, and running it would result in further malware infections. Here's an example Urban quotes of one
Webmail Hacks
Recently there were reports of tens of thousands of hotmail passwords being posted on the web. In reality Hotmail, Gmail, Yahoo mail, and all email services are regularly being phished. If you receive an email telling you to provide your password it is a phish. That is as simple as it gets. Never give out
Hotmail’s Delay May Facilitate Fraud
I received an email from an acquaintance this morning. It said: Please Urgent Needed Hello, How are you doing?hope all is well, I"m sorry that i didn’t inform you about my traveling to England for a Seminar.I need a favor from you as soon as you receive this e-mail because i misplaced my wallet
Is it my Business?
Do you ever use a public computer? Do you realize that potentially everything you type and read may be public information? I was checking a hotel business center computer this weekend. I found some interesting stuff. A military document for a local air force base. It wasn’t classified. The confidential test results for a semi-synthetic
Watch Out for “Michael Jackson” Hoaxes
The news broke a short time ago that pop star Michael Jackson died of a heart attack. It is all too predictable that the bad guys will use this news event to spam out fake videos or links to alleged pictures in order to trick users into installing their malicious software. If you receive an
That Wasn’t Your Sweetheart
Pierre Marc just posted about “Win32/Waledac for Valentine’s Day”. The fake greeting cards are an ongoing scam. As Pierre Marc indicated, this one is using polymorphism, which is a fancy way to say the malicious software disguises itself to look different each time someone encounters it. This is done to break signature based detection, which