Top tips to help you avoid being caught receiving or sending phishing-looking emails
With these top tips, you should have no trouble in keeping yourself protected against all sorts of phishing attacks.
How homograph attacks can present a spoofed, malicious link, and a case where a secure connection doesn't guarantee a safe site.
Two phone scams of a type that might be new to you: fake surveys asking dangerous questions, and a Londoning scam that seems to target seniors.
Although phishing scams are something everyone should always be vigilant to, AppRiver has identified two specific Amazon types which are currently targeting the UK market, Tech Week Europe reports.
America’s Nuclear Regulatory Commission was successfully attacked three times within the past hree years, by unknown attackers, some foreign - and largely using standard phishing emails.
A California oil company that lost thousands after being attacked by hackers has won $350,000 in a legal settlement after suing its bank.
(All four blog articles in this series, of which this article is the last, are available as a single paper here: The_Thoughtful_Phisher_Revisited.) From the sort of ‘visit this link and update or we’ll cancel your account’ message that we saw in the previous blog in this series (The Less Thoughtful Phisher), it’s a short step
Less innovative than the scam mails described in my previous articles (Phish to phry and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is
In the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some
[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a
A shortened and updated version of the advice that David Harley and Andrew Lee gave to potential phish victims in an earlier paper. Part 3 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.
Phishing scams and online shopping. Part 2 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.
Basics of phishing. Part 1 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.
Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of
Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later,
ZeuS-related malware appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group).
How do you know a service is legitimate and safe? We all have to trust by proxy sometimes, but it just doesn't feel right to encourage people to accept reassuring statements as gospel.
...I've been seeing quite a few scrawny, toothless piranha mailed from email addresses that are often spoofed but invariably dubious like google.phishing.team@a_latvian_mail_provider.com...
...this is a phish mailed out indiscriminately in the hope of catching a Xoom customer...