5 simple ways you can protect yourself from phishing attacks
With these top tips, you should have no trouble in keeping yourself protected against all sorts of phishing attacks.
phish
Spoofed URLs: Homograph Attacks Revisited
How homograph attacks can present a spoofed, malicious link, and a case where a secure connection doesn't guarantee a safe site.
Census Scams and ‘Grandparent Scams’
Two phone scams of a type that might be new to you: fake surveys asking dangerous questions, and a Londoning scam that seems to target seniors.
Amazon phishing scams hit over 750,000 Brits
Although phishing scams are something everyone should always be vigilant to, AppRiver has identified two specific Amazon types which are currently targeting the UK market, Tech Week Europe reports.
Phishing emails: U.S. nuke authority hit three times
America’s Nuclear Regulatory Commission was successfully attacked three times within the past hree years, by unknown attackers, some foreign - and largely using standard phishing emails.
California company sues bank over cybercrime, wins $350,000 settlement
A California oil company that lost thousands after being attacked by hackers has won $350,000 in a legal settlement after suing its bank.
Phear of Phishing
(All four blog articles in this series, of which this article is the last, are available as a single paper here: The_Thoughtful_Phisher_Revisited.) From the sort of ‘visit this link and update or we’ll cancel your account’ message that we saw in the previous blog in this series (The Less Thoughtful Phisher), it’s a short step
The Less Thoughtful Phisher
Less innovative than the scam mails described in my previous articles (Phish to phry and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is
The Thoughtful Phisher II
In the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some
Phish to phry: The Thoughtful Phisher Revisited…
[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a
![Online Shopping and a Phishing Pheeding Phrenzy [3]](https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/image151x103.jpg)
Online Shopping and a Phishing Pheeding Phrenzy [3]
A shortened and updated version of the advice that David Harley and Andrew Lee gave to potential phish victims in an earlier paper. Part 3 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.
Online Shopping and a Phishing Pheeding Phrenzy [2]
Phishing scams and online shopping. Part 2 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.
Online Shopping and a Phishing Pheeding Phrenzy
Basics of phishing. Part 1 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.
Bad password choices: don't miss the point
Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of
Phishing Using HTML and Intranet Security Settings
Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later,
Phishing and Taxes: a dead CERT?
ZeuS-related malware appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group).
Stolen password checking: a question of trust
How do you know a service is legitimate and safe? We all have to trust by proxy sometimes, but it just doesn't feel right to encourage people to accept reassuring statements as gospel.
Google Eye Phish: Bait Me A Hook In The Morning
...I've been seeing quite a few scrawny, toothless piranha mailed from email addresses that are often spoofed but invariably dubious like google.phishing.team@a_latvian_mail_provider.com...
Philosophical Phish
...this is a phish mailed out indiscriminately in the hope of catching a Xoom customer...
Phishphloods: Not all Phishing is Spear-Phishing
You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads