Articles about phishing

Piranha fish pattern illustration

Phishing scum going legit to beat browser warnings

Browser-makers' decision to put big red warning lights in the faces of users when they hit sites too slack to use HTTPS is backfiring a little, as crooks are accelerating their use of encryption. So says Netcraft, which has turned its web server probes onto phishing sites in the wake of Chrome 56 and Firefox 51 adding warnings …
Simon Sharwood, 19 May 2017
Piranha fish pattern illustration

DocuSign forged – crooks crack email system and send nasties

Electronic signatures outfit DocuSign has warned world+dog that one of its email systems was cracked by phisherpholk. The company has of late reported an extensive phishing campaign that sees messages with the subject line “Completed *company name* - Accounting Invoice *number* Document Ready for Signature” land in plenty of …
Simon Sharwood, 16 May 2017

Team Macron praised for feeding phishing spies duff info

Emmanuel Macron's campaign team reportedly used fake logins and docs to waste hacker resources and frustrate phishing attempts. Although the newly elected French president's campaign was still hacked before the release of emails and other information last Friday, Team Macron's interference tactics have been heralded by at …
John Leyden, 8 May 2017

FireEye calls Shim-anigans: Bank-raiding hackers switch tactics

A group of money-grabbing cybercrooks have switched up their tactics in a pretty interesting way, we're told. Buckle up and let us explain. FIN7, whose stock in trade is targeting financial institutions through phishing emails, previously relied on a malicious Windows service to plant the Carbanak backdoor on targeted systems …
John Leyden, 5 May 2017
phishing

Don't click that Google Docs link! Gmail hijack mail spreads like wildfire

Final update If you get an email today sharing a Google Docs file with you, don't click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker. The phishing campaign really kicked off in a big way on Wednesday morning, US West Coast time. The malicious email contains what appears to be a link to a …
Iain Thomson, 3 May 2017

324 typo-squat domains found impersonating Natwest, HSBC and co

Hackers are abusing the trademarked names of five of the UK's top high street banks. Security researchers at DomainTools have identified 324 "high risk" domains mimicking Barclays, HSBC, Natwest, Lloyds and Standard Chartered. Crooks often use domains masquerading as legitimate brands to run phishing scams that trick …
John Leyden, 3 May 2017
phishing_648

Seven in ten UK unis admit being duped by phishing attacks

Seven in ten UK universities have admitted falling victim to a phishing attack in which an individual has been tricked into disclosing personal details via an email purporting to be from a trusted source. The figure comes from a Freedom of Information (FoI) request by Duo Security to 70 universities across the UK, of which 51 …
John Leyden, 27 Apr 2017
shutterstock_206717503

Kremlin-backed DNC hackers going after French presidential hopeful Macron

The Russian cyberespionage group blamed for the infamous US Democratic National Committee email leak launched targeted phishing attacks against French presidential candidate Emmanuel Macron's campaign as recently as last month. Security researchers at Trend Micro warn that the APT28 crew have also targeted Germany's Christian …
John Leyden, 25 Apr 2017
phishing

UK.gov survey shines light on cybersecurity threats to businesses

Phishing and ransomware remain the most pressing security threats for UK business, according to a government-backed survey out Wednesday. The survey, commissioned by the Department for Culture, Media and Sport, found that the most common types of breaches are related to staff receiving fraudulent emails (in 72 per cent of …
John Leyden, 19 Apr 2017
Russian hacking

That apple.com link you clicked on? Yeah, it's actually Russian

Click this link (don't fret, nothing malicious). Chances are your browser displays "apple.com" in the address bar. What about this one? Goes to "epic.com," right? Wrong. They are in fact carefully crafted but entirely legitimate domains in non-English languages that are designed to look exactly the same as common English words …
Kieren McCarthy, 18 Apr 2017

Machine vs. machine battle has begun to de-fraud the internet of lies

A long-ago cartoon in The New Yorker put it plainly: "On the Internet, nobody knows you’re a dog." If that cartoon had been written today, the caption might have read, "On the Internet, nobody knows you’re a fraud." Scam artists, snake oil salesmen, sock puppets, bot armies and bullies - every time we look up, it seems as …
Mark Pesce, 10 Apr 2017

Financial fraud losses in the UK last year topped £20m a day – report

Financial fraud losses in the UK totalled £768.8m in 2016, up 2 per cent on 2015, according to Financial Fraud Action UK. The figures, released on Thursday, cover losses from scams involving payment cards, remote (internet and telephone) banking and cheques. They also show that £1.38bn – equivalent to £6.40 in every £10 – of …
John Leyden, 30 Mar 2017
shutterstock_300234617-signal

Fake mobile base stations spreading malware in China

Chinese phishing scum are deploying fake mobile base stations to spread malware in text messages that might otherwise get caught by carriers. The Android scumware being spread isn’t new to China: known as the “Swearing Trojan” because of profanities in code comments, its authors are already under arrest. But the fake base …

Bloke, 48, accused of whaling two US tech leviathans out of $100m

Evaldas Rimasauskas, a 48-year-old Lithuanian man, has been charged with defrauding two major US-based internet companies for more than $100m through whaling attacks. Rimasauskas, from Vilnius, was arrested late last week by Lithuanian authorities on the basis of a provisional arrest warrant, according to the US Department of …

Instagram phishing apps pulled from Google Play

Security researchers have discovered 13 new Instagram credential-stealing apps on Google Play. The malicious apps, which pose as tools for either managing or boosting Instagram follower numbers, are actually designed to phish for Instagram credentials. The stolen credentials allow hackers to abuse compromised accounts in order …
John Leyden, 9 Mar 2017
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Phishing: Another thing we can blame on Brexit

Ransomware attacks are increasingly focusing on organisations that are more likely to pay up, such as healthcare, government, critical infrastructure, education, and small businesses. Phishing volume grew by an average of more than 33 per cent across the five most-targeted industries, according to a study by PhishLabs out …
John Leyden, 7 Feb 2017
granny

We need to talk about Granny: She's way more likely to fall for phishing

Usenix Enigma 2017 Research has shown that older people – particularly older women – are more susceptible to phishing scams. You may think our oldies are more suspicious of strangers, but that's sadly not the case. The study was presented at the Enigma 2017 conference by Daniela Oliveira, a professor in the department of computer engineering at …
Iain Thomson, 1 Feb 2017

It's that time of the year again: Texas school district blabs staff tax documents to phishers

A school district in Texas says it lost sensitive tax information from every worker after a single employee was duped by a phishing attack. Dallas-Fort Worth news station NBC5 reports that the Argyle school district is warning its workers that their W-2 tax forms were lost in a phishing attack. (Workers in America have just …
Shaun Nichols, 25 Jan 2017

Create a news alert about phishing, or find more stories about phishing.

Biting the hand that feeds IT © 1998–2017