Articles about phishing

shutterstock_300234617-signal

Fake mobile base stations spreading malware in China

Chinese phishing scum are deploying fake mobile base stations to spread malware in text messages that might otherwise get caught by carriers. The Android scumware being spread isn’t new to China: known as the “Swearing Trojan” because of profanities in code comments, its authors are already under arrest. But the fake base …

Bloke, 48, accused of whaling two US tech leviathans out of $100m

Evaldas Rimasauskas, a 48-year-old Lithuanian man, has been charged with defrauding two major US-based internet companies for more than $100m through whaling attacks. Rimasauskas, from Vilnius, was arrested late last week by Lithuanian authorities on the basis of a provisional arrest warrant, according to the US Department of …

Instagram phishing apps pulled from Google Play

Security researchers have discovered 13 new Instagram credential-stealing apps on Google Play. The malicious apps, which pose as tools for either managing or boosting Instagram follower numbers, are actually designed to phish for Instagram credentials. The stolen credentials allow hackers to abuse compromised accounts in order …
John Leyden, 9 Mar 2017
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Phishing: Another thing we can blame on Brexit

Ransomware attacks are increasingly focusing on organisations that are more likely to pay up, such as healthcare, government, critical infrastructure, education, and small businesses. Phishing volume grew by an average of more than 33 per cent across the five most-targeted industries, according to a study by PhishLabs out …
John Leyden, 7 Feb 2017
granny

We need to talk about Granny: She's way more likely to fall for phishing

Usenix Enigma 2017 Research has shown that older people – particularly older women – are more susceptible to phishing scams. You may think our oldies are more suspicious of strangers, but that's sadly not the case. The study was presented at the Enigma 2017 conference by Daniela Oliveira, a professor in the department of computer engineering at …
Iain Thomson, 1 Feb 2017

It's that time of the year again: Texas school district blabs staff tax documents to phishers

A school district in Texas says it lost sensitive tax information from every worker after a single employee was duped by a phishing attack. Dallas-Fort Worth news station NBC5 reports that the Argyle school district is warning its workers that their W-2 tax forms were lost in a phishing attack. (Workers in America have just …
Shaun Nichols, 25 Jan 2017
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Brilliant phishing attack probes sent mail, sends fake attachments

UPDATE An newly-detected Gmail phishing attack sees criminals hack and then rifle through inboxes to target account owners' contacts with thoroughly convincing fake emails. The new attack uses the file names of sent attachments and applies that name into new attachments that appear to be PDFs but are actually images that, when …
Darren Pauli, 16 Jan 2017

Autocomplete a novel phishing hole for Chrome, Safari crims

Phishers have a new tool in their arsenal with the discovery that web browsers Chrome and Safari along with LastPass will autofill hidden registration form fields. Finnish web developer Viljami Kuosmanen discovered the flaws affecting the world's most popular browser, along with Apple's offering. The attack vector is manifest …
Darren Pauli, 10 Jan 2017
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Dodgy dealer on Amazon lures marks towards phishing site

Amazon UK customers would do well to be vigilant about the post-holiday deals they find on the retail site following the discovery of a sophisticated scam. A rogue merchant, called Sc-Elegance, is primarily offering high-end electronics, advertising them as "used – like new" at significantly lower costs than in the shops. …
John Leyden, 6 Jan 2017
Couple in snorkelling gear at the travel agents... Comedy snap. Photo by Shutterstock

Travel booking systems ‘wide open’ to abuse – report

Updated Legacy travel booking systems disclose travellers’ private information, security researchers warn. Travel bookings worldwide are maintained in a handful of Global Distributed Systems (GDS) built around mainframe computers linked to the web but without adequate security controls, say the researchers. “The systems have since …
John Leyden, 4 Jan 2017
Skyline of Los Angeles

Los Angeles to extradite bloke from Nigeria after scores of city workers fall for phish scam

Los Angeles wants to extradite a Nigerian man accused of swiping the passwords of more than 100 workers in 15 city and county departments via a phishing attack. The metropolis' prosecutors have obtained arrest warrants seeking the extradition of Austin Kelvin Onaghinor from Nigeria to face charges of identity theft and …
Shaun Nichols, 19 Dec 2016

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 7 Dec 2016

Own goal for Scottish Football Association as fans sent phishy emails

Phishing emails ostensibly from the Scottish Football Association (SFA) were sent to subscribers on Monday as the result of a breach. The SFA blamed a breach at a third-party supplier for a leak of sensitive info that was used in an attempt to trick recipients into opening a dodgy email that appeared under the guise of an …
John Leyden, 6 Dec 2016

Phishing tackle ships data catch to net sharks

A malware writer is running YouTube ads for a phishing tool they have secretly backdoored to steal victims' information. The phishing platform is designed to trick victims into entering their Amazon account information into a passable replica of the legitimate website under the guise of a validation check. It requires victims …
Team Register, 28 Nov 2016
Money laundering

178 arrested in pan-European money mule crackdown

A pan-European crackdown has resulted in the arrest of 178 suspected money mules. Across Europe, 580 people were identified as suspects. National law enforcement agencies last week interviewed 380 suspects collectively implicated in losses amounting to €23m. After malware or phishing is used to obtain the login credentials of …
John Leyden, 22 Nov 2016
Michele Orru. Image: Darren Pauli / The Register.

Hacker dishes advanced phishing kit to hook clever staff in 10 mins

Kiwicon Michele Orru has released an automated phishing toolkit to help penetration testers better exploit businesses. The well-known FortConsult hacker, better known as Antisnatchor (@antisnatchor), dropped the phishing kit at the Kiwicon hacking event in Wellington New Zealand last week, offering hackers tips to more successfully …
Darren Pauli, 21 Nov 2016
image by Leonardo Gonzalez http://www.shutterstock.com/gallery-650461p1.html

Obey Google, web-masters, or it will say you can't be trusted

Criminals are about to lose a reliable attack vector for malware infection and phishing, thanks to Google's Certificate Transparency initiative that will force websites to enforce proper certificate security within a year. Stolen and mis-issued SSL certificates allow attackers to spin up malicious sites that pass browser …
Darren Pauli, 31 Oct 2016

'Fappening' hacker gets 18 months in US federal clapper

The 36-year-old hacker behind a massive public leak of private celebrity photos has been sentenced to 18 months in prison. Ryan Collins, of Pennsylvania, was one of two suspects in the September 2014 leaks known online as the Fappening or CelebGate. Celebrities impacted include Jennifer Lawrence, Kate Upton, Rihanna, and …
Darren Pauli, 28 Oct 2016

Create a news alert about phishing, or find more stories about phishing.

Biting the hand that feeds IT © 1998–2017