Articles about phishing

Most convincing PHISHING pages hoodwink nearly half of you – Google

Nearly half (45 per cent) of those who visit the most convincing phishing pages are tricked into handing over personal information, according to Google. This effectiveness drops to just three per cent in the case of the most obviously scummy phishing sites, while the online giant reports that the account hijackers work quickly, …
John Leyden, 11 Nov 2014
Meme of a dog "typing" at a computer, with the large font phrase "I have no idea what I'm doing' above him.

It's official: David Brents are the weakest link in phishing attacks

Middle management are increasingly becoming the focus of phishing attacks, according to a new study. Managers received more malicious emails and doubled their click rates year-on-year, according to a study by security company ProofPoint. Senior staff seemed more clued up about dodgy emails, meaning managers and staff clicked on …
John Leyden, 22 Apr 2015

Phishing miscreants THWART securo-sleuths with AES-256 crypto

Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites. Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools are commonly used but Symantec recently caught what it reckons is the first use of AES-256 encryption in dodgy …
John Leyden, 09 Sep 2014
Hack the planet

Verizon to world: STOP opening dodgy phishing emails, FOOLS

Phishing and web app security problems remain the most common way for hackers to gain access to sensitive information, according to US telco giant Verizon. Two out of three breaches were the result of weak or swiped passwords, making a case for strong two-factor authentication, the latest edition of Verizon’s annual Data Breach …
John Leyden, 14 Apr 2015
detour

eBay bug turns phishing email links into malware-stuffed booby prizes

eBay is racing to fix a second serious security flaw that may allow criminals to spread malware through files seemingly hosted by the online tat bazaar. The bug is closely related to an earlier one discovered by David Sopas, a researcher at security firm WebSegura in Portugal. The hole uncovered by Sopas, since closed by eBay, …
Iain Thomson, 23 May 2015

Rejoice, Blighty! UK is the TOP of the WHOLE WORLD ... for PHISHING

British punters are being served three times as many phishing links to trojans and exploit kits than the US, and five times more than the Germans, according to a ProofPoint study. The security researchers say that while the English were being served more malicious links, Germans were hit with the greatest amount of unsolicited …
Darren Pauli, 16 Sep 2014

Bargain basement iPhone shoppers BEWARE! eBay exposes users to phishing vuln

eBay bans the use of cross-site scripting on the online tat bazaar because it can open up the site's users to nasty phishing vulnerabilities. And yet, according to the BBC, some auction listings have been exposed to the exploit since February this year. Some users hunting for old iPhones could have been caught up in the security …
Team Register, 21 Sep 2014
Lock security

Microsoft blunts hooks of nasty Internet Explorer phishing flaw

Microsoft is investigating an alleged vulnerability in its flagship Internet Explorer browser. The cross-site scripting hole disclosed Saturday by hacker David Leo includes functional proof of concept code, according to confirmed reports. Vulture South reported the flaw to Microsoft Friday and has been told it is working to …
Darren Pauli, 04 Feb 2015

Crooks are using proxy servers to build more convincing phishing sites – new claim

Crooks using phishing pages to grab victims' passwords have apparently upped their game – by using proxy servers rather than static pages to craft legit-looking websites. Normally, thieves recreate a web page – such as a login page for an online shop or webmail – and stick it on a compromised server, then direct marks towards …
John Leyden, 07 Nov 2014

EA games web server was hosting PHISHING SITE – securobod

An Electronic Arts server was hacked and used to host a phishing site targeting Apple ID holders, according to internet security firm Netcraft. The site has since been pulled down and EA has told various news sites that it is "investigating" the report. Netcraft security expert Paul Mutton posted on the company's blog that the …

Hacker breaks into ThrustVPS, launches phishing attack from firm's own servers

Virtual private server firm ThrustVPS has taken the unusual step of admitting it had suffered a phishing attack. Rather than taking the time-honoured solution of just pretending nothing had happened and correcting the issue on the sly, the VPS provider sent an email to customers 'fessing up to the attack. "The phishing attack …
Team Register, 21 Jan 2014

Pre-election phishing spike blasts Iranian Gmail accounts

Google has spotted a massive spike in what it believes to be politically-motivated phishing attacks originating from Iran and targeting tens of thousands of web users ahead of Friday’s presidential elections. The Chocolate Factory has spotted several campaigns over the past three weeks, all coming from inside the Islamic …
Phil Muncaster, 13 Jun 2013
Google Password Alert warning

Google polishes Chrome security with Password Alert

Google's seen way too much phishing, it seems, so the Chocolate Factory has pushed out a Chrome extension to catch attacks against accounts on Google domains. Mountain View reckons two per cent of Gmail messages are phishing attempts, and a well-constructed attack can have a 47 per cent success rate. Outlined here, the Password …
The Register breaking news

New class of industrial-scale super-phishing emails threatens biz

Security watchers are warning of a surge of highly convincing spear-phishing emails sent in bulk. More than one in 10 recipients of these so-called longlining* messages click on links to compromised websites because the phishing email look utterly plausible, according to cloud-based security services firm Proofpoint. The …
John Leyden, 04 Mar 2013

White-listed phish slip through Google Apps

Security probers Patrik Fehrenbach and Behrouz Sadeghipour have found a (since-patched) flaw in Google Apps that allowed criminals to register corporate domains and send white-listed phishing emails from admin addresses. The Choc Factory patched the flaw and handed the duo US$500 by way of thanks. the flaw meant attackers could …
Darren Pauli, 10 Mar 2015
The Register breaking news

Cybercrooks send in Bouncer to guide marks to phishing sites

Cybercrooks have begun bundling whitelisting technology with phishing kits in a bid to restrict access to phishing sites to only their intended victims. The tactic of blacklisting IP addresses associated with security firms from accessing banking fraud sites has been in play for at least a few months now, but a new phishing …
John Leyden, 18 Jan 2013

Google Password Alert could be foiled with just 7 lines of JavaScript

Google has been obliged to revise its Password Alert anti-phishing protection just hours after releasing it when security researchers showed how the technology was easily circumvented. Security consultant Paul Moore (@Paul_Reviews) has published a proof-of-concept JavaScript exploit that skirted the defensive technology with …
John Leyden, 01 May 2015

Don't be fooled! He's not from the IT crowd... he's a CYBERSPY – FireEye

Impersonating IT departments in spear-phishing attacks is becoming an increasingly popular tactic among hackers, particularly in cyber-espionage attacks. IT staff themed phishing emails comprised 78 per cent of observed phishing schemes picked up by FireEye in 2014, compared to just 44 per cent in 2013. The sixth annual FireEye …
John Leyden, 24 Feb 2015

Phishing up, malware down, says Google

Google has revealed a new analysis of five years’ worth of data gathered by its Safe Browsing service. The analysis, as any discussion of online security seems obliged to, includes lots of Scary Big NumbersTM, such as the 9500 malware-infected sites the Chocolate Factory says it finds every day or the 12-14 million warnings it …
Simon Sharwood, 20 Jun 2012
The Register breaking news

Twitter adds email security to help block phishing attempts

Following a recent spate of incidents in which high-profile accounts have been compromised by hackers, Twitter has implemented a security protocol designed to make it harder for fraudsters to send out emails that appear to come from Twitter.com addresses. "We send out lots of emails every day to our users letting them know what' …
Neil McAllister, 21 Feb 2013

Welcome the world's new Most Phished Country: Australia

Move over Brazil: Australia has become the most phished country on Earth, accounting for a quarter of all targeted malicious emails sent globally. Down Under has worked hard at the title, according to Kasperksy, more than doubling its share of phishing attacks received. This despite that a mere 23 million people inhabit the …
Darren Pauli, 26 Sep 2014
No junk mail. Pic: gajman, Flickr

SendGrid infosec chief eats humble pie, admits email service hacked

Marketing email distribution service SendGrid is asking customers to switch passwords after admitting it got hacked. The move follows the realisation that a previously reported hack is a bigger deal than previously imagined. The initial alert was triggered after the SendGrid account of Bitcoin exchange Coinbase was compromised …
John Leyden, 28 Apr 2015

Chinese responsible for 85 per cent of website scams

Chinese internet users are behind 85 per cent of fake websites, according to a semi-annual report [PDF] from the Anti-Phishing Working Group (APWG). Of the 22,679 malicious domain registrations that the group reviewed, over 19,000 were registered to servers based in China. This is in addition to nearly 60,000 websites that were …
Kieren McCarthy, 10 Dec 2014
Paul Winchell and dummy

O2 notifies data cops 'for courtesy' ... AFTER El Reg intervenes in email phish dustup

O2 has denied that it's suffered a serious data breach after customers began receiving sophisticated phishing emails that appeared to have been sent by the mobile operator late last month. It was claimed by subscribers that the body of the email included their name, email address, and date of birth. The dodgy messages about VAT …
Kelly Fiveash, 04 Feb 2015
Punk-styled girl with piercing gazes at an apple

Gullible Apple users targeted by bogus order cancellation scam

Cybercrooks are targeting Apple iCloud users with phishing messages designed to steal financial information. A new run of spam messages offer a slight twist on the popular ”bogus order" scam. Instead of simply telling you about a payment you're supposed to have made, prospective marks are invited to cancel a transaction already …
John Leyden, 13 Feb 2015

Received surprise new Redmond licenses? You might be pwned

Black hats are flinging supposedly free licenses at enterprises in a bid to get malware on corporate networks, security bod Martin Nystrom says. They wrote malware that was slightly neurotic in its bid to evade detection and would make use of the Tor network to receive stolen data. The Cisco threat defence man said realistic …
Darren Pauli, 10 Feb 2015
Grand Theft Auto Lindsay Lohan lookalike

BLAM! Valve slams brakes on Steam flimflam with $5 spam scram plan

Video-gaming kingpin Valve has promised to do a better job of protecting its subscribers from dollops of spam, by applying a $5 limit on user accounts before unlocking a number of key features. The company explained the new strategy in a post on its support forum. It said that features – including friend invites, group chat, …
Kelly Fiveash, 19 Apr 2015
The Register breaking news

Self-pwned: Black Hat says soz for phishing attack scare

Black Hat conference Organisers of the annual Black Hat conference have apologised after an estimated 7,500 conference delegates received a suspicious email yesterday resembling a phishing attack. The dodgy email, informing entrants of a supposed password reset, was sent out after a volunteer with ITN International, the third-party firm handling on- …
John Leyden, 23 Jul 2012

Advanced threats and the human factor

New Regcast Register now to watch our live Regcast, where we look at why the human factor is an important internet security risk. Watch this video broadcast live, on June 18 at 11:00 BST. Handy synopsis for you As we reported in April, you build security, and the users muck it up. At a time when productivity growth in many businesses has …
David Gordon, 29 May 2015
Cartoon of  green skeletal figure reaching out of phone

Fraudsters target Nazi Android malware at Russian bank customers

Alleged members of a gang of "cyber-fascist" Android malware-slingers have been arrested in Russia. The alleged perps behind the scam targeted customers of Russian bank Sberbank with software they called "Fifth Reich", which used Nazi symbols in the management system. Fraudsters targeted malware attacks at Android-operated …
John Leyden, 13 Apr 2015
The US White House. Pic: Roman Boed

CozyDuke hackers targeting prominent US targets

A newly discovered group of cyber-spies are closely targeting high profile US targets, possibly including both the White House and the State Department. The so-called CozyDuke hackers make extensive use of spear-phishing, sometimes using emails containing a link to a hacked (otherwise legitimate) websites such as "diplomacy.pl …
John Leyden, 22 Apr 2015

Aussie spooks warn of state-sponsored online attacks during G20

Australia's top spy agency has warned of 'real and persistent' threats to organisations, agencies and individuals linked to the G20 leaders conference in to be held down under next week. The advice issued by the Australian Signals Directorate (ASD) warns that large diplomatic and defence conferences attract attacks such as …
Darren Pauli, 07 Nov 2014

Microsoft scrambles to kill Live.fi man-in-the-middle diddle

Microsoft is firing off updates to kill a fake certificate that can be used to create a convincing man-in-the-middle attack against its Live services. Certificate Authority Comodo has killed the bad cert, which it issued, and now Redmond is following suit by updating its revocation list for Windows platforms. "Microsoft is …
Darren Pauli, 17 Mar 2015

EFF claims Vietnam targeted its staff with spear phishing attack

Advocacy group the Electronic Frontier Foundation (EFF) has warned of an uptick in targeted malware attacks by “state-aligned actors” in Vietnam against foreign activists and journalists. In a blog post this week the group complained of a new campaign targeting its own staff – the first of its kind. A suspicious looking email …
Phil Muncaster, 21 Jan 2014
michael_oleary_ryanair_650

Ryanair stung after $5m Shanghai'd from online fuel account

Budget airline Ryanair has fallen victim to a $5m hacking scam. Crooks siphoned off money from an account earmarked for the payment of fuel bills via an electronic transfer to a bank in China last week. The transfer was subsequently blocked, but the funds – earmarked to pay for aviation fuel for Ryanair's 400-plus Boeing 737-800 …
John Leyden, 30 Apr 2015
You can't fight in here, this is the war room!

APT group hacks cyber-spy gang in spy-on-spy pwnage

Cyber-spy groups, whose numbers are growing with little constraint, have begun hacking each other. Hellsing, a small and technically unremarkable cyber-espionage group, was subjected to a spear-phishing attack by another threat actor last year, before deciding to strike back with its own malware-infected emails. The aftermath …
John Leyden, 16 Apr 2015

Queensland Police warn of tax refund phishing

Queensland Police are warning residents of the Sunshine State about a new phishing scam that sees emails arrive in Australian Taxation Office (ATO) livery, complete with promise of a refund. Such emails are, we imagine here in El RegM’s antipodean eyrie, probably the only email one really wants to open from the ATO. Queensland …
Simon Sharwood, 25 May 2012
Oil Pump Jack by https://www.flickr.com/photos/paul_lowry/  cc 2.0 attribution

Crude scammer targets Brit oil brokers

Panda Labs researchers have identified a scammer who is fleecing British oil buyers using a malware-free spin on the classic Nigerian scam. They say the scammers steal credentials from oil brokers to swindle buyers across Germany, Spain, and across Asia out of cash. The sting works using a PDF file in the first stage of the …
Darren Pauli, 18 May 2015
phishing_648

Safari URL-spoofing vuln reveals how fanbois can be led astray

A recently published exploit for the Safari browser demonstrates a URL spoofing mechanism which might convince users they are visiting a legitimate website, when they are actually visiting another site which may be phishing their details. Deusen researchers have disclosed a vulnerability which may be exploited by hackers to …

Get ready: 'Critical' Adobe Reader patches coming on Tuesday 12 May

Adobe has pre-announced plans to release cross-platform security updates for Adobe Reader and Acrobat next Tuesday (12 May). Windows and Mac versions of Adobe Reader XI (11.0.10, 10.1.13) as well as Adobe Acrobat XI (11.0.10, 10.1.13) will all need patching against (unspecified) critical vulnerabilities in the software. Adobe …
John Leyden, 08 May 2015
The Register breaking news

Google rolls out phishing URL alerts for admins

Google has rolled out a service that alerts administrators when the sites on their networks contain links used in phishing attacks. The Phishing URL notifications are being added to the Safe Browsing Alerts for Network Administrators, which Google rolled out in September. It sends email to admins of autonomous systems when …
Dan Goodin, 15 Oct 2010

Zero-day hacking group resorts to UNICORN SMUT-SLINGING

Sysadmins who have not yet patched their Windows boxes against the 18-year-old "unicorn-like" OLE bug disclosed last month could expect a deluge of spear phishing smut from a group once confined to lofty targeted zero-day attacks. The talented APT3 group was behind widespread zero-day attacks code-named Clandestine Fox earlier …
Darren Pauli, 26 Nov 2014

Rocket Kittens target defence and IT bods from Europe & Israel

A seemingly state-sponsored hacking crew has compromised systems in several organisations in Israel and Europe, according to new research by Trend Micro. The so-called Rocket Kitten group has targeted defence and IT industries, government entities and academic institutions. Victims include civilian and academic organisations in …
John Leyden, 20 Mar 2015
The Register breaking news

Six cuffed in £1m student readies phishing probe

Scotland Yard's cybercrime crackdown squad has cuffed suspected crims accused of masterminding a phishing scam that netted more than £1m in cash from hundreds of unsuspecting students. The Met's Police Central e-Crime Unit (PCeU) began an investigation in August after a tip-off that students signed up to a government loan scheme …
Paul Kunert, 09 Dec 2011
Minority report precogs

Mind-reading DNS security analysis offers early warning for APT attacks

The application of predictive algorithms to DNS data may be able to spot malware sites before they serve up nasties. Security firm OpenDNS is applying ideas from natural language processing to automatically identify malicious domains using a prototype tool called NLPRank, as a blog post by the firm explains. Utilising natural …
John Leyden, 06 Mar 2015

Something smells PHISHY: It's the celeb nudie iCloud PERV trap...

Consumers are being warned to be on their guard against phishers' fake Apple emails and texts designed to exploit the publicity about this week's nude celeb picture flap. In addition to scam emails designed to trick gullible recipients into logging into phishing sites, Symantec warns of a likely upsurge in fraudulent text …
John Leyden, 04 Sep 2014

Hackers pop German steel mill, wreck furnace

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces. The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email. Hackers then pivoted to the …
Darren Pauli, 22 Dec 2014

Snooker WPA secrets with this Wi-Fi tool

Crypto geek George Chatzisofroniou has published a WiFi social engineering tool used to steal credentials and credit cards from users of secure wireless networks. The administrator at the University of Greece developed the WiFiPhisher tool which sought out and then replicated WPA-protected networks, sans password. The tool, …
Darren Pauli, 05 Jan 2015
usb nuclear button hub

Nuke regulator hacked three times in three years

The US Nuclear Regulator Commission (NRC) has been hacked three times in as many years, according to documents obtained under freedom of information requests. Unnamed foreign hackers sent hundreds of phishing emails - targeting 215 staff in one incident alone - in what was dubbed a 'credential harvesting campaign', according to …
Darren Pauli, 19 Aug 2014

Fraudsters make bank as exec wires $17 MEELLION to China

Scammers have swindled commodities trader Scoular out of US$17.2 million (A$22.1 million, £11.3 million) in a targeted phishing exercise. Local news outlet Omaha.com reported the company controller at Scoular with the 800-seat company had followed instructions to wire a series of massive payments to a Chinese bank from emails …
Darren Pauli, 09 Feb 2015