Articles about phishing

Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Gmail is secure. Netflix is secure. Together they're a phishing threat

A developer has discovered that Gmail's email handling creates a handy phishing vector to attack Netflix customers. The problem is that Netflix, like most systems, recognises dots in e-mail handles (so richardchirgwin and richard.chirgwin are different accounts) – but Gmail does not. Over the weekend, developer James Fisher …

Botched upgrade at Belgian bank Argenta sparks phishing frenzy

Belgian bank Argenta has apologised for a botched tech plumbing upgrade that delayed transfers and confronted customers with incorrect balance data. The bank, which has 1.4 million Belgian customers, blamed the problems on post-upgrade issues with the data transfer mechanism between its two data centres, among other things. …
John Leyden, 6 Apr 2018
Detroit

1 in 5 Michigan state staffers fail phishing test but that's OK apparently

Network security for the US State of Michigan has been rated as "moderately sufficient" in an audit of its Department of Technology, Management, and Budget (DTMB). Michigan's DTMB, according to auditor Doug Ringler this month, got some things right but has a number of deficiencies in its IT security practices that need to be …
Thomas Claburn, 19 Mar 2018

Two things will survive a nuclear holocaust: Cockroaches and crafty URLs like ғасеьоок.com

It's been known for a long while that people can use similar-looking non-Roman characters to create internet addresses that look similar to real ones. These dishonest URLs have been doing the rounds for years. And, sadly, the abuse of homographs to craft dodgy web addresses continues well into this day, according to security …
Kieren McCarthy, 19 Jan 2018
rat

North Korea's finest spent 2017 distributing RATs, wipers, and phish

South Korea was the target of a barrage of malware campaigns last year. Cisco Talos's Warren Mercer and Paul Rascagneres (with contributions from Jungsoo An) spent the year watching goings-on on the Korean peninsula. The researchers focussed on one organisation (likely North Korean given the target, but this is unconfirmed), …
enigma albert

Shafted by bosses, disdained by punters, loved by hackers – yes, it's freelance workers

Usenix Enigma Gig economy workers – the fancy new way to describe short-term freelance serfs like Uber drivers and Deliveroo riders – are well in the sights of hackers. That's because they're surprisingly easy to phish. There's no corporate network to protect them. They usually sign up to a task-scheduling app using their personal email …
Iain Thomson, 17 Jan 2018
Cyber

Loake Shoes admits: We've fallen victim to cybercrims

Miscreants, hackers – call 'em what you will – have pilfered email addresses from an unknown number of Loake Shoes customers. In a letter sent to punters on its database – seen by The Register – the premium footwear maker said it has been "the victim of a cyber attack". "Despite having stringent security measures in place, …
Andrew Silver, 22 Nov 2017
vulture tv reporter

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation. Searching for "TSB" – as in the UK's TSB Bank – on the Great Britain edition of Bing would bring up, right at the top of the page, a search ad for a phishing website described …
Shaun Nichols, 20 Nov 2017
phishing_648

So long – and thanks for all the phish

Research While messaging apps, social media, fake websites and phone calls can all be used to carry out phishing attacks, in the business world, fake emails are the most common and dangerous method. The wave of mass-mailing phishing attempts appears to be subsiding but that doesn’t mean business and IT managers can allow themselves to …
Richard Edwards, 26 Oct 2017

UK cybercops reacted to 590 'significant attacks' over past year – report

The National Cyber Security Centre responded to 590 "significant attacks" over the last year including WannaCry, MPs' email addresses being targeted due to weak passwords and various threats to other large organisations. The body was created in October last year, bringing together previously separate parts of government, MI5 …
Kat Hall, 5 Oct 2017
Image: Seinfield. Credit: NBC.

Equifax fooled again! Blundering credit biz directs hack attack victims to parody site

You'd have thought that Equifax staff would be on their toes ever since the megahack that exposed the private data of over 143 million Americans but the corporation's social media certainly haven't got the message. When news of the hack was published on September 7, over a month after its scale had been discovered, Equifax set …
Iain Thomson, 21 Sep 2017

Probing the online phish market reveals thriving, profitable underworld

A new study has lifted the lid on the booming ecosystems of fake websites that underpin phishing scams, revealing a wide variety of prices and products from cheap knock-ups to bespoke fraud services offering concierge-level customer support. Infosec firm Clearsky surfed popular Russian and English-speaking underground boards …
John Leyden, 24 Aug 2017
The big fish eats the little fish

DMARC anti-phishing standard adoption is lagging even in big firms

Big-name companies are still leaving themselves and their customers open to phishing because they haven't implemented the DMARC message validation standard. In this year's DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message …
phishing

Berkeley boffins build better spear-phishing black-box bruiser

Security researchers from UC Berkeley and the Lawrence Berkeley National Laboratory in the US have come up with a way to mitigate the risk of spear-phishing in corporate environments. In a paper presented at Usenix 2017, titled "Detecting Credential Spearphishing in Enterprise Settings," Grant Ho, Mobin Javed, Vern Paxson, and …
Thomas Claburn, 18 Aug 2017

Hacked Chrome web dev plugin maker: How those phishers tricked me

The chap behind Chrome Web Developer, a popular third-party extension that was briefly hijacked to inject ads into browsers, today confirmed he was the victim of a phishing attack. Chris Pederick, a Brit living abroad in San Francisco, California, said he received an email on Tuesday claiming to be from Google warning that his …
Shaun Nichols, 3 Aug 2017
Seagate logo

What's the price for flinging your workers' private info at crooks? For Seagate, it's $6m

Seagate will cough up $5.75m to settle a lawsuit brought after its bungling staff accidentally handed over employees' sensitive information to fraudsters. The storage giant told [PDF] the California Northern US District Court this week that it is willing to cover the cost of identity protection services as a result of that …
Shaun Nichols, 28 Jul 2017
phishing

UK uni warns students of phishers trying to nick their tuition fees

Foreign students looking to experience the stochastic joys of a year at Newcastle University in England are being warned that phishers are after their cash – using an unusually well-crafted attack. The raiders set up a very realistic-looking fake website proclaiming itself to be Newcastle International University, complete …
Iain Thomson, 20 Jul 2017
phishing

Someone's phishing US nuke power stations. So far, no kaboom

Don't panic, but attackers are trying to phish their way into machines in various US power facilities, including nuclear power station operators. It seems so far that whoever is behind the campaign has tried phishing and watering-hole attacks, but haven't got beyond corporate networks (which in critical infrastructure should …

Create a news alert about phishing, or find more stories about phishing.

Biting the hand that feeds IT © 1998–2018