Articles about phishing

Cyber

Loake Shoes admits: We've fallen victim to cybercrims

Miscreants, hackers – call 'em what you will – have pilfered email addresses from an unknown number of Loake Shoes customers. In a letter sent to punters on its database – seen by The Register – the premium footwear maker said it has been "the victim of a cyber attack". "Despite having stringent security measures in place, …
Andrew Silver, 22 Nov 2017
vulture tv reporter

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation. Searching for "TSB" – as in the UK's TSB Bank – on the Great Britain edition of Bing would bring up, right at the top of the page, a search ad for a phishing website described …
Shaun Nichols, 20 Nov 2017
phishing_648

So long – and thanks for all the phish

Research While messaging apps, social media, fake websites and phone calls can all be used to carry out phishing attacks, in the business world, fake emails are the most common and dangerous method. The wave of mass-mailing phishing attempts appears to be subsiding but that doesn’t mean business and IT managers can allow themselves to …
Richard Edwards, 26 Oct 2017

UK cybercops reacted to 590 'significant attacks' over past year – report

The National Cyber Security Centre responded to 590 "significant attacks" over the last year including WannaCry, MPs' email addresses being targeted due to weak passwords and various threats to other large organisations. The body was created in October last year, bringing together previously separate parts of government, MI5 …
Kat Hall, 5 Oct 2017
Image: Seinfield. Credit: NBC.

Equifax fooled again! Blundering credit biz directs hack attack victims to parody site

You'd have thought that Equifax staff would be on their toes ever since the megahack that exposed the private data of over 143 million Americans but the corporation's social media certainly haven't got the message. When news of the hack was published on September 7, over a month after its scale had been discovered, Equifax set …
Iain Thomson, 21 Sep 2017

Probing the online phish market reveals thriving, profitable underworld

A new study has lifted the lid on the booming ecosystems of fake websites that underpin phishing scams, revealing a wide variety of prices and products from cheap knock-ups to bespoke fraud services offering concierge-level customer support. Infosec firm Clearsky surfed popular Russian and English-speaking underground boards …
John Leyden, 24 Aug 2017
The big fish eats the little fish

DMARC anti-phishing standard adoption is lagging even in big firms

Big-name companies are still leaving themselves and their customers open to phishing because they haven't implemented the DMARC message validation standard. In this year's DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message …
phishing

Berkeley boffins build better spear-phishing black-box bruiser

Security researchers from UC Berkeley and the Lawrence Berkeley National Laboratory in the US have come up with a way to mitigate the risk of spear-phishing in corporate environments. In a paper presented at Usenix 2017, titled "Detecting Credential Spearphishing in Enterprise Settings," Grant Ho, Mobin Javed, Vern Paxson, and …
Thomas Claburn, 18 Aug 2017

Hacked Chrome web dev plugin maker: How those phishers tricked me

The chap behind Chrome Web Developer, a popular third-party extension that was briefly hijacked to inject ads into browsers, today confirmed he was the victim of a phishing attack. Chris Pederick, a Brit living abroad in San Francisco, California, said he received an email on Tuesday claiming to be from Google warning that his …
Shaun Nichols, 3 Aug 2017
Seagate logo

What's the price for flinging your workers' private info at crooks? For Seagate, it's $6m

Seagate will cough up $5.75m to settle a lawsuit brought after its bungling staff accidentally handed over employees' sensitive information to fraudsters. The storage giant told [PDF] the California Northern US District Court this week that it is willing to cover the cost of identity protection services as a result of that …
Shaun Nichols, 28 Jul 2017
phishing

UK uni warns students of phishers trying to nick their tuition fees

Foreign students looking to experience the stochastic joys of a year at Newcastle University in England are being warned that phishers are after their cash – using an unusually well-crafted attack. The raiders set up a very realistic-looking fake website proclaiming itself to be Newcastle International University, complete …
Iain Thomson, 20 Jul 2017
phishing

Someone's phishing US nuke power stations. So far, no kaboom

Don't panic, but attackers are trying to phish their way into machines in various US power facilities, including nuclear power station operators. It seems so far that whoever is behind the campaign has tried phishing and watering-hole attacks, but haven't got beyond corporate networks (which in critical infrastructure should …

Braking news: AA password reset email cockup crashes servers

UK car insurance giant the AA caused all sorts of confusion on Monday after accidentally sending out a "password update" email to people. The alert led to motorists rushing to log into the motoring organization's website to change their passwords, only to overload the servers and effectively run them over. Brits were furious …
John Leyden, 26 Jun 2017
Batman. Credit: DC Comics.

Breach at UK.gov's Cyber Essentials scheme exposes users to phishing attacks

Updated The operation behind the UK government's Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme's badges are required by suppliers bidding for "certain sensitive and personal information-handling [government] contracts". Companies were notified of …
John Leyden, 21 Jun 2017
Prison

Jailed fraudster admits running same cold-caller con from behind bars

The jailed kingpin behind a multimillion-pound fraud has admitted attempting to run an almost identical con from behind bars. Feezan "Fizzy" Hameed, 26, ran a voice-based phishing fraud which claimed 750 RBS group victims (mainly small businesses such as accountants and solicitors) and resulted in loses of £113m. He used his …
John Leyden, 12 Jun 2017
Piranha fish pattern illustration

Phishing scum going legit to beat browser warnings

Browser-makers' decision to put big red warning lights in the faces of users when they hit sites too slack to use HTTPS is backfiring a little, as crooks are accelerating their use of encryption. So says Netcraft, which has turned its web server probes onto phishing sites in the wake of Chrome 56 and Firefox 51 adding warnings …
Simon Sharwood, 19 May 2017
Piranha fish pattern illustration

DocuSign forged – crooks crack email system and send nasties

Electronic signatures outfit DocuSign has warned world+dog that one of its email systems was cracked by phisherpholk. The company has of late reported an extensive phishing campaign that sees messages with the subject line “Completed *company name* - Accounting Invoice *number* Document Ready for Signature” land in plenty of …
Simon Sharwood, 16 May 2017

Team Macron praised for feeding phishing spies duff info

Emmanuel Macron's campaign team reportedly used fake logins and docs to waste hacker resources and frustrate phishing attempts. Although the newly elected French president's campaign was still hacked before the release of emails and other information last Friday, Team Macron's interference tactics have been heralded by at …
John Leyden, 8 May 2017

Create a news alert about phishing, or find more stories about phishing.

Biting the hand that feeds IT © 1998–2017