Articles about phishing

USB in a leather case

Between you, me and that dodgy-looking USB: A little bit of paranoia never hurt anyone

Arriving at a recent conference organised by one of the government's many regulatory bodies, I received my obligatory lanyard – and something else, credit-card-shaped, emblazoned with the branding for event. "What's this?" I asked. "Oh, that's a USB key." I presume the conference organisers mistook my wild-eyed stare of …
Mark Pesce, 13 Nov 2018
Diane Abbott, British Labour Party politician

If Shadow Home Sec Diane Abbott can be reeled in by phishers, truly no one is safe

While fraudsters traditionally prey on the gullible and feeble-minded, their wicked ways have ensnared British Labour MP Diane Abbott. The UK Shadow Home Secretary admitted to handing over control of her computer to a stranger after a random caller asked her to install Remote PC. It's a common scam. Once the miscreant has …

I know what you're thinking: Outsource or in-source IT security? I've worked both sides, so here's my advice...

Comment You’re a small or mid-sized business and have a growing sense of unease that you aren’t doing enough on cyber security. Must be all those headlines about ransomware infections and databases ransacked. Or – perhaps – you’re experiencing an upsurge in phishing attempts. Congratulations – you’ve woken up to something that a …

Trump's axing of cyber czar role has left gaping holes in US defence

Comment A cybersecurity czar has been a long-established presence in US government – until recently. Against a rising tide of attacks on the nation's infrastructure and election systems, Donald Trump eliminated the post through an executive order in May. As if to highlight the deficiency of such a move, just two months later the US …
David Gordon, 27 Sep 2018
Man holding laptop computer and pointing finger up

Baddies just need one email account with clout to unleash phishing hell

A single account compromise at an unnamed "major university" in the UK led to a large-scale phishing attack against third parties, according to data protection outfit Barracuda Networks. With one account in their pocket, the attackers used it to compromise modest numbers at the same institution, after which they were turned …
John E Dunn, 24 Sep 2018
hacking

The curious sudden rise of free US election 'net security guardians

Analysis Nothing super-fuels a security sales pitch like the sort of threat it’s hard to ignore. After China’s massive Aurora attacks on Gmail in 2009, it was the terror of Advanced Persistent Threats (APTs) that helped make fortunes for a new wave of security startups, post-incident forensic companies, and others peddling intelligence …
John E Dunn, 22 Sep 2018

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Comment It has never been easier to conduct a cyber attack. There now exists a range of off-the-shelf tools and services that do all the heavy lifting – you just need to pick an approach and tool you like best. There's ransomware-as-a-service with its "here's one I made earlier" code, search engines that show connected interfaces with …
Dave Cartwright, 17 Sep 2018
prison

Princely five years in US big house for Nigerian biz email scammer

A Nigerian scumbag will be spending the next five years in an American clink after pleading guilty to operating an email phishing scam targeting businesses around the world. Onyekachi Emmanuel Opara was given a 60-month sentence and ordered to pay $2.5m in restitution after pleading guilty to charges of wire fraud and …
Shaun Nichols, 13 Sep 2018
Woman looks sceptical at laptop

Email security crisis... What email security crisis?

In late August, Microsoft announced a free service that arguably reveals more about the future of the email business and its struggles with security than several years' worth of earnest press releases. Called AccountGuard, it's Microsoft's answer to the phenomenon of Russian phishing meddling with the US elections and the …
John E Dunn, 11 Sep 2018
phishing

Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

A security researcher has disclosed a bug that could be abused to spoof website addresses in either Edge or Safari. Rafay Baloch told The Register that while Microsoft has since patched the flaw (CVE-2018-8383) in its browser, Apple has been dragging its feet on a fix for Safari for weeks, and the browser remains vulnerable …
Shaun Nichols, 11 Sep 2018

Feel the shame: Email-scammed staffers aren't telling bosses about it

The number of UK companies on the receiving end of business scams involving email has risen by nearly two-thirds – 58 per cent – in the last year, new data from Lloyds Bank has revealed. Stats from the bank showed the average loss from so-called "business email compromise" (BEC) frauds has reached £27,000. IT workers are …
John E Dunn, 7 Sep 2018
Pinky and the Brain

Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks

A pair of cybercrooks who may have started out as legit infosec pros have expanded their operations outside Russia and begun attacking banks across the world. "Silence is an example of a mobile, small, and young group that has been progressing rapidly," Group-IB said, adding that the cybercrime group has shown signs of …
John Leyden, 5 Sep 2018
phishing

Cybercrooks home in on infosec's weakest link – you poor gullible people

Cybercrims are ramping up their efforts to target employees through fraudulent email and social media scams, according to a new study by email security firm Proofpoint. Retailers and government agencies saw huge quarter-on-quarter increases in email fraud attempts in calendar Q2, with attacks per company and agency soaring 91 …
John Leyden, 5 Sep 2018
phishing_648

If you have to simulate a phishing attack on your org, at least try to get something useful from it

Just when it looked as if the US Democratic National Committee (DNC) had finally got one over on the phishing hackers that had been owning it since 2016, the triumph was torn away by a moment of rebellious fakery. On August 20, DNC security partner Lookout's machine-learning system spotted a site impersonating the DNC …
John E Dunn, 29 Aug 2018
Image composite Andreas Berheide https://www.shutterstock.com/gallery-584422p1.html

US Democrats call in Feds: There's something phishy going on with our voter database

Updated The Democratic National Committee (DNC) has called in the FBI after uncovering an apparent attack against its internal voter database system. CNN reported that the DNC learned of the attempted phishing attack from cloud service provider DigitalOcean via Lookout, a mobile security firm that detected the malfeasance. Miscreants …
John Leyden, 23 Aug 2018
card

The End for Fin7: Feds cuff suspected super-crooks after $$$m stolen from 15m+ credit cards

The FBI has arrested the alleged three leaders of an international crime syndicate that stole huge numbers of credit card numbers – which were subsequently sold on and used to rack up tens of millions of dollars in spending sprees. Speaking in Seattle, USA, where the Feds' cybersecurity taskforce is based, agents said the " …
Killer whale, photo via Shutterstock

Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry

Business email accounts remain a lucrative way for scammers to get into companies and turn a quick buck. The FBI's Internet Crime Complaint Center (IC3) says that attacks using Business Email Compromise (stealing a legit business account and then using it to transfer funds out to criminals) incidents have exploded, with …
Shaun Nichols, 17 Jul 2018
Open barn door

It's mid-year report time, let's see how secure corporate networks are. Spoiler alert: Not at all

Companies are still leaving basic security flaws and points of entry wide open for hackers to exploit. This according to research from security house Positive Technologies, which says that its penetration testers found that enterprises were rife with things like months-old unpatched vulnerabilities and unsecured access points …
Shaun Nichols, 10 Jul 2018

Create a news alert about phishing, or find more stories about phishing.

Biting the hand that feeds IT © 1998–2018