Articles about phishing

card

The End for Fin7: Feds cuff suspected super-crooks after $$$m stolen from 15m+ credit cards

The FBI has arrested the alleged three leaders of an international crime syndicate that stole huge numbers of credit card numbers – which were subsequently sold on and used to rack up tens of millions of dollars in spending sprees. Speaking in Seattle, USA, where the Feds' cybersecurity taskforce is based, agents said the " …
Killer whale, photo via Shutterstock

Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry

Business email accounts remain a lucrative way for scammers to get into companies and turn a quick buck. The FBI's Internet Crime Complaint Center (IC3) says that attacks using Business Email Compromise (stealing a legit business account and then using it to transfer funds out to criminals) incidents have exploded, with …
Shaun Nichols, 17 Jul 2018
Open barn door

It's mid-year report time, let's see how secure corporate networks are. Spoiler alert: Not at all

Companies are still leaving basic security flaws and points of entry wide open for hackers to exploit. This according to research from security house Positive Technologies, which says that its penetration testers found that enterprises were rife with things like months-old unpatched vulnerabilities and unsecured access points …
Shaun Nichols, 10 Jul 2018
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Gmail is secure. Netflix is secure. Together they're a phishing threat

A developer has discovered that Gmail's email handling creates a handy phishing vector to attack Netflix customers. The problem is that Netflix, like most systems, recognises dots in e-mail handles (so richardchirgwin and richard.chirgwin are different accounts) – but Gmail does not. Over the weekend, developer James Fisher …

Botched upgrade at Belgian bank Argenta sparks phishing frenzy

Belgian bank Argenta has apologised for a botched tech plumbing upgrade that delayed transfers and confronted customers with incorrect balance data. The bank, which has 1.4 million Belgian customers, blamed the problems on post-upgrade issues with the data transfer mechanism between its two data centres, among other things. …
John Leyden, 6 Apr 2018
Detroit

1 in 5 Michigan state staffers fail phishing test but that's OK apparently

Network security for the US State of Michigan has been rated as "moderately sufficient" in an audit of its Department of Technology, Management, and Budget (DTMB). Michigan's DTMB, according to auditor Doug Ringler this month, got some things right but has a number of deficiencies in its IT security practices that need to be …
Thomas Claburn, 19 Mar 2018

Two things will survive a nuclear holocaust: Cockroaches and crafty URLs like ғасеьоок.com

It's been known for a long while that people can use similar-looking non-Roman characters to create internet addresses that look similar to real ones. These dishonest URLs have been doing the rounds for years. And, sadly, the abuse of homographs to craft dodgy web addresses continues well into this day, according to security …
Kieren McCarthy, 19 Jan 2018
rat

North Korea's finest spent 2017 distributing RATs, wipers, and phish

South Korea was the target of a barrage of malware campaigns last year. Cisco Talos's Warren Mercer and Paul Rascagneres (with contributions from Jungsoo An) spent the year watching goings-on on the Korean peninsula. The researchers focussed on one organisation (likely North Korean given the target, but this is unconfirmed), …
enigma albert

Shafted by bosses, disdained by punters, loved by hackers – yes, it's freelance workers

Usenix Enigma Gig economy workers – the fancy new way to describe short-term freelance serfs like Uber drivers and Deliveroo riders – are well in the sights of hackers. That's because they're surprisingly easy to phish. There's no corporate network to protect them. They usually sign up to a task-scheduling app using their personal email …
Iain Thomson, 17 Jan 2018
Cyber

Loake Shoes admits: We've fallen victim to cybercrims

Miscreants, hackers – call 'em what you will – have pilfered email addresses from an unknown number of Loake Shoes customers. In a letter sent to punters on its database – seen by The Register – the premium footwear maker said it has been "the victim of a cyber attack". "Despite having stringent security measures in place, …
Andrew Silver, 22 Nov 2017
vulture tv reporter

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation. Searching for "TSB" – as in the UK's TSB Bank – on the Great Britain edition of Bing would bring up, right at the top of the page, a search ad for a phishing website described …
Shaun Nichols, 20 Nov 2017
phishing_648

So long – and thanks for all the phish

Research While messaging apps, social media, fake websites and phone calls can all be used to carry out phishing attacks, in the business world, fake emails are the most common and dangerous method. The wave of mass-mailing phishing attempts appears to be subsiding but that doesn’t mean business and IT managers can allow themselves to …
Richard Edwards, 26 Oct 2017

UK cybercops reacted to 590 'significant attacks' over past year – report

The National Cyber Security Centre responded to 590 "significant attacks" over the last year including WannaCry, MPs' email addresses being targeted due to weak passwords and various threats to other large organisations. The body was created in October last year, bringing together previously separate parts of government, MI5 …
Kat Hall, 5 Oct 2017
Image: Seinfield. Credit: NBC.

Equifax fooled again! Blundering credit biz directs hack attack victims to parody site

You'd have thought that Equifax staff would be on their toes ever since the megahack that exposed the private data of over 143 million Americans but the corporation's social media certainly haven't got the message. When news of the hack was published on September 7, over a month after its scale had been discovered, Equifax set …
Iain Thomson, 21 Sep 2017

Probing the online phish market reveals thriving, profitable underworld

A new study has lifted the lid on the booming ecosystems of fake websites that underpin phishing scams, revealing a wide variety of prices and products from cheap knock-ups to bespoke fraud services offering concierge-level customer support. Infosec firm Clearsky surfed popular Russian and English-speaking underground boards …
John Leyden, 24 Aug 2017
The big fish eats the little fish

DMARC anti-phishing standard adoption is lagging even in big firms

Big-name companies are still leaving themselves and their customers open to phishing because they haven't implemented the DMARC message validation standard. In this year's DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message …
phishing

Berkeley boffins build better spear-phishing black-box bruiser

Security researchers from UC Berkeley and the Lawrence Berkeley National Laboratory in the US have come up with a way to mitigate the risk of spear-phishing in corporate environments. In a paper presented at Usenix 2017, titled "Detecting Credential Spearphishing in Enterprise Settings," Grant Ho, Mobin Javed, Vern Paxson, and …
Thomas Claburn, 18 Aug 2017

Hacked Chrome web dev plugin maker: How those phishers tricked me

The chap behind Chrome Web Developer, a popular third-party extension that was briefly hijacked to inject ads into browsers, today confirmed he was the victim of a phishing attack. Chris Pederick, a Brit living abroad in San Francisco, California, said he received an email on Tuesday claiming to be from Google warning that his …
Shaun Nichols, 3 Aug 2017

Create a news alert about phishing, or find more stories about phishing.

Biting the hand that feeds IT © 1998–2018