Articles about phishing

hacking

The curious sudden rise of free US election 'net security guardians

Analysis Nothing super-fuels a security sales pitch like the sort of threat it’s hard to ignore. After China’s massive Aurora attacks on Gmail in 2009, it was the terror of Advanced Persistent Threats (APTs) that helped make fortunes for a new wave of security startups, post-incident forensic companies, and others peddling intelligence …
John E Dunn, 22 Sep 2018

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Comment It has never been easier to conduct a cyber attack. There now exists a range of off-the-shelf tools and services that do all the heavy lifting – you just need to pick an approach and tool you like best. There's ransomware-as-a-service with its "here's one I made earlier" code, search engines that show connected interfaces with …
Dave Cartwright, 17 Sep 2018
prison

Princely five years in US big house for Nigerian biz email scammer

A Nigerian scumbag will be spending the next five years in an American clink after pleading guilty to operating an email phishing scam targeting businesses around the world. Onyekachi Emmanuel Opara was given a 60-month sentence and ordered to pay $2.5m in restitution after pleading guilty to charges of wire fraud and …
Shaun Nichols, 13 Sep 2018
Woman looks sceptical at laptop

Email security crisis... What email security crisis?

In late August, Microsoft announced a free service that arguably reveals more about the future of the email business and its struggles with security than several years' worth of earnest press releases. Called AccountGuard, it's Microsoft's answer to the phenomenon of Russian phishing meddling with the US elections and the …
John E Dunn, 11 Sep 2018
phishing

Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

A security researcher has disclosed a bug that could be abused to spoof website addresses in either Edge or Safari. Rafay Baloch told The Register that while Microsoft has since patched the flaw (CVE-2018-8383) in its browser, Apple has been dragging its feet on a fix for Safari for weeks, and the browser remains vulnerable …
Shaun Nichols, 11 Sep 2018

Feel the shame: Email-scammed staffers aren't telling bosses about it

The number of UK companies on the receiving end of business scams involving email has risen by nearly two-thirds – 58 per cent – in the last year, new data from Lloyds Bank has revealed. Stats from the bank showed the average loss from so-called "business email compromise" (BEC) frauds has reached £27,000. IT workers are …
John E Dunn, 7 Sep 2018
Pinky and the Brain

Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks

A pair of cybercrooks who may have started out as legit infosec pros have expanded their operations outside Russia and begun attacking banks across the world. "Silence is an example of a mobile, small, and young group that has been progressing rapidly," Group-IB said, adding that the cybercrime group has shown signs of …
John Leyden, 5 Sep 2018
phishing

Cybercrooks home in on infosec's weakest link – you poor gullible people

Cybercrims are ramping up their efforts to target employees through fraudulent email and social media scams, according to a new study by email security firm Proofpoint. Retailers and government agencies saw huge quarter-on-quarter increases in email fraud attempts in calendar Q2, with attacks per company and agency soaring 91 …
John Leyden, 5 Sep 2018
phishing_648

If you have to simulate a phishing attack on your org, at least try to get something useful from it

Just when it looked as if the US Democratic National Committee (DNC) had finally got one over on the phishing hackers that had been owning it since 2016, the triumph was torn away by a moment of rebellious fakery. On August 20, DNC security partner Lookout's machine-learning system spotted a site impersonating the DNC …
John E Dunn, 29 Aug 2018
Image composite Andreas Berheide https://www.shutterstock.com/gallery-584422p1.html

US Democrats call in Feds: There's something phishy going on with our voter database

Updated The Democratic National Committee (DNC) has called in the FBI after uncovering an apparent attack against its internal voter database system. CNN reported that the DNC learned of the attempted phishing attack from cloud service provider DigitalOcean via Lookout, a mobile security firm that detected the malfeasance. Miscreants …
John Leyden, 23 Aug 2018
card

The End for Fin7: Feds cuff suspected super-crooks after $$$m stolen from 15m+ credit cards

The FBI has arrested the alleged three leaders of an international crime syndicate that stole huge numbers of credit card numbers – which were subsequently sold on and used to rack up tens of millions of dollars in spending sprees. Speaking in Seattle, USA, where the Feds' cybersecurity taskforce is based, agents said the " …
Killer whale, photo via Shutterstock

Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry

Business email accounts remain a lucrative way for scammers to get into companies and turn a quick buck. The FBI's Internet Crime Complaint Center (IC3) says that attacks using Business Email Compromise (stealing a legit business account and then using it to transfer funds out to criminals) incidents have exploded, with …
Shaun Nichols, 17 Jul 2018
Open barn door

It's mid-year report time, let's see how secure corporate networks are. Spoiler alert: Not at all

Companies are still leaving basic security flaws and points of entry wide open for hackers to exploit. This according to research from security house Positive Technologies, which says that its penetration testers found that enterprises were rife with things like months-old unpatched vulnerabilities and unsecured access points …
Shaun Nichols, 10 Jul 2018
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Gmail is secure. Netflix is secure. Together they're a phishing threat

A developer has discovered that Gmail's email handling creates a handy phishing vector to attack Netflix customers. The problem is that Netflix, like most systems, recognises dots in e-mail handles (so richardchirgwin and richard.chirgwin are different accounts) – but Gmail does not. Over the weekend, developer James Fisher …

Botched upgrade at Belgian bank Argenta sparks phishing frenzy

Belgian bank Argenta has apologised for a botched tech plumbing upgrade that delayed transfers and confronted customers with incorrect balance data. The bank, which has 1.4 million Belgian customers, blamed the problems on post-upgrade issues with the data transfer mechanism between its two data centres, among other things. …
John Leyden, 6 Apr 2018
Detroit

1 in 5 Michigan state staffers fail phishing test but that's OK apparently

Network security for the US State of Michigan has been rated as "moderately sufficient" in an audit of its Department of Technology, Management, and Budget (DTMB). Michigan's DTMB, according to auditor Doug Ringler this month, got some things right but has a number of deficiencies in its IT security practices that need to be …
Thomas Claburn, 19 Mar 2018

Two things will survive a nuclear holocaust: Cockroaches and crafty URLs like ғасеьоок.com

It's been known for a long while that people can use similar-looking non-Roman characters to create internet addresses that look similar to real ones. These dishonest URLs have been doing the rounds for years. And, sadly, the abuse of homographs to craft dodgy web addresses continues well into this day, according to security …
Kieren McCarthy, 19 Jan 2018
rat

North Korea's finest spent 2017 distributing RATs, wipers, and phish

South Korea was the target of a barrage of malware campaigns last year. Cisco Talos's Warren Mercer and Paul Rascagneres (with contributions from Jungsoo An) spent the year watching goings-on on the Korean peninsula. The researchers focussed on one organisation (likely North Korean given the target, but this is unconfirmed), …

Create a news alert about phishing, or find more stories about phishing.

Biting the hand that feeds IT © 1998–2018