Tag: PHISHING

It has emerged that the underlying cause of RSA's SecurID gaffe was the recently-reported zero-day vulnerability found in Adobe's Flash Player. The exploit, which used specially-crafted Flash embedding in Excel spreadsheets, was first reported on March 15 and has since been fixed. RSA was hacked sometime in the first half of March when an employee was successfully spear phished and opened an ...

In sad and lamentable news, it turns out that mobile users are three times more likely than desktop users to give up their personal details to phishing websites. Even worse, despite only making up 26% of the US smartphone market, 65% of successful attacks are on iPhone users. Android, with 24% of the market represents only 9% of phishing attacks -- but BlackBerry comes on top, with 36% of the ...

Email scams, or phishing, aren't going to disappear any time soon. As much as we'd like to think that people we know aren't taken in by messages like the one in the screenshot above, chances are good that you know of someone who has taken the bait. It's easy enough to recognize a scammy email message if you know what to look for, so let's break it down. Take the jump and we'll dissect this ...

It's a bit more intense reading than Google's Teach Parents Tech series, but Season's Warnings from Trend Micro is definitely something your less-techy friends and family members should read. Trend's guide covers several important topics, like phishing, giveaway scams, and wireless security. While it's only a dozen pages long, there's still plenty of good information inside that will help your ...

Facebook's immense popularity has made it a prime target for cybercriminals. Malicious (or 'poisoned') links, spam, and malvertising are all too common -- and it's far too easy for an unsuspecting Facebook user to be taken in. Hey, if one of your friends sends you a link to what seems like a hilarious picture, there's a decent chance you'll click through, right? ... And that's how the bad guys ...

Goo.gl, Google's URL shortener, has finally been given a website -- once there, you can shorten links and view real-time analytics of every short link you've ever created. The site itself is plain, like most of Google's offerings, but the real-time analytics page is nothing short of fantastic. You can break traffic down by hours, days, weeks, months and all time, and see the total number of ...

Back in March, Google added a very neat feature to Gmail that warns you of suspicious activity on your account. In essence (and I'm sure there's more to it than this), it simply checks the 'geolocation' of your IP address against any other logins on your account. If I log in from 'near London', and 30 minutes later someone logs in from 'near New York', an alert is produced. Today the same ...

By now, all but the most geriatric Web users know about phishing. Usually it takes the form of a seemingly-official email from a bank or other money-related Web service. Most of the time these attacks are painfully obvious -- but what if you removed the email attack vector? What if you removed those daft give-away URLs? What if the phishing attack was pure, seemingly-benign JavaScript that's ...

There's been no shortage of blog coverage about the stray iPhone left behind by Apple engineer Gray Powell in a California bar last month. While gadget and Apple blogs have been busily covering every possible piece of minutia around the incident, the device, and whether or not Mr. Powell wears black turtlenecks, the crew at Help Net Security was doing a different kind of digging. This is a hot ...

The security pros at Sophos Labs and McAfee have noticed a disturbing increase in Facebook phishing attacks lately. Facebook is a juicy target for this type of attack. Why? For starters, there are 350 million + users to go after. On top of that, many are less computer-savy users (like your parents and mine, teenagers, etc.) who may not be familiar with malware and how to protect themselves. ...

Since it's introduction last week, people have been clamoring for more information on the iPad. Apple has released a video and has posted some basic specs and pricing, but more information has been hard to come by. Scammers have started to pick up on this and have been looking for ways to exploit users searching for iPad websites. BBCNews reports that handful of security firms have been ...

DNS hijacking and poisoning has been around since the dawn of time -- it just didn't enter the popular media until recent high-profile attacks on Twitter, Baidu, and the success of China's Golden Shield Project. Basically, DNS in its current form is incredibly insecure when compared to corporate infrastructure. With DNS hacks it's very easy to set up pharming (think 'farming' combined with ...

Google's Android Market has a developer-friendly reputation, with open source code and no strict Apple-like approval process before devs can sell their software. Sometimes that openness is used for nefarious purposes, though, and malware creeps in. Just recently, the Android Market was hit with its first phishing attack, via some apps that used fairly standard tactics of mimicking bank websites to ...

Warning! There's a Twitter phish-fest going on at the moment. Hopefully you'll read this before you become an ill-fated Twit...! If you receive a DM that looks something like this: hi. this you on here? http://blogger.djh****.com Do not use the link! It will redirect you to a copycat Twitter log-in page, and then forward you to a fake fail whale -- and then later, when you least expect it, ...

Over 30,000 email addresses have been compromised, with their login info posted online, in the past few days. The BBC has apparently seen the list, and it includes Hotmail, AOL, Yahoo and Gmail users. None of those companies are to blame, though, because the owners of the email addresses got caught in a phishing scam. In case you're not already in the habit of making sure you're not giving your ...