Articles about Phishing

A new malware campaign is aiming specifically at businesses and consumers using the WhatsApp mobile messaging service.

Uncovered by researchers at Comodo Labs the campaign uses emails masquerading as WhatsApp content. These have an attached zip file containing a malware executable.

Continue reading →

With the approach of the holiday season there's a spike in online shopping which means many people will be expecting the delivery of packages.

This of course is a window of opportunity for cyber criminals looking to steal personal information. It's perhaps not surprising then that Comodo Antispam Labs has identified a new global phishing threat, targeted at businesses and individuals who use DHL shipping.

Continue reading →

Online attacks take a number of forms, and phishing is one of the more recent problems. Chrome has long featured Safe Browsing to notify people when they visit potentially dangerous websites, and today Google announces that the feature is growing to include social engineering.

Google describes social engineering as being a much broader category than traditional phishing. Typical examples include sites that trick visitors into imparting passwords or credit card details, and those which purport to be an official website when they are in fact malicious. The Safe Browsing expansion offers protection against a range of social engineering attacks that Google provides examples of.

Continue reading →

A new phishing threat is targeting businesses and consumers with Apple IDs in an effort to steal IDs, passwords and credit card information.

The attack has been identified by Comodo Antispam Labs and looks like an official Apple email. It has the Apple logo and includes Apple's physical address, as well as an email address that, at a quick glance, appears to to be from Apple -- giving the recipient the illusion of the message being authentic.

Continue reading →

UK customers of Vodafone are the latest victims of a hack attack. The telecoms company said that nearly 2,000 customer accounts had been accessed this week, exposing personal data including phone numbers and bank account details.

The security breach took place earlier this week, but it was only this weekend that Vodafone went public about it. A spokesperson said that the attack "was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone". There is warning that the owners of the affected accounts could be subject to phishing attacks.

Continue reading →

Botnets are not a new problem, but they remain a key part of the cyber criminal's armoury. The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), a global industry forum dedicated to promoting best practices in cyber security, has issued its first report looking at the level of botnet infection. Based on information provided by ISPs covering over 43 million subscribers in the US and Europe it concludes that around one percent of consumers are infected by a bot. The good news is that notification rates are high with between 94 and 99.82 percent of those infected being notified of the problem by their ISP.

Even on those numbers botnets are a major problem. We spoke to Ken Simpson CEO of outbound traffic security company MailChannels and co-chair of M3AAWG's Botnet Subcommittee to find out about how botnets and spam have become big business.

Continue reading →

Yesterday Adobe rolled out its monthly security patches, something all users should pay attention to given past history. Flash, Reader and Acrobat all received fixes, presumably remedying the current batch of problems plaguing the software. The problem is, nothing ever seems fixed in the world of Adobe.

To that end, a zero-day exploit has already been discovered by the folks at security firm Trend Micro. Yes, that didn't take long and Adobe didn't fix this one.

Continue reading →

It's usually the case that the weakest link in any security system is the human element. That's particularly true when it comes to phishing attacks. Hackers have become more creative in the social engineering methods they use to gain access to sensitive information.

A new service called LUCY, aims to educate people and identify vulnerable endpoints by allowing businesses or individuals to simulate phishing attacks. We spoke to LUCY founder Oliver Muenchow to find out more about this approach.

Continue reading →

Successful phishing attacks can lead to costs from loss of employee productivity and credential compromise, among other factors, which together may cost an average sized company $3.77 million per year.

New research released by Wombat Security Technologies and the Ponemon Institute finds that the phishing email click rate improved an average of 64 percent following security training.

Continue reading →

Phishing is a popular route for cyber criminals to gain a foothold in organizations as the weakest link in security is usually the person sitting at the keyboard.

To help combat this Wombat Security is adding a new PhishAlarm to its security awareness and training platform. PhishAlarm is a plug-in for Microsoft Outlook that enables end users to report suspected phishing emails to security and incident response teams with a single mouse click.

Continue reading →

Google is life. Well, not really, but for some people it kind of is. For many of us, a Gmail account became a gateway to an entire Google lifestyle. One password logs us into numerous services, which is super convenient, but also quite scary. Over time, it is easy to let your guard down and fall for phishing sites that pretend to be a legit Google login. If your Google credentials are intercepted, you are going to have a bad time.

Today however, the search-giant releases an open source Chrome browser extension aimed to thwart these stinky phishing goons. Called "Password Alert", it will hopefully protect your credentials and keep the sun shining on planet Google.

Continue reading →

There are 85,000 new malicious IPs launched every day and the top phishing targets are technology companies and financial institutions.

These are among the findings of a new report from threat intelligence and security company Webroot. The Webroot 2015 Threat Brief provides the latest cyber threat trends collected from tens of millions of users and over 30 security technology partners.

Continue reading →

There is no need for cybercriminals to launch sophisticated attacks, or exploit vulnerabilities, to gain access to valuable information; a simple phishing email is all that's needed to convince a worrying number of people to hand over their login credentials. This is just one of the findings of a new security report due to be published by Verizon.

The telco reports that more than two thirds of security breaches involving phishing tactics. The number of people who fall for this type of scam means that phishing remains successful and popular as a means of extracting data from people. In this age of technological enlightenment, it might come as a surprise that more than one in 10 people who receive a phishing email open attachments or click the links they contain.

Continue reading →

A security flaw has been discovered in a number of UK news websites, potentially placing 24.5 million users at risk. The problem was found in websites run by Johnston Press, a UK media group that is responsible for scores of regional news websites.

Just a few days ago we reported about the findings of security researcher Brute Logic. He discovered an XSS vulnerability on Amazon that risked exposing user data and could be used to compromise accounts. Now the same researcher has discovered another cross-site scripting security flaw that could be used to redirect visitors to malicious websites -- and it's worryingly simple to exploit.

Continue reading →