Victims of online fraud are to blame for their misfortune and should not be rewarded with a refund for money they lose. This is the view of UK Metropolitan police commissioner Sir Bernard Hogan-Howe who says that banks should not pay money lost to online fraud as the victims have not taken their security seriously.

Rather than offering refunds to customers, banks should instead be encouraging them to use stronger password, keep antivirus software up to date, and generally be more careful. It's a view that’s certainly going to prove controversial and raises the question of whether the carrot or the stick is the best approach to tackling online fraud.

Companies seem to get compromised on a regular basis and, for the most part, it's security holes in their systems. But user error can also be blamed in some cases -- an errant click on an email attachment can unleash all matter of headaches for an IT department.

Such seems to be the case now with Seagate as reports are emerging of a loss of employee data that came via a phishing scam.

Signature-based security could be virtually useless as 97 percent of malware is unique to a specific endpoint says a new report.

This is among the findings of the latest annual Webroot Threat Brief which shows that today's threats are truly global and highly dynamic. Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information.

Hackers are constantly seeking new ways to attack systems and gain insider access to data. A new survey from IT security company Balabit reveals the 10 most popular hacking methods to help companies understand how to protect themselves.

The survey of almost 500 IT security practitioners reveals that social engineering is the most popular means of attack. Hackers aim to get a 'low level' insider user account by means of phishing and escalate its privileges.

According to a new report from security awareness specialist Wombat Security phishing attacks are on the rise and are supported by increasingly aggressive social engineering practices that make them more difficult to prevent.

Organizations surveyed indicated they have suffered malware infections (42 percent), compromised accounts (22 percent), and loss of data (4 percent) as a direct result of successful phishing attacks.

A new malware campaign is aiming specifically at businesses and consumers using the WhatsApp mobile messaging service.

Uncovered by researchers at Comodo Labs the campaign uses emails masquerading as WhatsApp content. These have an attached zip file containing a malware executable.

With the approach of the holiday season there's a spike in online shopping which means many people will be expecting the delivery of packages.

This of course is a window of opportunity for cyber criminals looking to steal personal information. It's perhaps not surprising then that Comodo Antispam Labs has identified a new global phishing threat, targeted at businesses and individuals who use DHL shipping.

Online attacks take a number of forms, and phishing is one of the more recent problems. Chrome has long featured Safe Browsing to notify people when they visit potentially dangerous websites, and today Google announces that the feature is growing to include social engineering.

Google describes social engineering as being a much broader category than traditional phishing. Typical examples include sites that trick visitors into imparting passwords or credit card details, and those which purport to be an official website when they are in fact malicious. The Safe Browsing expansion offers protection against a range of social engineering attacks that Google provides examples of.

A new phishing threat is targeting businesses and consumers with Apple IDs in an effort to steal IDs, passwords and credit card information.

The attack has been identified by Comodo Antispam Labs and looks like an official Apple email. It has the Apple logo and includes Apple's physical address, as well as an email address that, at a quick glance, appears to to be from Apple -- giving the recipient the illusion of the message being authentic.

UK customers of Vodafone are the latest victims of a hack attack. The telecoms company said that nearly 2,000 customer accounts had been accessed this week, exposing personal data including phone numbers and bank account details.

The security breach took place earlier this week, but it was only this weekend that Vodafone went public about it. A spokesperson said that the attack "was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone". There is warning that the owners of the affected accounts could be subject to phishing attacks.

Botnets are not a new problem, but they remain a key part of the cyber criminal's armoury. The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), a global industry forum dedicated to promoting best practices in cyber security, has issued its first report looking at the level of botnet infection. Based on information provided by ISPs covering over 43 million subscribers in the US and Europe it concludes that around one percent of consumers are infected by a bot. The good news is that notification rates are high with between 94 and 99.82 percent of those infected being notified of the problem by their ISP.

Even on those numbers botnets are a major problem. We spoke to Ken Simpson CEO of outbound traffic security company MailChannels and co-chair of M3AAWG's Botnet Subcommittee to find out about how botnets and spam have become big business.

Yesterday Adobe rolled out its monthly security patches, something all users should pay attention to given past history. Flash, Reader and Acrobat all received fixes, presumably remedying the current batch of problems plaguing the software. The problem is, nothing ever seems fixed in the world of Adobe.

To that end, a zero-day exploit has already been discovered by the folks at security firm Trend Micro. Yes, that didn't take long and Adobe didn't fix this one.

It's usually the case that the weakest link in any security system is the human element. That's particularly true when it comes to phishing attacks. Hackers have become more creative in the social engineering methods they use to gain access to sensitive information.

A new service called LUCY, aims to educate people and identify vulnerable endpoints by allowing businesses or individuals to simulate phishing attacks. We spoke to LUCY founder Oliver Muenchow to find out more about this approach.

Successful phishing attacks can lead to costs from loss of employee productivity and credential compromise, among other factors, which together may cost an average sized company $3.77 million per year.

New research released by Wombat Security Technologies and the Ponemon Institute finds that the phishing email click rate improved an average of 64 percent following security training.

Phishing is a popular route for cyber criminals to gain a foothold in organizations as the weakest link in security is usually the person sitting at the keyboard.

To help combat this Wombat Security is adding a new PhishAlarm to its security awareness and training platform. PhishAlarm is a plug-in for Microsoft Outlook that enables end users to report suspected phishing emails to security and incident response teams with a single mouse click.