Copyright complaint as phishing email
An anonymous bank worker writes, "What follows is the content of an email send to the whole company as a warning:" A fraudulent email has recently made its way into xxxxxxxx entitled “Cease and...
View ArticleRecursive phishing email
Bruce Sterling received a phishing email purporting to be a followup to a report of a phishing email. Coming soon: a phishing email purporting to be a phishing email purporting to be a followup to a...
View ArticleClik here to view.
Gangs run mass-scale romance cons with phished dating-site logins
Netcraft reports on a rising tide of automated phishing deployed against online dating sites; crooks steal accounts, strike up romantic relationships with their victims, then run 419-style cons on...
View ArticleTabnapping: a new phishing attack [2010]
Aza Raskin's Tabnapping is a proof-of-concept for a fiendish attack: a tab that waits until you're not watching, then turns itself into a convincing Google login screen that you assume you must have...
View ArticleClik here to view.
Spear phishers with suspected ties to Russian government spoof fake EFF...
The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java...
View ArticleClik here to view.
Phishers make off with W2 tax forms for several thousand Seagate employees
Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud. (more…)
View ArticleClik here to view.
US Embassy staffer ran a sextortion racket from work computer for 2 years
Michael C Ford has been sentenced to four years and nine months in prison, having pleaded guilty to running a sextortion/phishing operation from his work computer at the US embassy in London for two...
View ArticleClik here to view.
Security-conscious darkweb crime marketplaces institute world-leading...
If you are a seller on Alphabay -- a darkweb site that sells "drugs, stolen data and hacking tools," you'll have to use two-factor authentication (based on PGP/GPG) for all your logins. (more…)
View ArticleClik here to view.
Phishers trick Mattel into transferring $3M to a Chinese bank
Last spring, in the chaos following the firing of Mattel's CEO (who presided over a disastrous slide in Barbie sales), a Mattel finance executive got an email from his new boss, replacement CEO...
View ArticleClik here to view.
Phishing for Bitcoin with fake 0-days
Arriving in my inbox at a steady clip this morning: a series of phishing emails aimed at Bitcoiners, promising that the sender has found a bug in "the Bitcoin client" and promising "Pay 0.07 BTC...
View ArticleClik here to view.
Iranians connected to phishing attempt on tortured Syrian activist
Former Syrian National Council vice-president Nour Al-Ameer fled to Turkey after being arrested and tortured by the Assad regime -- that's when someone attempted to phish her and steal her identity...
View ArticleClik here to view.
EFF and partners reveal Kazakh government phished journalists, opposition...
At Defcon, researchers from the Electronic Frontier Foundation, First Look Media and Amnesty International, revealed their findings on a major phishing attack through which the government of...
View ArticleClik here to view.
Researchers learn about wire-fraud scam after Nigerian scammers infect...
In Wire Wire: A West African Cyber Threat, researchers from Secureworks reveal their findings from monitoring a Nigerian bank-fraud ring whose members had unwittingly infected themselves with their...
View ArticleClik here to view.
Whaling: phishing for executives and celebrities
A fraudster's term of art, "whaling" refers to phishing attempts targeted at "C-level corporate executives, politicians and celebrities" -- it's a play on "phishing" (attacks that trick users into...
View ArticleClik here to view.
12 days of two-factor authentication: this Xmas, give yourself the gift of opsec
The Electronic Frontier Foundation has launched a new series, 12 Days of 2FA, in which every installment explains how to turn on two-factor authentication for a range of online services and platforms....
View ArticleClik here to view.
It turns out that halfway clever phishing attacks really, really work
A new phishing attack hops from one Gmail account to the next by searching through compromised users' previous emails for messages with attachments, then replies them from the compromised account,...
View ArticleClik here to view.
Amnesty: hackers spent months building personas used to phish Qatari labor...
In a new report, Amnesty International summarizes the security research they did on the victims of a sophisticated phishing attack aimed at Qatari labor activists, dubbed "Operation Kingphish." (more…)
View ArticleClik here to view.
How a fishing guide's WordPress site became home to half a million fraudulent...
Ned Desmond shares the scary story of how a small site he managed that advertised fishing expeditions ended up with 565,192 scam pages. He also suggests five ways to avoid the same fate. (more…)
View ArticleClik here to view.
Unknown hackers have gained near-total control over some US power generation...
Hacker takeovers of power infrastructure have been seen in Ukraine (where they are reliably attributed to Russian state actors), but now the US power-grid has been compromised by hackers of unknown...
View ArticleClik here to view.
Spam was nearly dead, then it became an essential tool for crime and came...
In the early 2000s, a mix of legislative action, vigorous prosecution and advanced countermeasures looked set to kill spam: the terrible economics of mass-scale marketing could easily be disrupted by...
View ArticleClik here to view.
Jargon watch: smishing and vishing
Smishing: phishing with SMSes. Vishing: phishing with voice-response systems. A pair of Romanian hackers have been extradited to the U.S. after allegedly bilking unwitting victims out of more than $18...
View ArticleClik here to view.
New sextortion phishing scam uses target's harvested password
A new twist on an old email scam making the rounds addresses its recipients by name and uses an actual password (hopefully deprecated). They attempt to blackmail victims, and it's definitely a little...
View ArticlePhishers steal San Diego school data going back to 2008 -- UPDATED
After a successful phishing attack that captured over 50 accounts, hackers stole 500,000 records from the San Diego Unified School District, for staff, current students, and past students going all...
View ArticleIt's dismayingly easy to make an app that turns a smart-speaker into a...
German security researchers from Security Research Lab created a suite of apps for Google and Amazon smart speakers that did trivial things for their users, appeared to finish and go dormant, but...
View ArticleClik here to view.
Project Veritas scammed out of $165,000 by a phishing email
Project Veritas, the conservative media group known for staging "sting operations" with hidden cameras where they trick people into saying things out of context that "confirm" right-wing conspiracy...
View ArticleClik here to view.
The Strange Case of the Tom Ripley of Book Publishing
I've heard whispers about the "Spine Collector," as he's come to be known, for years now. The New York Times published a story about it last December; Vulture did a long-form feature on it in August...
View Article