phishing | Page 4


Last week the security world was abuzz with news of a new attack vector for mobile attacks. The malware was sent to the accounts of Tibetan human rights advocates and activists from the hacked account of one of the activists regarding the the World Uyghur Congress (WUC) Conference that took place in Geneva from 11-13 March, 2013. What made the piece of malware particularly interesting was the targeted nature of the attack, once again highlighting the political aspect of cyber warfare and making us question whether governments and legitimate organizations... [Read More]
by RSS Ruchna Nigam  |  Jul 30, 2012  |  Filed in: Security Research
Many security and technology writers have had similar thoughts as this author has in regards to Yahoo's plan to recycle inactive email addresses (my previous post is here if you'd like to take a look). In response to Mat Honan's of Wired query to Yahoo for more comment, Yahoo made the following statement: "Our goal with reclaiming inactive Yahoo! IDs is to free-up desirable namespace for our users. We're committed and confident in our ability to do this in a way that's safe, secure and protects our users' data. It's important to note that the... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends & News
While an invaluable communication tool, email remains one of the most effective and reliable threat vectors around. The reason? It still works. It's no secret email is the gateway to sensitive customer information, crucial databases and other valuable data. Attacks that leverage email as the initial point of entry provide lucrative returns for their operators. The email security market has little room to be complacent. Email security continues to evolve to keep up with increasingly sophisticated, multi-faceted threats and counteract stealth malware... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in: Industry Trends & News
If you have an email account, it's pretty much guaranteed that you've seen a scam email... or worse, fallen prey to one. There is a big percentage of emails in cyberspace that belongs to the scam category. Emails that asks you to fill-out a survey form for a chance to win a vacation of a lifetime. Perhaps you've received an email that asks you about your financial information because they want to give you a big inheritance. Maybe it's an email that wants to let you in on an online deal that seems too good to be true. But scamming is not confined... [Read More]
by RSS Raul Alvarez  |  Jul 30, 2012  |  Filed in: Industry Trends & News
Yahoo announced last week that they're going to release what may be hundreds of thousands of inactive or unused @yahoo.com email addresses starting next month. While on the surface this seems like a good idea, it's really not. Here's a personal story that shows what can happen when a company decides to recycle unused email addresses: I had a friend years ago who wanted to sell some things on eBay, but was absolutely flummoxed as to what to do. So I walked her through the whole process. When it came to accepting payments, she asked if she could... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends & News
There are many dangerous threats lurking in cyberspace today, from software vulnerabilities and exploits, to viruses and botnets. Among these threats are phishing attacks, an electronic communication scam that attempts to secure highly personal information such as credit card info, user names and passwords by assuming the identity of a trustworthy entity. The trustworthy entity can be anything from a friend, who's email account has been compromised, to large legit corporations such as banks and online retailers such as Amazon and eBay. A typically... [Read More]
by RSS Derek Manky  |  Jun 07, 2011  |  Filed in: Security 101
AV Lab's honeypots have just started catching new malware seeding campaigns leveraging vaccination profiles for the H1N1 virus. The message is sent as a notification from the "Centers for Disease Control and Prevention (CDC)". Because the sender's email is spoofed and because the URL leading to the rogue website contains a "gov" subdomain, which can be mistaken for the top-level domain, the message may seem plausible to many people. Here is what the email looks like: From: "Centers for Disease Control and Prevention (CDC)" <info-mess-id:01203428med@cdcmails.gov>... [Read More]
by RSS Karine de Ponteves  |  Dec 01, 2009  |  Filed in: Security Research