The recent cyber attacks on pro-Tibet groups in the U.S. (attack details, technical data) and on the Save Darfur Coalition, among others, have managed to catch the attention of some in the mainstream media. Such super-targeted spear phishing attacks have been on the rise for several years, and have become an important tool for corporate espionage and military infiltration attempts. Teaching users to recognize such attack emails is probably the most effective deterrence, as technology solutions have shown to not be particularly effective. Some companies and government agencies even conduct sting operations to ferret out which internal users fail the test, targeting them for additional training.
posted on Mar 27, 2008 - View this thread

Want to teach the youngsters (or parents, or yourself) how to avoid phishing scams? Anti-Phishing Phil is an online-game that uses Phil the fish to teach just that. Apparently it's more successful than a tutorial with the same information.
posted on Sep 27, 2007 - View this thread

Spoiling Harry Potter: Hacker claims to have spoiled the last Harry Potter book with a technique called spear phishing. "We make this spoiler to make reading of the upcoming book useless and boring ... It's amazing to see how much people inside the company have copies and drafts of this book." Let's see if we can discuss spoilers and spear phishing without actually spoiling anything here. Warning: The Wired link is safe, but it contains a link to the purported spoiler.
posted on Jun 21, 2007 - View this thread

OpenDNS is an interesting idea -- take the basics of DNS, add a bunch of features like caching servers, a phishing blacklist, and search engine fired off for misspelled domain names. Pretty handy and nice to see a service pop up where I thought browsers would someday fix (like typos). No software to install, just point your DNS at their IPs.
posted on Jul 19, 2006 - View this thread

Scientific American looks at the Rise of Crimeware Crimeware, or malware with criminal intentions is increasing exponentially. "My company scans 13 million emails a day, and of that email we stop between 3 million and 10 million messages a day because they contain some kind of malware [malicious software]. Of the malware we're seeing, 99.9% is crimeware--something where the bad guys are trying to steal money from the end user. We're detecting one to five new species of virus a day and seeing 100 to 200 new phishing sites appearing every day." Take a look at who's getting attacked. What can we do about it? (PDF report by DHS on crimeware)
posted on Mar 1, 2006 - View this thread

Despite efforts to stop phishing and pharming, they have continued to become more pervasive. While some tools, organizations and lawmakers are helping combat the problem, they have done little to curb these activities. Cellphones, Yahoo IM and AIM were all recently hit by new types of attacks. The AIM attack was more sophisticated than previous versions and combined phishing with a worm that installed software that allows the attacker to potentially take over the comprimised machine. To complicate problems further, a vast majority of these scams take place in locations that make it difficult if not impossible to prosecute the operators.

Because of this, I was delighted to read about hackers that are defacing phishing sites. While this is not legal either, it was some what satisfying to find out these asshats were getting a taste of there own medicine. Do any of you think a penny should be wasted persuing these hackers? If not, what are the legal implications in allowing hackers to attack some sites and not others?
posted on May 26, 2005 - View this thread

Students go 'phishing' for user info.
Indiana University grad students conducted an e-mail experiment showing the ease of login, username theft. The "hack" outraged some, but raised questions about privacy and the public sphere. A blog was created specifically to provide a forum for students involved in the study. The site lists comments -- some grateful that they have learned about phishing, but most are furious.
posted on Apr 27, 2005 - View this thread

Scams. There's always someone trying to get what's yours. They take advantage of the misery of others, and if you're labeled a sucker, then you could end up being deluged. Can you tell what is real?
posted on Feb 9, 2005 - View this thread

GMail not-so-safe Mail. So apparentley GMail has a major exploit that's been discovered by an Israeli hacker. "Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed." And so the fun with GMail begins..
posted on Oct 29, 2004 - View this thread

Identity theft is epidemic.
posted on Oct 25, 2004 - View this thread

Don't be fooled by fake blogger.com. Crackers are after your Blogger password.
posted on Jul 30, 2003 - View this thread

Nigerian email scam dudes. Possibly the first visual evidence of the rapscallions behind the scam that just keeps on sucking in new 'investors'.
posted on Jun 14, 2003 - View this thread

Hackers target Cell Phones With the connectivity of cell phones to the internet, hackers have begun to target cell phones, programming prank calls, placing calls to wherever and erasing the software in the phone.
posted on Mar 11, 2002 - View this thread

Invest now! The SEC has created a fake website to try and educate the naive. I can't decide if this is a good idea, or if someone has too much time on their hands and is wasting my tax dollars.
posted on Jan 30, 2002 - View this thread