Related tags:
security + (6)
scams + (4)
internet + (4)
hacking + (4)
email + (4)


Users that often use this tag:
the man of twists ... (2)

If special hardware can crack all your passwords, if people have a hard time remembering them anyway, if people don't implement them in the first place, it is no wonder Google (with Yubico) is "declar[ing] war on the password." [more inside]
posted by the man of twists and turns on Jan 19, 2013 - 76 comments

An advanced and well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia.

The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation “Red October.”

[more inside]
posted by the man of twists and turns on Jan 15, 2013 - 26 comments

For the past 18 months, engineers at PayPal, Google, Facebook, Yahoo, AOL, Microsoft and nine other technology companies have spent their off-hours (and some on-hours) working hand in hand to tackle the problem that plagues them all: e-mail phishing. The result is DMARC, or, "Domain-based Message Authentication, Reporting & Conformance". It's not new, but puts SPF and DKIM to work in a new way.
posted by Blake on Jan 31, 2012 - 45 comments

A thread at Apple's Support site has popped up with frustrated users describing nearly identical iTunes account disruptions: up to hundreds of dollars of charges are being racked up by fraudulent buyers, using iTunes gift card balances and even credit card information to fund the purchases. [more inside]
posted by Khazk on Mar 9, 2011 - 71 comments

The latest paper-based video from the folks at Common Craft. This video explains the ins and outs of phishing scams. Show it to your less web-savvy brethren.
posted by dbarefoot on Oct 21, 2008 - 5 comments

The recent cyber attacks on pro-Tibet groups in the U.S. (attack details, technical data) and on the Save Darfur Coalition, among others, have managed to catch the attention of some in the mainstream media. Such super-targeted spear phishing attacks have been on the rise for several years, and have become an important tool for corporate espionage and military infiltration attempts. Teaching users to recognize such attack emails is probably the most effective deterrence, as technology solutions have shown to not be particularly effective. Some companies and government agencies even conduct sting operations to ferret out which internal users fail the test, targeting them for additional training. [more inside]
posted by gemmy on Mar 27, 2008 - 21 comments

Want to teach the youngsters (or parents, or yourself) how to avoid phishing scams? Anti-Phishing Phil is an online-game that uses Phil the fish to teach just that. Apparently it's more successful than a tutorial with the same information.
posted by dr. moot on Sep 27, 2007 - 8 comments

Spoiling Harry Potter: Hacker claims to have spoiled the last Harry Potter book with a technique called spear phishing. "We make this spoiler to make reading of the upcoming book useless and boring ... It's amazing to see how much people inside the company have copies and drafts of this book." Let's see if we can discuss spoilers and spear phishing without actually spoiling anything here. Warning: The Wired link is safe, but it contains a link to the purported spoiler.
posted by Cool Papa Bell on Jun 21, 2007 - 82 comments

OpenDNS is an interesting idea -- take the basics of DNS, add a bunch of features like caching servers, a phishing blacklist, and search engine fired off for misspelled domain names. Pretty handy and nice to see a service pop up where I thought browsers would someday fix (like typos). No software to install, just point your DNS at their IPs.
posted by mathowie on Jul 19, 2006 - 53 comments

Scientific American looks at the Rise of Crimeware Crimeware, or malware with criminal intentions is increasing exponentially. "My company scans 13 million emails a day, and of that email we stop between 3 million and 10 million messages a day because they contain some kind of malware [malicious software]. Of the malware we're seeing, 99.9% is crimeware--something where the bad guys are trying to steal money from the end user. We're detecting one to five new species of virus a day and seeing 100 to 200 new phishing sites appearing every day." Take a look at who's getting attacked. What can we do about it? (PDF report by DHS on crimeware)
posted by clockworkjoe on Mar 1, 2006 - 21 comments

Despite efforts to stop phishing and pharming, they have continued to become more pervasive. While some tools, organizations and lawmakers are helping combat the problem, they have done little to curb these activities. Cellphones, Yahoo IM and AIM were all recently hit by new types of attacks. The AIM attack was more sophisticated than previous versions and combined phishing with a worm that installed software that allows the attacker to potentially take over the comprimised machine. To complicate problems further, a vast majority of these scams take place in locations that make it difficult if not impossible to prosecute the operators.

Because of this, I was delighted to read about hackers that are defacing phishing sites. While this is not legal either, it was some what satisfying to find out these asshats were getting a taste of there own medicine. Do any of you think a penny should be wasted persuing these hackers? If not, what are the legal implications in allowing hackers to attack some sites and not others?
posted by Mr_Zero on May 26, 2005 - 17 comments

Students go 'phishing' for user info.
Indiana University grad students conducted an e-mail experiment showing the ease of login, username theft. The "hack" outraged some, but raised questions about privacy and the public sphere. A blog was created specifically to provide a forum for students involved in the study. The site lists comments -- some grateful that they have learned about phishing, but most are furious.
posted by ericb on Apr 27, 2005 - 13 comments

Scams. There's always someone trying to get what's yours. They take advantage of the misery of others, and if you're labeled a sucker, then you could end up being deluged. Can you tell what is real?
posted by viama on Feb 9, 2005 - 19 comments

GMail not-so-safe Mail. So apparentley GMail has a major exploit that's been discovered by an Israeli hacker. "Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed." And so the fun with GMail begins..
posted by mrplab on Oct 29, 2004 - 9 comments

Identity theft is epidemic.
posted by semmi on Oct 25, 2004 - 17 comments

Don't be fooled by fake blogger.com. Crackers are after your Blogger password.
posted by hoder on Jul 30, 2003 - 15 comments

Nigerian email scam dudes. Possibly the first visual evidence of the rapscallions behind the scam that just keeps on sucking in new 'investors'.
posted by apocalypse miaow on Jun 14, 2003 - 13 comments

Hackers target Cell Phones With the connectivity of cell phones to the internet, hackers have begun to target cell phones, programming prank calls, placing calls to wherever and erasing the software in the phone.
posted by Lanternjmk on Mar 11, 2002 - 7 comments

Invest now! The SEC has created a fake website to try and educate the naive. I can't decide if this is a good idea, or if someone has too much time on their hands and is wasting my tax dollars.
posted by FreezBoy on Jan 30, 2002 - 8 comments