MetaFilter posts tagged with phishing

Super-targeted spear phishing attacks

gemmy — Thu, 27 Mar 2008 20:34:53 -0800

The recent cyber attacks on pro-Tibet groups in the U.S. (attack details, technical data) and on the Save Darfur Coalition, among others, have managed to catch the attention of some in the mainstream media. Such super-targeted spear phishing attacks have been on the rise for several years, and have become an important tool for corporate espionage and military infiltration attempts. Teaching users to recognize such attack emails is probably the most effective deterrence, as technology solutions have shown to not be particularly effective. Some companies and government agencies even conduct sting operations to ferret out which internal users fail the test, targeting them for additional training. Thanks to homunculus for encouraging me to post on this.

Phil the fish phishing school

dr. moot — Thu, 27 Sep 2007 14:04:49 -0800

Want to teach the youngsters (or parents, or yourself) how to avoid phishing scams? Anti-Phishing Phil is an online-game that uses Phil the fish to teach just that. Apparently it's more successful than a tutorial with the same information.

Spoiling Harry Potter

Cool Papa Bell — Thu, 21 Jun 2007 15:55:30 -0800

Spoiling Harry Potter: Hacker claims to have spoiled the last Harry Potter book with a technique called spear phishing. "We make this spoiler to make reading of the upcoming book useless and boring ... It's amazing to see how much people inside the company have copies and drafts of this book." Let's see if we can discuss spoilers and spear phishing without actually spoiling anything here. Warning: The Wired link is safe, but it contains a link to the purported spoiler.

OpenDNS

mathowie — Wed, 19 Jul 2006 10:08:25 -0800

OpenDNS is an interesting idea -- take the basics of DNS, add a bunch of features like caching servers, a phishing blacklist, and search engine fired off for misspelled domain names. Pretty handy and nice to see a service pop up where I thought browsers would someday fix (like typos). No software to install, just point your DNS at their IPs.

The Rise of Crimeware

clockworkjoe — Wed, 01 Mar 2006 11:58:37 -0800

Scientific American looks at the Rise of Crimeware Crimeware, or malware with criminal intentions is increasing exponentially. "My company scans 13 million emails a day, and of that email we stop between 3 million and 10 million messages a day because they contain some kind of malware [malicious software]. Of the malware we're seeing, 99.9% is crimeware--something where the bad guys are trying to steal money from the end user. We're detecting one to five new species of virus a day and seeing 100 to 200 new phishing sites appearing every day." Take a look at who's getting attacked. What can we do about it? (PDF report by DHS on crimeware)

Phishing Hack

Mr_Zero — Thu, 26 May 2005 12:06:41 -0800

Despite efforts to stop phishing and pharming, they have continued to become more pervasive. While some tools, organizations and lawmakers are helping combat the problem, they have done little to curb these activities. Cellphones, Yahoo IM and AIM were all recently hit by new types of attacks. The AIM attack was more sophisticated than previous versions and combined phishing with a worm that installed software that allows the attacker to potentially take over the comprimised machine. To complicate problems further, a vast majority of these scams take place in locations that make it difficult if not impossible to prosecute the operators.

Because of this, I was delighted to read about hackers that are defacing phishing sites. While this is not legal either, it was some what satisfying to find out these asshats were getting a taste of there own medicine. Do any of you think a penny should be wasted persuing these hackers? If not, what are the legal implications in allowing hackers to attack some sites and not others?

Students go 'phishing' for user info

ericb — Wed, 27 Apr 2005 11:57:55 -0800

Students go 'phishing' for user info.
Indiana University grad students conducted an e-mail experiment showing the ease of login, username theft. The "hack" outraged some, but raised questions about privacy and the public sphere. A blog was created specifically to provide a forum for students involved in the study. The site lists comments -- some grateful that they have learned about phishing, but most are furious.

Scams

viama — Wed, 09 Feb 2005 00:03:07 -0800

Scams. There's always someone trying to get what's yours. They take advantage of the misery of others, and if you're labeled a sucker, then you could end up being deluged. Can you tell what is real?

Google falters? Can't be!

mrplab — Fri, 29 Oct 2004 16:37:21 -0800

GMail not-so-safe Mail. So apparentley GMail has a major exploit that's been discovered by an Israeli hacker. "Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed." And so the fun with GMail begins..

crime

semmi — Mon, 25 Oct 2004 09:06:07 -0800

Identity theft is epidemic.