Items tagged with Phishing
In an ongoing effort to stay one step ahead of the bad guys (or at least keep pace with them), Google has decided to block sign-ins from embedded browser frameworks, such as the Chromium Embedded Framework (CEF). The new policy will go into effect in June, so developers have a couple of months to adjust. This is intended as yet another layer of protection to keep users safe from phishing attempts, malware, and so forth. In this particular instance, blocking sign-ins from embedded browser frameworks is intended to protect against man-in-the-middle (MITM) attacks, which is basically when an attacker is able to eavesdrop communication between two parties. Enabling two-factor authentication can help,...
Read more...
Phishing attacks have become one of the most common methods of scamming unsuspecting people out of something - usually money. We may all think we have our guards up to all forms of attacks, but when they can hit us through every form of communication, it's bound to happen to someone. In a recent series of phishing attacks, Netflix and its many millions of customers have been targeted. The risk of damage from this phishing attempt seeking payment information has led the FTC to issue a specific warning about it. The agency also notes simple things you can do you spot a phishing attack: the first step is simply looking closer at such emails. If you simply skim over it, you might become a victim....
Read more...
Everyone has to deal with scams and phishing attempts online today, even Google. To protect its workers from phishing scams that could result in the theft of IP, Google took advantage of security keys for all its 85,000 workers. Since that roll out, no accounts have been compromised. The keys are USB-based security devices, such as the YubiKey pictured below, that offer an alternative to two-factor authentication. In two-factor authentication, a person must know the username or login for a website and have something like a key or an app for the second part of the authentication. "Users might be asked to authenticate using their security key for many different apps/reasons," said a Google spokesperson....
Read more...
The nasty WannaCry outbreak has us all a little bit on edge. It also serves as a sobering reminder that a simple phishing scam can still create quite a bit of havoc. Sure, savvy PC users know better than to click on mysterious URLs in emails and instant messages, but for the bad guys, it's simply a numbers game—throw enough bait into the sea and you're bound to get a bite. To make things a bit more difficult for phishers, Google is implementing Safe Browsing technologies into Gmail. This is one of the many benefits of machine learning technology. According to Google, machine learning mechanisms help Gmail block spam and phishing messages from showing up in inboxes with over 99.9 percent accuracy....
Read more...
Every savvy computer user knows to be wary of things like email attachments and hyperlinked text, especially (though not solely) when receiving an unexpected communication. It does not matter if the communication comes from a trusted source or not. In case anyone needs reminded of this, there is yet another phishing scam making the rounds, this time in attempt to dupe users through Gmail and Google Docs.This latest scam is rather sophisticated. It is basically a computer worm masquerading as an email from a trusted contact. It asks the recipient to check out an attached Google Docs (or GDocs) file. Clicking on the link then takes the recipient to a legitimate Google Security page where they're...
Read more...
If you're using Google's Chrome browser as your primary vehicle to surf the web, you may want to think about temporarily parking it and puttering around in something else. That's because the most recent version of Chrome is vulnerable to a devious phishing attack, one that is capable of spoofing a legitimate website in the address bar so that you could be tricked into forking over your login credentials and other sensitive data. This particular variant uses unicode to register domains that look exactly the same as real domains. However, these fake domains can be used for malicious purposes, such as getting a user to sign into a banking site or some other portal where login credentials and other...
Read more...
As if hackers do not already have an easy enough time duping Internet users into forking over personal information, it turns out that browser autofill profiles may be helping them out when they're supposed to be making things more convenient for the person who inputted his information. By implementing hidden fields on a website, an attacker can turn an autofill profile against the user, in a manner of speaking.Here is the deal with autofill profiles, they're a relatively new feature of today's browsers that allow users to input information about themselves that are commonly of interest to legitimate ecommerce sites, banking pages, and other online services that ask users to fill out an online...
Read more...
Google has a message for webmasters serving up malware and it goes something like this: Fool me once, shame on you. Fool me twice, shame on me. Going forward, Google is plugging what it calls a "gap" in its online protection scheme that allowed sites serving up malicious content to become repeat offenders without much repercussion or warning to users. In the past, sites that ran afoul of Google's "Malware, Unwanted Software, Phishing, and Social Engineering Policies" were temporarily branded with a warning to users. The brand would remain until Google could verify that the site is no longer serving up malicious content, and that verification service could be requested by the webmaster. "However,...
Read more...
Twitter needs to get a handle on its Promoted Tweets feature and it needs to do it quickly. The problem has to do with vetting, or lack thereof. We don't know how widespread the problem is, but there is at least one Promoted Tweet going around that is nothing more than a phishing scam preying on the desire of Twitter users to have a verified account.The microblogging service previously reserved restricted accounts for Twitter users that it identified on its own as being worthy of such a badge, typically celebrities, famous athletes, popular media personalities, and other prominent users. A little over three months ago, Twitter went live with an online application process so that anyone could...
Read more...
There are many different ways of hacking into a person's email account. Some are rather sophisticated and involve a lot of effort, while on the end of the spectrum a scheme known as phishing is one of the easiest methods—all you need is a cooperative victim with limited technical savvy. Hackers found both in John Podesta, Chairman of the Hillary Clinton presidential campaign.What is even more startling is that hackers found the same in Clinton's IT staff. It now appears that it was not some complex hacking that compromised the security of Podesta's email account, it was the inability to recognize a phishing attempt despite multiple telltale signs.WikiLeaks has been making public hacked emails...
Read more...
We talk a lot about the importance of businesses beefing up security to protect from the threat of those who might want to gain access to internal networks. Last week, we were given another great example of why: an integral piece of Linux software suffered a bug that at first seemed modest but turned out to be quite severe. These issues can creep up out of nowhere, and those who actively beef up their security will be those who suffer the least amount of hassle in the future. As important as that kind of security is, though, some of the biggest flaws inside of a company can be the employees themselves. People make mistakes, after all, and can fall victim to a scheme that at first just seems...
Read more...
Computer hackers accessed personally identifiable information and financial details belonging to around 1,400 University of Virginia workers as part of an email phishing scam, the University announced. An internal investigation determined that the culprits first accessed the stolen records in early November 2014 and continued to pluck private data up through early February 2015. The phishing emails were successful in tricking an untold number of recipients with access to the University's Human Resources system into coughing up their usernames and passwords. Once the hackers had the necessary login details, they were able to access W-2 forms of around 1,400 of the University's more than 20,000...
Read more...
ICANN, a non-profit organization that is responsible for looking after the names and domains of the Internet, announced that it has suffered a serious phishing attack that compromised its data. An investigation is underway, but ICANN believes that it was the victim of a “spear phishing” attack that was first initiated last month. Fake email messages that appeared to come from the company’s own domain had been sent to employees. As a result of the attack, the email credentials of several ICANN staff members were compromised. In addition, ICANN stated that its Centralized Zone Data System, which includes personal user detail information such as names and addresses, was compromised...
Read more...
Another day, another exploit/attack/hack/breach/phishing scam to worry about. This one concerns Valve’s Steam Guard Protection and a new phishing scheme that, if successful, allows a cybercriminal to steal a file that will bypass the Steam Guard Protection and allow the thief to log in to the victim’s account from any computer. The above is a fake--a phishing attempt Malwarebytes detailed how the scam works. When you attempt to log into Steam on a different machine and Steam Guard asks you to submit a verification code it will let you in. However, if the phisher gets you to fall for a fake message that looks just like the Steam Guard pop-up, he can acquire your SSFN file, which, when...
Read more...
