Items tagged with Phishing

Googling your own name might not be such a narcissistic activity after all; in fact, it just must save you from identity theft. At least that's what Kevin Andreyo, a Wilkes University professor, discovered when he used the "deep web" search engine, Pipl, to see what information about him might be publicly available on the Internet. What he found was a link to a document that not only included his Comcast user name and password, but the document also included what appeared to be the user names and passwords of over 8,000 other Comcast customers. Andreyo was inspired by the March 10, People Search Engines: They Know Your Dark Secrets... And Tell Anyone, PC World article, to do a little sleuthing... Read more...
TinyURL is a popular URL shortening service which is frequently used to reduce the length of a URL to something more manageable. Security firm Trend Micro has warned that TinyURL phishing, first reported in February, is becoming more popular and spreading across different languages. An example of tinyURL use would be perhaps a Mapquest link to the San Francisco Botanical Garden in Golden Gate Park, which can be shortened to https://tinyurl.com/aaqgln instead of https://www.mapquest.com/maps?address=1199+9th+Avenue+San+Francisco%2C+Ca+94122. In a phishing scenario, this makes it difficult to mouse over a link to see exactly where it's going. It's also being used in instant messages from your "friends"... Read more...
It seems Google can’t catch a break. Just hours after Google’s Gmail service was hit by an outage that lasted several hours, Google Talk became the victim of a phishing scam. Users of the instant messaging service received a TinyURL link that appeared to be from friends on their buddy lists. When a user clicked the link, it would take him to a webpage that asked for his Google username and password. After doing so, the program would send similar messages to everyone on the user’s contact list. While many consumers have “wised up” to e-mail messages from purported banks and credit card companies phishing for login information, many users are not accustomed to receiving suspicious communications... Read more...
On the heels of the phishing attacks on Twitter and Digg, where all that immediately seemed to be at risk were logon credentials to the social sites, comes a potentially much more insidious problem.Security vendor Trusteer has found a JavaScript bug in all major browsers makes it easier for crooks to steal your login information while you're doing your online banking. It's called "in-session phishing," and what makes it more difficult to detect is that it happens when you're already logged into your banking site. The crooks can hack legitimate websites to create a pop-up window to verify your identity when you're already on the site. Security vendor Trusteer found the JavaScript bug in the biggest... Read more...
Oops, they hacked Twitter again.  Yep, in a breach totally separate from the phishing scam from last weekend, Twitter has been hacked.  And not just any account, either.  We're talking about the accounts of none other than the President-elect (which had been idle since the election), Britney Spears, Fox News, and a lot more.In total, according to Twitter, 33 high-profile accounts were hacked.  The explanation?  Support tools that are supposed to be used in case a user forgets a password or some other dire emergency were hacked into. What Happened? The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were... Read more...
A phishing scam, in 140 characters or less? That's what we have here, as a phishing scam apparently hit Twitter on Saturday. According to Twitter, If you receive an email notice saying you’ve received a Direct Message with a link that redirects to what seems like Twitter.com, be careful about entering your Twitter credentials. Instead, look closely at the URL to see if it’s not really Twitter but a sketchy phishing site like https://twitter.access-logins.com. If this has you feeling a bit weirded out, feel free to change your Twitter password. If you get the direct message in question, you'll get a message like the following, which Chris Pirillo received. hey! check out this funny blog about... Read more...
Sophisticated, targeted phishing attacks have successfully swiped data from roughly 15,000 victims within the last 15 months according to Internet security company, VeriSign. VeriSign believes that almost all of these attacks are coming from just two groups. "Unlike traditional phishing attacks, which are sent to millions in hopes of luring some victims to fake Web sites, spear-phishing emails contain personal information, such as the name of the victim or his employer's name to make them appear legitimate. In the attacks tracked by Verisign, victims are tricked into visiting malicious Web sites or opening malicious attachments, which then give attackers a back door onto their PCs so they can... Read more...
38 U.S. and Romanians have been arrested and indicted for phishing and related charges. “The indictments, in U.S. District Court for the Central District of California and the District of Connecticut, focus on two related phishing schemes with ties to organized crime, the U.S. Department of Justice said.  Phishing involves sending e-mail messages that look like official correspondents from banks or credit card vendors in an attempt to get recipients to go to a fake Web site and enter their account numbers. A grand jury in Los Angeles charged 33 people for their alleged participation in a scheme that targeted thousands of individual victims and hundreds of financial institutions.  The... Read more...
Phishing has become a very serious problem recently.  In fact, it has become so serious that new versions of leading browsers have anti-phishing technology built into them.  That doesn't mean that phishers are out of business.  No sir.In fact, it just means that they're trying to find new methods around new security measures.Phishers have actually devised not only a clever way around the issue, but a way to cast some doubt over the entire anti-phishing campaign in one audacious stroke: “Attackers could create a phishing site on the gmodules.com domain and then send that URL to victims. Because Google's gmodules.com domain is trusted by antiphishing filters, victims might then go to the phishing... Read more...
Prev 1 2 3