Archive for the 'phish' Category
* http://en.wikipedia.org/wiki/Pushmi-pullyu#The_Pushmi-pullyu
In an article in the Register with the eye-catching title of "Verified by Visa bitchslapped by Cambridge researchers", John Leyden comments on the argument by Cambridge researchers Ross Anderson and Steve Murdoch that the 3D Secure system, better known as Verified by Visa or Mastercard Securecode is better suited to shifting liability for fraud … Read More…
I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet.
On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was … Read More…
"Now may I suggest some of the things we must do if we are to make the American dream a reality. First, I think all of us must develop a world perspective if we are to survive. The American dream will not become a reality devoid of the larger dream of brotherhood and peace and … Read More…
Responding to a request for information about phishing and malware distribution mechanisms this morning, I happened upon a link on the Anti-Phishing Working Group site to the Silver Tail blog
The site has been running a series of blogs on "Online Fraud from the Victim’s Perspective". Author Laura Mather tells the story of two victims, … Read More…
Here’s something I haven’t noticed before (but then I don’t pay nearly as much attention to phishing messages as I used to, owing to the need to sleep occasionally).
I’ve started to receive messages purporting to be from the Alliance and Leicester, in the UK. The messages are much the same, apart from the Subject … Read More…
Here’s a phish one of ESET’s partners drew our attention to: it’s aimed at users of Maybank (http://www.maybank2u.com), the largest financial services group in Malaysia. The scam is somewhat more elaborate than many we see, and it’s worth a little analysis to see what flags we can extract from it for spotting a phisher at work
From: Maybank Online … Read More…
A new advisory from the Anti-Phishing Working Group (APWG) offers advice to website owners on what actions to take when notified that their site or server has been compromised for use by phishers.
At 18 pages, it’s a substantial high-level document, including:
Some web site phishing attack and response scenarios
Identifying an attack
Reporting a compromise (how … Read More…
As talk goes on in Washington DC about a 2009 Stimulus payment, the phisher are still trying to exploit the 2008 stimulus program. One such attack claims to be the secure way to get your stimulus payment. There was only one secure way to do that, and it was by going through the IRS. There … Read More…
It occurs to me that I should make it clear that this "top ten" isn’t in any particular order. Like the other "top ten" suggestions by the research team that are likely to find their way here in the near future, they’re all significant issues that need thinking about.
Point 9 (a short one!) is, don’t connect … Read More…
[Update info moved to new blog post on 6th January]
In deference to all those old enough to get a panic attack when reminded of how bad pop music was capable of being in the 1970s, I’ll try to overcome by the urge to mention "Chirpy Chirpy Tweet Tweet".
Anyway, to business. Having all the blogs … Read More…
- David Harley (741)
- Randy Abrams (431)
- Cameron Camp (111)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (31)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Tasneem Patanwala (3)
- Alexis Dorais-Joncas (3)
- Peter Stancik (2)
- Aleksandr Matrosov (2)
RSS
