ESET Threat Blog

Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later, … Read More…

[Updated to repair a glitch in the registration link.] 

I’ve had a long if intermittent association with the Anti-Phishing Working Group, going back to the early noughties when I represented the UK’s National Health Service there for a while, and subsequently as an individual member and through my association with ESET. Its focus has widened from … Read More…

Spring is here and that means scam artists are thinking about income taxes and the IRS. Not that scam artists pay income taxes, they just know taxes and any mention of the IRS is a good way to get your attention, which explains a steady stream of deceptive emails targeting tax-paying Americans who now have … Read More…

Scumbags posts links on Facebook that can lead to malware infected websites, phishing forms, identity theft, financial losses, or worse. One hopes that all Facebook users have been warned about this by now, but how many have seen what these scams look like in action? When security experts advise "Do not click" with respect to … Read More…

I just looked in my junk box to find an “Amazing” sale on pirated software, but I have to act fast, as it’s only good until Halloween. My colleague Stephen Cobb points out the rate of effectiveness of scams would soar if the Nigerian scammers could afford a proof reader who spoke fluent English. David … Read More…

Here's an example of search poisoning somewhat similar to that predicted by Stephen Cobb using the death of Gaddafi as a hook, noted by our colleague Raphael Labaca Castro, of ESET Latin America. The original blog is in Spanish. Raphael reports an email that comes with the following title (in Portuguese, suggesting that Brazilian Internet … Read More…

Well, yes, that title is from a song by John D. Loudermilk, written with some (possibly accidental) prescience way back in 1962. Given the aggravation that 21st century phishing causes Google users, perhaps it's time for a new song dedicated to that particular pastime. In the meantime, I thought I'd mention a shoal of the … Read More…

Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it.
According to the article, hijacked web pages of Tumbler users contain … Read More…

ICANN has just approved a new batch of individualized TLD’s (Top Level Domains), so now you can register your.brand, whatever yourbrand is, instead of the usual yourbrand.com, .net, etc., if you can prove to ICANN you deserve it. The problem? Users tricked by similar looking domain names have long been a boon for phishing exploits, … Read More…

Security vendor Trusteer blogged about a wave of fake LinkedIn emails that download malware on to your computer. The images Trusteer shows of the phish demonstrate how tricky the criminals are and how authentic the message looks, yet just yesterday I shared with you a foolproof method to prevent yourself from falling victim to such … Read More…