phishing

How phishers think, act and make a profit

Cisco Subnet — Mon, 11 Aug 2008 13:10:48 -0400

Cisco Security Expert blogger Jamey Heary has a brief write-up of an excellent session at Black Hat late last week that detailed how phishers think, act, and make a profit. Phishers don't protect their stolen data and so it's quite easy to figure out where they've stored their stash. Talk about hacking the hackers. Also, read about a new DNS cache poisoning trick in Jamey's blog.

Read more

Phishers with a sense of humor?

Adam Gaffin — Mon, 28 Jul 2008 12:24:09 -0400

I just got some phish that would have me entering my PayPal info at pwned.ca.

Opera 9 Vs Firefox 3: Anti-phishing review

xmachine — Wed, 02 Jul 2008 16:57:16 -0400

I've to admit that Opera 9 is better than FF3 when it comes to phishing filtering. The outcomes of my review are surprising... you can check them by yourself here.

It is weird..

tuomoks — Mon, 09 Jun 2008 00:01:18 -0400

"Normal" people but executives? Maybe I know wrong kind of executives but (anytime) when they get mail, e-mail, whatever which has any legal, contractual, etc problems, they tell the secretary to contact the lawyers (or other specialists) and thank you, what's next on my plate today? Assuming that the secretary who filters for them even bothers them with something as that before it is processed by or with specialists?

Read more

Spear Phishing Scams

Tue, 27 May 2008 11:04:25 -0400

OK, so just how long does it take to determine the IP address to which the collected information is being sent, find the physical address that is associated with the IP address, arrest the perps and shut it down? Sheesh!

i doubt it is because they think young people are nieve about giving out their information...

Wed, 21 May 2008 13:01:18 -0400

i doubt it is because they think young people are naive about giving out their information. it is probably just another target since itunes has a larger install base than say one particular bank

You'd think folks would be sharper than to reply, but

Tue, 13 May 2008 10:06:04 -0400

My own experience here has shown that despite warnings from IS, despite poorly written and harsh toned phishing emails, some folks are eagerly awaiting the opportunity to give out their personal information at the drop of a dime. Yet we can't get them to close out of applications when they go home when we ask them to.

Networks get used for anything they can do...

Fri, 02 May 2008 10:29:37 -0400

Like any other network, Storm is merely a tool. Granted, that tool was used mostly to build itself, but it can now be used for anything any other network can be used for. Cracking encrypted files. Assembling databases of anything, such as: CAPTCHA images and their associated responses. Data on people to such as, what they own, when & where they vacation, etc. For whatever use, direct theft, extortion, kidnapping, murder.... Remember that a huge net is a supercomputer, and that such a use of compromised machines may not leave any tracks of damage--it can be used for anything--if it's just used to crunch numbers or collect public data or similar work, then it will remain unseen. If the results of such crunching are used for a single purpose, there may never be any traces.

Read more

Mobile Browsers Aid Phishing Scams

Mitchell Ashley — Mon, 21 Apr 2008 01:41:41 -0400

Are mobile devices to become the bastion of phishing identity theft attacks?

Read more

25 leading-edge IT research projects

Alpha Doggs — Fri, 18 Apr 2008 16:51:54 -0400

While universities don't tend to shout as loudly about their latest tech innovations as do Google, Cisco and other big vendors, their results are no less impressive in what they could mean for faster, more secure and more useful networking. Here's a roundup, in no particular order, of some of the most amazing and colorful projects in the works.

1. Exploiting T-rays

Read more

federal court subpoena phish

vicotr24 — Thu, 17 Apr 2008 02:08:27 -0400

It is kind of a whaling attack targeting big fishes in corporate offices like CEO's, top executives and managers. "This is one of the best phish e-mails I've seen in the past 6 years" quoted by Mr. Steve Kirsch, a well known Silicon Valley entrepreneur Remember, that it is not legal to send subpoena via emails unless it is agreed by the people. Also All US Federal courts have URLs of the form "courtname.uscourts.gov" and not in the form "uscourts.com" mentioned in email. So Beware of these kinds of mails. The Abaca Email Protection Gateway (http://abaca.com/) service was the only service I know that quarantined these emails.

Phishers getting trickier with working phone numbers

Jason Meserve — Fri, 11 Apr 2008 17:10:33 -0400

I received what to me was an obvious phishing attempt to gain bank card information as you can see from the image below. Normally, I just delete these but I thought it was odd that the message carried a phone number instead of trying to redirect the victim to a hacked Web site. Most anti-fraud campaigns tell people to call in rather than follow links. So, I decided to give the number a try from my office since our number doesn't show up on most Caller ID systems. This is what I heard: