Browsing Category: Social Engineering

How-To: Tips for Shopping Online

Black Friday and the Monday that follows, which we have somewhat recently taken to calling Cyber Monday, are two of the biggest shopping days of the year. The tradition of getting off to a fast start on your holiday shopping by getting out there on the Friday after Thanksgiving that most Americans take as a vacation day dates back to the 1960’s. Cyber Monday, on the other hand, was created by online retailers sometime in the last decade in an attempt at squeezing one more day of shopping mania out of consumers.

Read more...

Point-of-Sale Terminals Compromised at 63 Barnes & Noble Locations

UPDATE – America’s largest book retailer, Barnes & Noble, announced this morning it has detected evidence of tampering in 63 PIN-pad devices used in as many stores by criminals trying to steal payment card information. Barnes & Noble claims to have disconnected all the affected devices from service on Sept. 14. The retailer did not disclose how many customers may have been affected by the tampered devices.

Read more...

Fake Payroll Confirmation Email Leads to Black Hole Exploit Kit

Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of corporate users.

Read more...

Requesting Sensitive Data Via Google Docs: Phishing Really is That Easy

Please leave your credit card number, its expiration date and security code, along with your full name and billing address in the comments section of this blog post. You’re obviously not going to do this. You know better, I know better, but there are those who don’t. So many, in fact, that scammers are not only comfortable with and willing to invest in scams no more or less complicated, but they are also confident that the scams will succeed.

Read more...

Deluge of Election-Related Spam, Threats Begins

It was only a matter of time before the inevitable wave of malicious, election-tinged spam began to rain down upon internet users. In the wake of last week’s presidential debate between President Barack Obama and Republican nominee Mitt Romney, it appears the floodgates have opened.

Read more...

Businesses Remain Scared of Spear-Phishing as Attackers Study Behavior

Scared is a strong word, but the reality, according to a Websense analysis by Patrik Runald, is that spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model, giving business executives plenty of reason to worry.

Read more...

Using the Internet to Catch Traditional (Non-cyber) Criminals

It can happen to anyone…and when it does it usually catches everybody – the victim and his relatives – completely unprepared. I’m talking about kidnapping. Twice in my life I’ve been involved in helping the police track down and arrest gangs of kidnappers. The first case didn’t directly affect me or my family, but the second time a close friend of mine was kidnapped. And it turns out that our work in tackling cybercrime can also be useful to catch criminals who seem to have little connection with high-tech wrong-doing.

Read more...

Proof-of-Concept Exploits HTML5 Fullscreen API for Social Engineering

Independent security researcher, web designer, and Stanford Computer Science student Feross Aboukhadijeh has developed an attack concept that exploits the fullscreen application programming interface in HTML5 in order to carry out phishing attacks.

Read more...