Browsing Category: Social Engineering

Using the Internet to Catch Traditional (Non-cyber) Criminals

It can happen to anyone…and when it does it usually catches everybody – the victim and his relatives – completely unprepared. I’m talking about kidnapping. Twice in my life I’ve been involved in helping the police track down and arrest gangs of kidnappers. The first case didn’t directly affect me or my family, but the second time a close friend of mine was kidnapped. And it turns out that our work in tackling cybercrime can also be useful to catch criminals who seem to have little connection with high-tech wrong-doing.

Read more...

Proof-of-Concept Exploits HTML5 Fullscreen API for Social Engineering

Independent security researcher, web designer, and Stanford Computer Science student Feross Aboukhadijeh has developed an attack concept that exploits the fullscreen application programming interface in HTML5 in order to carry out phishing attacks.

Read more...

Social Engineers Launch New Attack on Embattled Banks

As a number of major U.S. financial institutions deal with the aftermath of what was perhaps the largest DDoS campaign ever, researchers at FireEye are reporting on a separate phishing attack that establishes a channel of malicious communications on its victims’ computers.

Read more...

FTC Takes On Scareware Marketers, Court Imposes $163M Judgment

The United States District Court of Maryland ruled in favor of the Federal Trade Commission on Sept. 24, imposing a judgment of more than $163 million against the managers and directors of an enterprise whose sole function the FTC alleges was to defraud its customers with scareware.

Read more...

How-To Video: Securing Facebook

Facebook’s active-user count is rapidly approaching one billion. The world’s largest social network, which has long been a popular target and platform for attackers, will only become a more relevant outlet for scams and other fraud as it continues to grow.

Read more...

Facebook Timeline Eraser Chrome Plugins Dupe Tens of Thousands of Users

Nearly 100,000 Facebook users have been duped into installing third-party Chrome plugins over the past few weeks that have access to all of their data on every Web site they visit. According to research recently conducted by security firm Barracuda Networks, the unsuspecting users were tricked into thinking the plugins could block Timeline, a new profile feature Facebook first introduced at the end of 2011.

Read more...

Phishing for Fanboys with Phony iPhone 5 Images

There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing scam that includes a file that claims to contain pictures of the unreleased iPhone’s battery but actually contains a malicious Word document.

Read more...

Own the Email, Own the Person

For attackers looking to take control of a victim’s online presence, there is no better place to start than the target’s email account. If you own the email, you own the person. That’s never been more true than today, with so many social networks, services and shopping sites attached to users’ email addresses. New research done by Lucas Lundgren of IOActive shows just how simple it can be to get control of a target’s email account, and from there, everything else.

Read more...