Scared is a strong word, but the reality, according to a Websense analysis by Patrik Runald, is that spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model, giving business executives plenty of reason to worry.
Browsing Category: Social Engineering
It can happen to anyone…and when it does it usually catches everybody – the victim and his relatives – completely unprepared. I’m talking about kidnapping. Twice in my life I’ve been involved in helping the police track down and arrest gangs of kidnappers. The first case didn’t directly affect me or my family, but the second time a close friend of mine was kidnapped. And it turns out that our work in tackling cybercrime can also be useful to catch criminals who seem to have little connection with high-tech wrong-doing.
Independent security researcher, web designer, and Stanford Computer Science student Feross Aboukhadijeh has developed an attack concept that exploits the fullscreen application programming interface in HTML5 in order to carry out phishing attacks.
As a number of major U.S. financial institutions deal with the aftermath of what was perhaps the largest DDoS campaign ever, researchers at FireEye are reporting on a separate phishing attack that establishes a channel of malicious communications on its victims’ computers.
The United States District Court of Maryland ruled in favor of the Federal Trade Commission on Sept. 24, imposing a judgment of more than $163 million against the managers and directors of an enterprise whose sole function the FTC alleges was to defraud its customers with scareware.
Facebook’s active-user count is rapidly approaching one billion. The world’s largest social network, which has long been a popular target and platform for attackers, will only become a more relevant outlet for scams and other fraud as it continues to grow.
With the latest iteration of the Blackhole Exploit Kit hitting the web this week, attackers are going to great lengths to spread around links to get unsuspecting victims to click through to the first version of the kit.
With the release event for Apple’s newest iPhone model going on, quite literally, as I type, it comes as no surprise that scammers are exploiting the vast anticipation for the iPhone 5.
Nearly 100,000 Facebook users have been duped into installing third-party Chrome plugins over the past few weeks that have access to all of their data on every Web site they visit. According to research recently conducted by security firm Barracuda Networks, the unsuspecting users were tricked into thinking the plugins could block Timeline, a new profile feature Facebook first introduced at the end of 2011.
There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing scam that includes a file that claims to contain pictures of the unreleased iPhone’s battery but actually contains a malicious Word document.