Browsing Category: Social Engineering

Social Engineers Launch New Attack on Embattled Banks

As a number of major U.S. financial institutions deal with the aftermath of what was perhaps the largest DDoS campaign ever, researchers at FireEye are reporting on a separate phishing attack that establishes a channel of malicious communications on its victims’ computers.

Read more...

FTC Takes On Scareware Marketers, Court Imposes $163M Judgment

The United States District Court of Maryland ruled in favor of the Federal Trade Commission on Sept. 24, imposing a judgment of more than $163 million against the managers and directors of an enterprise whose sole function the FTC alleges was to defraud its customers with scareware.

Read more...

How-To Video: Securing Facebook

Facebook’s active-user count is rapidly approaching one billion. The world’s largest social network, which has long been a popular target and platform for attackers, will only become a more relevant outlet for scams and other fraud as it continues to grow.

Read more...

Facebook Timeline Eraser Chrome Plugins Dupe Tens of Thousands of Users

Nearly 100,000 Facebook users have been duped into installing third-party Chrome plugins over the past few weeks that have access to all of their data on every Web site they visit. According to research recently conducted by security firm Barracuda Networks, the unsuspecting users were tricked into thinking the plugins could block Timeline, a new profile feature Facebook first introduced at the end of 2011.

Read more...

Phishing for Fanboys with Phony iPhone 5 Images

There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing scam that includes a file that claims to contain pictures of the unreleased iPhone’s battery but actually contains a malicious Word document.

Read more...

Own the Email, Own the Person

For attackers looking to take control of a victim’s online presence, there is no better place to start than the target’s email account. If you own the email, you own the person. That’s never been more true than today, with so many social networks, services and shopping sites attached to users’ email addresses. New research done by Lucas Lundgren of IOActive shows just how simple it can be to get control of a target’s email account, and from there, everything else.

Read more...

Gauss, Flame Highlight Problem of Defeating High-End Malware

If the last couple of years of life on the Internet have taught us anything it should be that there’s a lot we don’t know about what’s happening out there. Sure, we know that there are a lot of attacks going on, metric tons of money being stolen and untold terabytes of data being siphoned off, and once in a while we’re even able to figure out who’s doing some of it. But, as the discovery of tools such as Flame and Gauss suggests, there’s a lot of stuff bubbling under the surface that mostly goes unseen.

Read more...

Report: Stealthy New Banking Malware Tilon Emerges

A new type of financial malware has surfaced that’s targeting information submitted through banking forms via the “Man in the Browser” (MITB) technique and proving difficult to detect, according to research published by computer security firm Trusteer today.

Read more...