Browsing Category: Social Engineering

Categories: Social Engineering

Just 4% of users of corporate systems abide by IT security policies, even when that system handles very sensitive private information according to an academic survey [pdf] that has revealed humans to be the main flaw in any security system.

Researchers at the University of Wisconsin-Madison and  IT University, Copenhagen found that just 4% of the people surveyed obey best practice rules for passwords. The rest use the same passwords for different systems or use words that appear in the dictionary or write their passwords down on post-it notes beside the computer.  Read the full story [out-law.com]

Read more...

The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came “just a few clicks away from falling into a classic Internet phishing scam” after receiving an e-mail that appeared to be from his bank.
“It looked pretty legitimate,” Mueller said Wednesday in a speech at San Francisco’s Commonwealth Club. “They had mimicked the e-mails that the bank would ordinarily send out to its customers; they’d mimicked them very well.”  Read the full story [IDG News Service/Robert McMillan]

Read more...

Categories: Social Engineering

iPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset’s location via GPS. Read the full story [IDG News Service/Dan Nystedt]

Read more...

Categories: Social Engineering

A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.  Read the full story [Kim Zetter/Wired Threat Level]  More from Dancho Danchev [zdnet.com]

Read more...

Security researchers tracking the URL Zone malware/botnet have stumbled upon a new tactic being used by cyber-criminals to hide information on the money mules being used to transfer stolen funds from compromised online bank accounts.
URLZone, which targets computer users in Western Europe, is a botnet of approximately 6,000 hijacked computers that is used primarily to siphon funds from online bank accounts.  It steals between $4,000 and $15,000 from each compromised bank account and uses a nifty trick of modifying the withdrawn amount on the bank’s web site to avoid detection by the user.

Read more...

Categories: Social Engineering

If you use Microsoft’s free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend. 
In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that the data spill was not the result of a breach of internal Microsoft data, but rather was likely the haul from a phishing scheme.  Read the full story [washingtonpost.com]

Read more...

Add the Radisson Hotels & Resorts chain to the growing list of businesses [datalossdb.org] reporting significant data breaches that exposed sensitive customer data.
In an open letter [radisson.com] to guests, Radisson chief operating officer Fredrik Korallus said the hotel chain’s computer system was hacked between November 2008 and May 2009 and customer data, including credit and debit card numbers, was stolen.  Read the full story [zdnet.com]

Read more...