The United States Postal Service has a bit of a phishing scam on its hands in Fort Worth, Texas — or really, it’s almost an actual fishing scam. Scammers are apparently coating the blue standalone USPS mailboxes with adhesive, in order to catch outgoing mail and go through it to get money or personal information. [More]
Phishing
American Airlines Warns Customers Of Potential For Scam Emails
By 1.3.12
American Airlines is warning customers about a potential email phishing scam that could be trying to steal personal information by posing as the airline. The emails are said to have been sent out as recently as November. [More]
Watch Out For This Netflix Phishing Scam
By 10.20.11
There’s an email that’s been going around that pretends like it’s from Netflix and they’re having trouble with your credit card. Actually, it’s from scammers and they want to steal your credit card. [More]
Erotic Phishing Attack Steals Thousands Of Tumblr Logins
By 6.29.11
Thousands of logins for emo-blogging platform Tumblr have been stolen in the past week via a phishing attack that lured users to enter their credentials in exchange for the promise of erotic content. [More]
If You Get An E-Mail From The CEO Of BP, It's Probably A Scam
By 7.22.10
Here’s a tip: Unless you’re a high-ranking member of the military or government, you’re probably not going to be getting any e-mails sent to you by big-mouthed British Petroleum CEO Tony Hayward. But for those who do see something from ol’ T-Bone in the their inbox, the Attorney General in Florida wants you to know it’s probably a scam. [More]
Watch Out For Amazon Scam Making The Rounds
By 7.20.10
The BBB says people are reporting seeing a new phishing scam going around that masquerades as an Amazon order alert. It arrives as a confirmation email with a product description, price, and Amazon logo. Naturally, if you click the provided account link to cancel the order or see whether you were actually charged for the item, the login screen you’ll be taken to won’t be Amazon. [More]
Thieves Flood Your Phone Line While Draining Your Bank Account
By 5.14.10
How can you electronically drain someone’s bank account while also preventing their bank from contacting them to verify the transaction? Use telephony to flood all of their phone lines with anything from dead air to phone sex promo recordings. According to the Communication Fraud Control Association, these scams are increasing in recent weeks. Be wary. [More]
Why Phishing Works Even If You're Not Normally Stupid
By 5.12.10
If you spend a lot of time online, you’re probably aware of phishing scams and know what to look out for. In other words, you’re not one of those ignorant types who clicks on links and starts entering personal information without hesitation. Writer and blogger Cory Doctorow is what you might call hyper-vigilant–he keeps unique passwords, uses a VPN when going online in public, and generally knows not to trust strangers. Still, he got phished a couple of weeks ago. [More]
Don't Fall For The Amazon Password Phishing Scam
By 3.24.10
Jeff received this email from Amazon warning against a phishing scam bent on swiping your password. Here’s the email: [More]
Google Buzz Opens Doors To Phishing Scams
By 2.16.10
It’s a new day, so there must be a new revelation about another way in which Google Buzz is an affront to the concept of personal privacy, right? But the latest complaint about the Internet giant’s unasked-for answer to Facebook and Twitter goes far beyond making your private contacts public or adding potential personal safety risks to your “followers” list. It looks like the phishers and botnet scammers have already begun taking advantage of the new feature. [More]
Here's A Simple Flowchart To Help Thwart Phishing Attacks
By 2.12.10
I like flowcharts because they appeal to the part of me that wants to be a robot. I also like them because they make multi-step decision paths incredibly simple to follow, even if you don’t have a lot of insight into the big picture. This flowchart from LoginHelper.com will help even your PowerPoint-slideshow-forwarding relative (yes, that one) shoot down phishers as soon as they hit the In Box. [More]
H1N1 Phishing Email Making The Rounds
By 12.4.09
The Centers for Disease Control have issued a warning that there’s a new, swine flu-themed phishing email going around. It says something about an imaginary State Vaccination H1N1 Program, and asks you to create an account on the cdc.gov website–and if you click the link, malicious code may be installed on your system. Obviously you have brain worms if you fall for this. [More]
The FDIC Would Like You To Know That They're Not Emailing You
By 10.28.09
An email claiming to be from the FDIC is making the rounds on the internet. It supposedly contains a “personal FDIC insurance file” that is really some sort of badness that will ruin your day. Do not click.
Gawker Duped By Malware Gang, Serves Up Infected Suzuki Ads
By 10.27.09
Scammers pretending to buy ads for Suzuki tricked Gawker’s ad sales team last week into running malware-laced ads that installed spyware and crashed the browsers of some readers before they were caught and pulled.
FBI Charges 100 People In Phishing Investigation
By 10.7.09
Since 2007, the FBI and authorities in Egypt have been running an investigation they’ve called “Operation Phish Phry,” sigh, and this week it paid off with 53 charges against U.S. defendants and 47 against people in Egypt. Three of the 53 in the U.S. have been arrested, and the FBI are looking for the other 50. To prove you’re not one of the remaining 50, please send the FBI your login credentials to your bank. Ha ha, we kid.
Microsoft Turns A Blind Eye To Phishing Scams On Xbox LIVE
By 10.6.09
William wrote to us this weekend to point out how little Microsoft does to fight phishing attacks on their hugely popular Xbox LIVE network. It’s unfortunate they don’t take this sort of crime more seriously, since so many kids—who by all rights should have less experience with phishing—are on Xbox LIVE. Below is what two different Xbox CSRs told William when he contacted them to complain about phishing attacks.
Ameriprise Bans "Customer Advisor" For Posting Link To Consumerist
By 9.21.09
Hey, we helped get an Ameriprise customer banned from the financial company’s consumer advisory panel! Sorry about that, Brendan.
Ameriprise Website Riddled With Security Vulnerabilities For At Least Five Months
By 8.21.09
[Note: The original headline for this post mistakenly identified Ameritrade as the subject of the post. It is actually Ameriprise Financial. I deeply regret the error.] Since March of this year, security expert Russ McRee of HolisticInfoSec.org has sent 6 messages to Ameriprise Financial warning them of easily exploitable security holes on their website. They ignored every request, while at the same time reassuring customers that “No one without the proper web browser configuration can view or modify information contained on our systems.”
