Next time you find yourself struggling to explain how phishing works to the less than techno-savvy people in your life, perhaps just fire up this charming little video that explains it in plain English and engaging pieces of cut-out paper.
Phishing
Amazonfraudcheck.com Is Amazon Fraud
By 7.27.09
No, Amazon is not contacting its members and performing regular fraud checks. Jason received this e-mail, which is associated with a rather convincing Amazon phishing site.
Try These Search Terms If You Want Some Malware
By 6.11.09
Computer virus company McAfee has assembled a list of the top search keywords that are most commonly linked to malware exposure. The winning phrases are: word unscrambler, lyrics, myspace, free music downloads, phelps, game cheats, printable fill-in puzzles, free ringtones and solitaire. In addition, the general categories that are considered riskiest are: screen savers, free games, work from home, Olympics, videos, celebrities, music and news.
Here's An Example Of A Phishing Attempt On A Steam Account
By 6.5.09
Back in March we posted a warning about thieves masquerading as Steam in order to get into customers’ accounts and download games to resell. One reader, Richard, just received this special “alert” on his Steam IM pane this evening.
Here's A Phishing Site Disguised To Trick Wells Fargo Customers
By 5.13.09
Freddie writes that his friend was tricked by a phishing email. All the warning signs were there to tip off his friend—an email saying he needed to click a link, a suspicious url, a page asking for his login info—but he clicked and entered the info anyway. Please do not be like Freddie’s friend, who is now probably on the phone with the real Wells Fargo trying to get his account number changed.
Watch Out For Scammy Swine Flu Email, Websites
By 4.30.09
How can you tell you’ve made it on the Internet? How about if you’re turned into spambait? MSN Money reports that scammers are taking advantage of the sudden interest in swine flu by using it in subject lines to get people to open messages and download attachments. Don’t do it! Tell your friends and relatives not to do it, either!
Beware Of Fake Facebook
By 4.16.09
Reader Eric says he got a fairly realistic-looking Facebook phishing email and wanted to warn others not to click.
By 4.13.09
../../../..//2009/04/13/beware-tax-themed-spam-feeding-on/
Beware tax-themed Spam Feeding on the usual American anxiety over the annual April 15 income tax filing, online scam artist are flooding electronics inboxes with messages that “guaranteed tax rebate” or help you “get your tax refund faster” or even “get tax relief.” [Consumer Reports]
Reader Receives Three Phishing Attempts In One Week
By 4.8.09
DoomNasty tells us he’s been hit three times in the past week with phishing attempts. The first two were text messages from Alarion Bank, asking him to call 1-877-240-6149 “to find out why my debit/atm card was blocked. I do not have an account, and Privacy Assist shows no account was created behind my back.” The third was from 201-968-0007, but no message was left. He traced the number to Liquidity Solutions, Inc., who told him that “one of their numbers got hijacked and the hijacker is phishing for banking info.”
8,000 Comcast Passwords Exposed, Phishing Scam Suspected
By 3.16.09
The New York Times has reported that a list of over 8,000 Comcast user name and passwords were available to the public via Scribd for two months, before a Wilkes University professor discovered it over the weekend after doing a search for his identity online. Comcast is saying it looks like the result of a phishing scam and isn’t an inside job, and that there are so many duplicate entries on the list that it’s closer to 4,000 customers.
Watch Out For These Phishing Attempts On Your Steam Account
By 3.5.09
PC World notes that phishers are now targeting Steam account holders. Games are an easy target because you can make quick money off of them and the security isn’t as high as with, say, credit cards. The site that first reported this, SpywareGuide, demonstrates two examples—steamgift.com and steamverification.com—that will attempt to trick you into giving them access to your digital library of games.
Play Anti-Phishing Phil And Learn How To Spot Phishing Attacks
By 1.2.09
Phishing attacks are pretty cleverly designed, because they skip most virus checkpoints altogether and go for the true weak spot in human-computer interaction, the human. Lorrie Faith Cranor, a computer security researcher at Carnegie Mellon University, has been studying phishing attacks to identify new ways to fight them.
French President's Bank Account Hacked
By 10.20.08
While French President Nicolas Sarkozy has been posturing as an international leader during this time of global financial crisis, thieves have been raiding his online bank account, withdrawing small amounts over an extended period of time. Just goes to show that identity theft can happen to anyone, whether or not you’re important enough to have people Photoshop your love handles away. For best protection, install and keep up to date a good security program, like ESET. Only log into your bank from the main URL, never click on a link in an email that appears to be from your financial institutions. Use usernames and passwords that are a string of random letters and numbers. Write them down and hide it in a secure place, not inside of a fresh hot pain au chocolat.
Beware Phishers Exploiting Banking Chaos
By 10.9.08
The various takeovers and mergers in the financial fallout give phishers a new opportunity to try to scam you into giving over your bank account warns the FTC. As most of you know, any unexpected email message that looks like it came from a financial institution, asking you to “update,” “validate,” or “confirm” your account information is invariably a scam. Unwitting victims are redirected to a login site that looks like it’s for their bank, but is really just a way to steal your account logins and/or personal information for use in further identity theft. Here’s the FTC’s tips for getting “hooked” by the “phishers” (gotta love it when the Feds pun)…
Verizon Was The Most Frequent Target For Identity Theft Scams In 2007
By 7.24.08
Identity theft reports to the Federal Trade Commission show that Verizon was the most frequently named company, averaging over 900 events per month in 2007. According to an updated study by Chris Hoofnagle, senior fellow at the Berkeley Center for Law and Technology, the number of complaints involving Verizon nearly tripled from 2006. Rounding out the top five are AFNI (a collection agency), JP Morgan Chase, AT&T, and Capital One.
EBay & PayPal Phishing Gone For Good On Gmail and Yahoo?
By 7.15.08
If your email account is with Google or Yahoo, your days of seeing phishing emails from fake eBay or PayPal addresses should be over. Google announced last week that it’s now using DomainKeys to verify messages really do come from paypal.com or ebay.com—if they don’t, they never even make it to your In Box. This is possible because eBay and PayPal are now making sure “that all their email is signed with DomainKeys and DKIM.” Since Yahoo! also uses DomainKeys and DKIM (they developed it, in fact), phishing attacks for Yahoo! Mail accounts should also disappear.
Are You Sure You Want To Add That Facebook App?
By 3.27.08
Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.
