Phishing

Scams designed to steal identities, data and ultimately money from Internet users continued to rise steeply in the first half of this year, according to a report released on Tuesday by Microsoft.

The company's Security Intelligence Report, a broad look at the computer threat landscape, shows a continued focus on attacks aimed at making a profit, rather than simply generating fear or gaining notoriety.

According to the study, there were 31.6 million detected phishing scams, more than double those found in the prior six months. There was a more than five-fold increase in the types of malicious code … Read more

Do you consider yourself to be a privacy aware Internet user? Are you concerned about your security online?

You've installed antivirus and spyware software, which you also keep updated. You regularly update your operating system for any security patches. You have a firewall on your home computer and have locked down your home wireless network with a WPA2 password. Most importantly, you've ditched Internet Explorer and jumped on the Firefox bandwagon.

Your job is done, right? Think again.

While installing Firefox (and not using IE) is one of the most important steps users can take towards a safe online experience, Firefox is (alas) not totally safe out of the box. Luckily, Firefox provides a very flexible framework for open-source programmers and commercial vendors to create their own software add-ons for the browser. A number of these software extensions fix critical design flaws in Firefox--or simply improve transparency so that users have a better idea of where they are and which sites they're interacting with. I've selected a few of the best ones, which I highlight below.

… Read more

Later today, I will be presenting as part of a panel on the subject of political phishing at the Anti-Phishing Working Group eCrime Researchers Summit.

During the panel discussion, I will be speaking about the threats to the online fundraising model used by political candidates in the United States. While attacks in the wild have yet to be seen, there are a number of factors which make online campaign giving particularly vulnerable to phishing attacks.

To go along with my talk, Professor Markus Jakobsson and I have released a white paper which clearly explains the issues, threats and a solution … Read more

During my blog posts this week, I'll be focusing on ways in which the Internet can be used to disrupt elections and the political process. On Friday, I'll be giving a talk on the subject at the Anti Phishing Working Group eCrime Researchers Summit on the subject of Political Phishing.

In today's post: What happens when voter suppression calls get outsourced to India? How will law enforcement track down the evildoers, and what will this mean for our elections?

Shortly before the 2006 election, voters across Virginia received calls that falsely claimed that their voting places had … Read more

WASHINGTON--If your in-box is pelted by a seemingly ever-growing supply of inquisitive e-mails purporting to come from the likes of PayPal and Bank of America, the federal agency charged with consumer protection says it feels your pain.

The deceptive technique--in which crooks dispatch e-mails requesting sensitive personal information, typically by masquerading as financial institutions--"is one practice that absolutely drives me insane," Federal Trade Commission Chairman Deborah Platt Majoras told attendees at the first National Cybersecurity Awareness Summit, which was put on here Monday by a nonprofit partnership of federal government agencies and software vendors.

That's because … Read more

If an IM link from a friend pops up on your screen, do you click it right away? Most people, like Eivind, do. Most don't end up with a PC-killing worm.

Malicious IM links are a growing threat to users, and Eivind got dished an unpleasant preview of the trend we have to look forward to. Can she warn her friends of the deception before they're compromised too?

Watch the story unfold in this week's tale of Trojan trouble, "Malware's IM hideaway." You can also access the Spyware Horror Story archives for more stories … Read more

For this week's Security Watch column and Security Bites podcast, I spoke with Tod Beardsley, lead counter fraud engineer for TippingPoint, a provider of network-based intrusion prevention systems. The column and podcast talk about how social networking can be used for targeted attacks. Toward the end of the interview, I asked Beardsley what was the most interesting case he's worked on in the last six months.

"In the last six months, there was a case involving the Better Business Bureau. This is public. The story there is that the Better Business Bureau keeps these databases of all … Read more

A bank that guarantees its online users safety and security has direct evidence that its Web-based banking system may not be 100 percent bullet-proof.

Should that bank tell its customers? And if it doesn't, is it misleading, or even worse, lying, to them?

Bank of America, like many other financial institutions in the U.S., has jumped on the "two-factor" authentication bandwagon. Instead of having its customers log in with just a user name and password, these new schemes require some third bit of information.

Some banks choose to issue their customers a cryptographic hardware token (a … Read more

Sites monitoring phishing activity are today reporting an increase in Wells Fargo phishing sites as thieves looking to take advantage of an outage over the weekend have started sending out e-mail pretending to be from the San Francisco-based institution.

On Sunday Wells Fargo experienced an outage of its ATM and online banking services. The problem, which also affected back-end systems for the bank's mortgage, equity and student loans, had been resolved as of Tuesday afternoon. Because the bank needed to use backup records, individual account balances might not up be up to date for a few more days. Through … Read more