Tag: phishing
-
Facebook launches platform for sharing of threat intelligence
Twitter, Yahoo! amongst early participants in ‘ThreatExchange’. When I took my first steps in the security industry, I was surprised by just how much information was shared between competitor companies. Both the threat landscape and the industry have changed significantly in the eight years since then, yet a lot of information sharing still goes on…
-
VB2014 paper: DMARC – how to use it to improve your email reputation
Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft. Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘DMARC – how to use it to improve your email reputation’, by Microsoft’s Terry Zink. Email…
-
Yahoo’s DMARC policy wreaks havoc among mailing lists
Collateral damage in instruction to reject emails with invalid DKIM signatures. A change in Yahoo ‘s DMARC policy has caused frustration among operators of many mailing lists and their subscribers. On its official website , DMARC is described as standardizing “how email receivers perform email authentication using the well-known SPF and DKIM mechanisms”. It was…
-
Latest spam filter test shows spam catch rates have bounced back
Spam catch rates improve, but performance on phishing lags behind that on other spam. Earlier this week we published the results of the 22nd VBSpam comparative spam filter test, which saw 19 products win a VBSpam award. Overall, products performed well and most products’ spam catch rates improved, thus reversing a trend we reported earlier…
-
PayPal spam leads to exploit kit
Clicking on links leads to Blackhole rather than phishing site. Fake PayPal receipts were being spammed out this morning, with links leading to a version of the Blackhole exploit kit. The emails look like typical PayPal confirmation emails and suggest that funds have been sent from the user’s account. The supposed recipient of these funds…
-
Significant rise in malicious spam and phishing
Over one quarter of malicious emails contain eight-year-old malware. Email security firm eleven has reported a significant rise in both malicious emails and phishing emails in the first quarter of 2012. In its latest quarterly report, the company says that while spam levels stayed more or less constant, the volume of emails with malware attached…
-
Significant rise in Chinese phishing sites
Phishers shown to care little about domain names. In its latest ‘Global Phishing Survey’, the Anti-Phishing Working Group (APWG) reports a significant increase in phishing sites targeting Chinese Internet users. The report mentions 112,000 different phishing attacks in the first six months of 2011, compared to just 42,000 in the previous six months. This rise…
-
‘Meta-phish’ uses attached form to evade web filters
Landing page contains clear warning. A phishing email targeting Austrian credit card users evades web filters by using an attached HTML form, but thankfully the landing page on the real website has a clear warning. The email, written in far from fluent German, claims to be sent from PayLife , Austria’s largest facilitator of financial…
-
Google AdWords phishing campaign spreads
Users urged to login because of ‘issues’. A new phishing campaign that targets users of Google AdWords looks worryingly real, GFI reports. The phish begins with an email claiming the recipient’s Google ads have stopped running because of ‘a number of issues’. A link in the email can be clicked for more information, which sends…
-
Bank’s Twitter account hacked to send phishing messages
Important lessons for companies engaging in social media. Last week, the Twitter account of the Bank of Melbourne was hacked and used to send direct messages containing phishing links to its followers. A recently relaunched subsidiary of Westpac , the Australian bank engages heavily with its customers through its @BankofMelb Twitter account. However, the security…