Tag: social engineering
-
.SettingContent-ms files remind us that it is features, not bugs we should be most concerned about
One of the most significant developments in the threat landscape in recent years has been the return of malicious Office macros, their resurgence having started four years ago . Unlike their predecessors from the 1990s, these macros can’t run automatically, but require the user to explicitly enable macros. This obviously mitigates the damage quite a…
-
.SettingContent-ms files remind us that it is features, not bugs we should be most concerned about
One of the most significant developments in the threat landscape in recent years has been the return of malicious Office macros, their resurgence having started four years ago . Unlike their predecessors from the 1990s, these macros can’t run automatically, but require the user to explicitly enable macros. This obviously mitigates the damage quite a…
-
You are your own threat model
For most people, the biggest security threat is that of themselves doing something they shouldn’t do. Last week, Microsoft wrote about the return of macro malware where, now that macros have long been disabled by default, social engineering is used to trick the user into enabling them. Although it was interesting to read Microsoft ‘s…
-
Browser-based ransomware uses scare tactics to extort money
Unsophisticated scam shows the high level of commoditization of today’s cybercrime. A case of browser-based ransomware, that is currently using social engineering tactics in an attempt to extort money from its victims, shows how even the least sophisticated cases of cybercrime make use of services available on the black market. Given all the talk about…
-
Trojan steals money from bank accounts via ‘training session’
Social engineering circumvents banking security In a new method of stealing money from customer accounts, a variant of the SpyEye trojan invites the user to make a supposedly dummy transfer, thus socially engineering them into manually sending money to the attackers, security company Trusteer reports. Most banks have secured their online banking systems by having…
-
Banking malware tells user to ‘refund’ money
Web injection used to suggest accidental transfer. In a new twist to banking trojans, a piece of malware found on German computers tricks victims into believing a large amount has accidentally been transferred to their account and asks them to refund the money. Banking malware has become very sophisticated in recent years and several instances…
-
94% of Internet users befriend unknown ‘good-looking woman’
Sensitiva data shared after two-hour chat. Research from BitDefender has shown that the vast majority of users of social network sites are willing to befriend an unknown, 21-year-old, fair-haired woman; many of them even shared sensitive data that could be used to steal passwords. The researchers created the fake profile on a popular social networking…
-
Rogue AV claims to send money to environmental causes
‘Green AV’ best added to blacklist to avoid red faces. In an attempt to lure users into buying it, the rogue anti-malware product Green AV claims to send US$2 per purchased product to the Amazon rainforest. Like similar pieces of software, Green AV uses legitimate end-user concerns about malware and spyware to try and persuade…
-
Valentine’s lures lead to infection
Predicted spate of romance hooks under way. After numerous security watchers predicted a barrage of phishing and malware attacks associated with Valentine’s Day this week, the first waves of such attacks have been seen, with the latest featuring pictures of cute puppies being used to soften defences and lead victims to infectious trojans. Spammed emails…
-
Digital attacks encroach on real world
Car park flyers trick victims to malicious site. The online arena of scams and phishing took a worrying step into the real world last week, as researchers heard of a scam starting in a US car park and leading to an online infectious website. The flyers, placed on windscreens in a North Dakota parking lot,…