Ten Worst Email Gaffes of 2009

6 Comments »
December 22nd, 2009
Chris Hoke

On the list of offenses that can be committed via email, many of us are guilty of petty crimes. Whether sending a hasty email to the “wrong Bob”, accidentally replying to the entire department when you meant to send a heads-up to a co-worker, attaching the wrong document to a message, or perhaps mistakenly forwarding a message that contains past messages you’d rather the recipient hadn’t seen, most of the time an email gaffe ends up a non-issue or blows over pretty quietly. After all, to err is human.

Sometimes, though, it doesn’t blow over. When a steamy or scandalous email is leaked or sent to the wrong person, it can become viral, spreading at an exponential rate across the internet, and wreaking havoc with reputations. This is especially true when a large organization or famous politician is at the heart of the story. A media circus ensues, careers might end, and some people (we hope) learn the valuable lesson that email is not a secure medium of communication.

Read the rest of this entry »

Tags: , , , , Posted in Analysis, News 6 Comments »

PayPal is Phishing themselves

Comments Off
December 4th, 2009
Viktor Petersson

PayPal_logoA funny and pretty embarrassing scenario has just been revealed over at PayPal. After a receiving a complaint to their anti-phishing department, PayPal took action on the threat. Seams like the right thing to do, right? Yes, assuming that it was a threat. In this case, it was an actual email sent out from one of their departments. That’s pretty embarrassing.

Read the rest of this entry »

Tags: , , Posted in News Comments Off

Avoid The Hook: Protect Yourself Against Phishing

1 Comment »
November 1st, 2009
Chris Hoke

phishing_loginThe technology news headlines have lately been buzzing with news of recent widespread phishing attacks. One report from earlier this month states that a phishing scheme aimed at email users took in more than 20,000 email addresses and passwords. The FBI director even admits to a brush with such a scam, which prompted his wife to take over the responsibility of their online banking.

When it comes to phishing scams, a compromised email account can be the least of your problems. Many people use the same password on several websites, including their online bank accounts. Information gathered through various online accounts can be used to steal not only your money, but your identity. Criminals can then use your stolen identity to obtain medical care, loans, or commit crimes in your name.

Read the rest of this entry »

Tags: , , , Posted in Tips 1 Comment »

Phishing attack targets Outlook Web Access

Comments Off
October 19th, 2009
Viktor Petersson
Screenshot from the Websense's Alert.

Screenshot from the Websense's Alert.

While this attack might not be very technical (we’ve seen these kinds of attacks for many years), I still think it is a brilliant attack. What makes the attack brilliant is that it does not use a generic fake page. WebSense Security Alert states that:

The malicious site is also very believable. The victim’s domain is used as a sub-domain to the site so that the attack site appears to be the victim’s actual OWA site. The victim’s domain name and email address are also used in a number of locations on the malicious site to make it that much more believable.

According to the above alert, the attack is fairly extensive with ’30,000 of these messages per hour’ and it is likely to slip through anti-virus filters.

With more companies making the switch from Desktop applications to web-based applications, I think we will see an increasing amount of attacks. Moreover, with simple techniques such as reading the identification string of the server (e.g. through IMAP), the attacker can customize the attack to suit the victims server. If it’s an Exchange server, the attacker can send the above page. If it’s a Zimbra server, the user can send a similar page, but based on the Zimbra design.

Tags: , , , Posted in News Comments Off

How secure is your hosted email?

Comments Off
October 11th, 2009
Gregory Minton
hackerpic

Photo by gutter.

E-mail privacy is a hot topic these days, and the buzz about it has been rekindled by the latest news that Gmail, Hotmail, and Yahoo e-mail account passwords had been phished and posted online (which we covered here and here). This is neither the first nor the last time security has been or will be compromised by malicious individuals online who want to steal identities. However, it has certainly ignited an interest in the security of popular online websites.
Read the rest of this entry »

Tags: , , Posted in Tips Comments Off

FBI Director Nearly Falls for Phishing Attack

Comments Off
October 9th, 2009
Alexander Ljungberg

Robert Mueller, a 'top cop vs cyber criminals.' Image by Mat Honan.

Robert Mueller, a 'top cop vs cyber criminals.' Image by Mat Honan.

Phishing attacks are a type of internet fraud where the perpetrator pretends to be a bank or other service provider to lure an unknowing victim into entering their credentials, giving up the keys to the real account. With the right awareness phishing attacks are easy to avoid, but it seems like FBI Director Robert Mueller did not get the memo.
Read the rest of this entry »

Tags: , Posted in News Comments Off

Industry-wide Phishing Scheme

3 Comments »
October 6th, 2009
Viktor Petersson
A rather lame phishing attempt.

A rather lame phishing attempt.

Yesterday we reported that Microsoft Live/Hotmail was exposed to an extensive phishing scheme. Apparently the attack was more extensive than this. BBC News reports that a second list with 20,000 accounts was published. Contrary to the first list, the second list included accounts from AOL, Comcast, Earthlink, Gmail and Hotmail. With that information, we can conclude that this is an industry-wide attack, rather than an attack on a particular provider.

Phishing attacks by themselves are nothing new, but this is probably one of the biggest attacks that I have ever heard of.
Read the rest of this entry »

Tags: , , , , , Posted in News 3 Comments »