twitter facebook rss

All Hands to the Pump (and Dump)

Posted by David Harley on April 19, 2017

David Harley photo

A few years ago, even before I started working directly with vendors in the security industry, ‘Pump and Dump’ scams were a major nuisance. Here’s a description from a paper Andrew Lee and I wrote after I started working with ESET. Pump and Dump (or Hype and Dump) mails are designed to inflate the value […]

Bank Fraud: Whose Fault?

Posted by David Harley on May 31, 2016

David Harley photo

Owing to a houseful of grandchildren, I’ve not been giving quite the same attention to security news just lately as I do normally, so I nearly missed an article by John Leyden for The Register: Bank in the UK? Plans afoot to make YOU liable for bank fraud. While I don’t feel a lot of love […]

The 419: Mugs and Mugus

Posted by David Harley on September 23, 2015

I was delighted to receive the following invitation recently from someone calling himself Heinz: … I have an offer worth 23million if interested, please contact me I wonder what it’s worth if I’m not interested? (And 23 million of what? If we’re talking about bedbugs or Zimbabwean dollars I’m not at all interested.) Grammatical pedantry […]

So how do we identify phishing emails?

Posted by Rob Slade on July 31, 2015

For a while it was easy to identify phishing email messages.  Banks didn’t send you unsolicited email.  Period.  We told people that. A few years ago that started to break down.  American Express, which has always had a very weird attitude to online security, started to send me reminders when it was time to pay […]

Did you see what they wrote about you? Phishing!

Posted by Kevin on June 13, 2015

The last thing you do when you get this message is click the link; because the first thing you think is, uh-oh – scam. But, hey, this is a security company. Surely it can’t have been hacked? Maybe they’ve been deep diving into the dark web and have found something nice about me… or really […]

If this phish works, we’re all doomed

Posted by Kevin on May 2, 2015

If information security depends on a combination of technology and user awareness, we’re all doomed. Firstly, how the hell did this get through the spam filters? (Unless, of course, this quality of grammar is acceptable by today’s educational standards.) And secondly, I’m assuming the criminals wouldn’t bother if it didn’t provide a return. That means real […]

Phishing: detection and prevention

Posted by Kevin on April 26, 2015

Organizations can be divided into those that have been successfully phished, and those that will be successfully phished. In fact, there is nothing more certain in life than death, taxes and phishing. At a recent internal roundtable discussion on the problem among CISO members of Wisegate, a poll showed that 100% of participants had been […]

Phishing, Spoofing, and Looking a Glyph Horse in the Mouth

Posted by David Harley on January 12, 2015

I recently posted an article on the ESET blog about recognizing phishing messages. It covers quite a lot of ground that I don’t intend to go over again here, though I’ll include a quick summary at the end of this article, to give you an idea as to whether it’s worth reading – or recommending […]

A typo to rival The Guardian’s best

Posted by Kevin on November 4, 2014

From: Google Drive once again exploited in a sophisticated phishing attack Analyzing the code of the page, the experts discovered the presence of the Chrome save tag, which indicates that phishers behind the campaign have saved the source of the legitimate Google Drive login page and added malicious cod

ITsecurity Daily News: 10/08/2014

Posted by Kevin on October 9, 2014

The ITsecurity daily security briefing: Thursday, October 9, 2014. If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com. News Papers/Reports WebThings Events M&A Alerts News More than 30 police forces refuse to reveal uses of RIPA […]