Source: F-Secure
Summary: F-Secure (anti-virus company) has renewed the call for a top-level domain name for banks and other targets of phishing. It's interesting that F-Secure is advocating this particular approach, but to me it looks like a fairly hollow press release backed by no real intention of pushing the process any further.
Friday, 30 March 2007
Keyloggers: How they work and how to detect them
Source: Viruslist.com
Summary: first part of a two-part article on keylogger technology -- one of the most commonly used tools in cybercrime and phishing in particular. This is a relatively basic introduction to the subject.
Summary: first part of a two-part article on keylogger technology -- one of the most commonly used tools in cybercrime and phishing in particular. This is a relatively basic introduction to the subject.
Wednesday, 28 March 2007
12% of adults in UK have experienced fraud online
Source: Get Safe Online
Summary: a survey of UK internet adult users found that 12% had experienced online fraud in the last year, losing an average of £875 each. The survey also looks at the attitudes of Internet users as regards responsibility for their online safety, and the popular view is that it's someone else's responsibility. Most felt that there should be lessons in schools to help young people understand the risks.
Summary: a survey of UK internet adult users found that 12% had experienced online fraud in the last year, losing an average of £875 each. The survey also looks at the attitudes of Internet users as regards responsibility for their online safety, and the popular view is that it's someone else's responsibility. Most felt that there should be lessons in schools to help young people understand the risks.
Education failing to fight phishing
Source: vnunet
Summary: Joseph Sullivan, associate general council of PayPal, told the e-Crime Congress in London today that relying on education alone will not stop phishing and that an integrated campaign is needed to stamp out the menace. William Beer, European director of Symantec's security practice, says that education needs to be varied and targeted to particular demographics. Mention is made of a phishing attack in which targets were directed to phone a fake call centre rather than visit a fake website.
Summary: Joseph Sullivan, associate general council of PayPal, told the e-Crime Congress in London today that relying on education alone will not stop phishing and that an integrated campaign is needed to stamp out the menace. William Beer, European director of Symantec's security practice, says that education needs to be varied and targeted to particular demographics. Mention is made of a phishing attack in which targets were directed to phone a fake call centre rather than visit a fake website.
Experts rubbish two-factor authentication
Source: vnunet
Summary: opinion at the e-Crime Congress in London is that two-factor authentication will not help soaring phishing levels because it is vulnerable to man-in-the-middle attacks. Apparently there is a rising demand for two-factor systems nonetheless.
Summary: opinion at the e-Crime Congress in London is that two-factor authentication will not help soaring phishing levels because it is vulnerable to man-in-the-middle attacks. Apparently there is a rising demand for two-factor systems nonetheless.
Wednesday, 21 March 2007
Anatomy of an eBay scam
Source: The Register
Summary: an email exchange between an eBay fraudster and a reporter posing as an interested buyer. The first step in the fraud involves phishing an eBay account with a good reputation. An auction is then posted under this phished ID with instructions to contact the seller directly via email (in contravention of eBay acceptable usage policy). If a buyer contacts the fraudster in this manner, the fraudster will spoof an email from eBay instructing the buyer to send money to an agent via Western Union.
Summary: an email exchange between an eBay fraudster and a reporter posing as an interested buyer. The first step in the fraud involves phishing an eBay account with a good reputation. An auction is then posted under this phished ID with instructions to contact the seller directly via email (in contravention of eBay acceptable usage policy). If a buyer contacts the fraudster in this manner, the fraudster will spoof an email from eBay instructing the buyer to send money to an agent via Western Union.
Tuesday, 20 March 2007
FBI Internet Crime Report 2006
As reported in The Register, the FBI have released their 2006 Internet Crime Report. This contains useful facts and figures on the types and scales of cybercrime reported in the USA in 2006.
Subscribe to:
Posts (Atom)
