Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING
Read moreHow social media scammers buy time to steal your 2FA codes
November 21 2022The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake
Read moreDefeating Phishing-Resistant Multifactor Authentication
November 9 2022CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. Hi...
Read moreTwitter Blue Badge email scams – Don’t fall for them!
November 4 2022That was the week that was...
Read moreMassive Data Breach at Uber
September 16 2022It’s big:
The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code...
Read more
Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!
September 13 2022It sounds like a scam that could never work: use a picture of browser and convince the user it's a real browser. You might be surprised...
Read moreClever Phishing Scam Uses Legitimate PayPal Messages
September 1 2022Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists...
Read moreMan-in-the-Middle Phishing Attack
August 25 2022Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication:
Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the...
Read more
Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes
Read moreAn Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.
Read more
Recent Comments