Security Experts:

long dotted


Return Path has expanded the features of its Anti-Phishing Solutions to enable brand owners to combat phishing attacks from all email domains, including those beyond their control.
A spear phishing campaign targeted 11 energy sector organizations using publicly available information, according to the Department of Homeland Security.
Innovative spammers are using Google Translate, in conjunction with Yahoo’s URL shortening service and hijacked WordPress installations, to bypass even some of the strictest spam filters.
Researchers from Kaspersky Lab have discovered “AlbaBotnet”, an emerging botnet that appears to be gearing up to inflict financial damage on accounts hosted at banks in Chili.
When it comes to phishing attacks, it appears Web browsers are doing a better job detecting and blocking them than security suites, according to a new report.
Researchers from RSA have identified a new phishing technique called "Bouncer list phishing" which targets a very specific group of victims in targeted attacks.
Metasploit Pro 4.5 brings capabilities that let organizations simulate social engineering attacks and help understand just how vulnerable they may be to phishing attacks.
WHOIS data has been a longtime source of controversy for ICANN - from concerns about threats to free speech to worries cybercriminals profit from the anonymity afforded by lax enforcement of rules around the data's accuracy. ICANN however, is trying to turn a corner.
During a 10-day test period, NSS Labs found that the average phishing URL catch rate ranged from 90% for Firefox 15 to 94% for Chrome 21.
While the lifetime of a phishing site has decreased, the report showed an increase in the number phishing attacks during the period – at least 93,462


rss icon

Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Jon-Louis Heimerl's picture
For a month, I kept all of my spam, then looked at the subject matter, where it was from and tried to analyze some additional characteristics of the spam.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Jon-Louis Heimerl's picture
What do you do when your organization has been victimized by a phishing attack? If you wait until you are actually under an attack it is too late.
Jon-Louis Heimerl's picture
Organizationally, there are things you can do to help avoid becoming a victim, and to minimize damage if you are victimized.
Ram Mohan's picture
The semiannual “Global Phishing Survey” from the Anti-Phishing Working Group (APWG) provides powerful insight into what is happening in phishing worldwide.
Idan Aharoni's picture
Cooperation in the underground economy could enable a fraudster in Russia who masters the art of phishing to team up with another fraudster who already has the infrastructure of cashing out compromised online banking accounts of US banks.
Chris Hinkley's picture
Businesses usually don’t think about social engineering when securing company data. It used to be believed that social engineering was reserved for governments and organizations with enemies. That's not the case anymore.
Ram Mohan's picture
Domain name typo squatting, a decade-old headache for marketing and legal departments, is putting corporate data at risk. But evidence suggests that it is becoming a risk that also needs to be on the CSO's radar.
Irida Xheneti's picture
The risks are real, and growing more complex by the month. That doesn't mean you're powerless to keep your infrastructure and data secure.