Since the spread of Ebola outside of Africa this year, the disease has been dominating the headlines. Unsurprisingly, scammers have tried to capitalize on the topic by sending out phony emails purportedly from the World Health Organization. The article reports that if you open the attachment, it will install a Trojan called DarkComet on your computer. DarkComet contains, among other features, keylogging and webcam hijacking functions.
I am not an expert on the topic of public health, so take the following with a grain of salt, but to me, the text of the e-mail doesn’t look as legitimate as the article says. Continue reading Ebola Email Scam is Making The Rounds
Google has revealed the identity of a Gmail user suspected of sending explicit pictures of a child, leading to his arrest.
In this case, a predator may been caught, but the incident also indicates that your e-mail is not as private as you might like it to be. Google recently failed to have a potential class action lawsuit alleging that it wiretaps Gmail dismissed.
As Google itself has said, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties”. These words serve as a sobering reminder that whenever you place any kind of information into the hands of Gmail, webmail providers in general, or any third-party service, even for completely legal purposes, you can expect that the information may be seen by humans other than your intended recipient (or at least scanning bots). This includes apps such as Snapchat, which, as I wrote in an earlier post, Bruce Schneier does not think we can rely on to protect our privacy.
According to threat intelligence firm CloudStrike, Chinese cyber spies have been targeting think tanks, ostensibly to obtain information on the potential disruption of Chinese oil interests in Iraq. Spear-phishing, the act of sending an e-mail tailored to a specific individual (as opposed to e-mails sent out en masse to many different individuals, which is simply “phishing”) to fraudulently induce them to give away personal information such as their e-mail password, is hardly a new tactic; nor is the Chinese government the only group which has been accused of using it. In February 2014, the Syrian Electronic Army hacked into Forbes using the same tactic. In many cases, the true perpetrator of an attack is unclear, especially when Internet traffic is routed through the accused country.
I’m going to leave the finger-pointing to governments and the private firms that investigate such attacks. I will instead focus on how you can protect yourself against such attacks. While Continue reading How to Protect Yourself Against Spear-Phishing