Brian Krebs has written a new post warning about the dangers of fake order confirmation e-mails. 2 of the screenshots in the post show examples of fake order confirmation e-mails from Home Depot and Walmart, respectively. I don’t know with absolute certainty the dates the e-mails in these screenshots were sent, but because both e-mails mentioned Thanksgiving and have a copyright date of (or ending in) 2014, they are likely to be recent.
Nevertheless, Krebs is correct in referring to this type of e-mail as a “perennial scourge.” A quick Google search reveals similar scams going back as far as 2004, though the DSLReports scam does not seem to explicitly mention the holidays. Here’s another example in 2012 that probably linked to a phishing website. Here’s a third example Continue reading Protecting Yourself Against Fake Order Confirmation E-mails
Due to a cyberattack on JPMorgan Chase, the personal information of 76 million households has been stolen. According to the bank itself, names, addresses, phone numbers, and e-mail addresses were compromised, but there is no evidence that account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised.
Even if your password was stolen, the damage done with that password will likely be limited to what anyone with access to only the bank’s services and information can do as long as Continue reading Personal Information from 76 Million Households Stolen
The BBC is reporting that eBay suffers from a security flaw that has existed for months. eBay has been criticized for not responding quickly enough.
The flaw causes users who click on listings to be redirected to a malicious, “password-harvesting” site. According to another article, the malicious site asks users for their eBay login and password. It may be easy to fall prey to this scheme because you may think you forgot to log in when you first started browsing on eBay.
The ultimate responsibility for fixing this flaw lies with Continue reading eBay Flaw Leads to Password Harvesting
1.2 billion usernames and 500 million emails have been stolen from 420,000 websites. The worst part is that we still don’t know exactly which websites were affected.
The everyday user may not be able to do much to convince companies to allocate their budgets so that they take security more seriously, but that doesn’t mean we are completely helpless.
Perhaps the most important lesson we can take away from this breach is Continue reading 1.2 Billion Usernames and 500 Million E-mails Stolen
According to threat intelligence firm CloudStrike, Chinese cyber spies have been targeting think tanks, ostensibly to obtain information on the potential disruption of Chinese oil interests in Iraq. Spear-phishing, the act of sending an e-mail tailored to a specific individual (as opposed to e-mails sent out en masse to many different individuals, which is simply “phishing”) to fraudulently induce them to give away personal information such as their e-mail password, is hardly a new tactic; nor is the Chinese government the only group which has been accused of using it. In February 2014, the Syrian Electronic Army hacked into Forbes using the same tactic. In many cases, the true perpetrator of an attack is unclear, especially when Internet traffic is routed through the accused country.
I’m going to leave the finger-pointing to governments and the private firms that investigate such attacks. I will instead focus on how you can protect yourself against such attacks. While Continue reading How to Protect Yourself Against Spear-Phishing