Sipping from the Coronavirus Domain Firehose

Credit to Author: BrianKrebs| Date: Thu, 16 Apr 2020 16:23:52 +0000

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic.

Read more

US Government Sites Give Bad Security Advice

Credit to Author: BrianKrebs| Date: Wed, 25 Mar 2020 19:30:12 +0000

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.

Read more

Should Failing Phish Tests Be a Fireable Offense?

Credit to Author: BrianKrebs| Date: Wed, 29 May 2019 17:39:26 +0000

Would your average Internet user would be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach).

Read more

Half of all Phishing Sites Now Have the Padlock

Credit to Author: BrianKrebs| Date: Mon, 26 Nov 2018 14:57:53 +0000

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

Read more

Phishers Are Upping Their Game. So Should You.

Credit to Author: BrianKrebs| Date: Fri, 08 Dec 2017 00:35:24 +0000

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

Read more