byPaul DucklinThese days, crooks aren’t just after your banking passwords or your credit card numbers.Hacked social media accounts have real value in the cyberunderground, because they provide crooks with a way to reach out convincingly to your friends and family.If a random stranger tells you to click a link, install an app, or download a file, you

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms

Someone recently asked me what I wanted for Christmas this year, and I had to think about it for a few minutes. I certainly don’t need any more stuff. However, if I could name one gift that would make me absolutely giddy, it would be getting a chunk of my privacy back. Like most people, the internet knows way too much about me — my age, address, phone

You’re familiar with the cybercriminals that go after users’ credit card information and look to spread malicious links, but recently, one hacker decided to send a different message. According to Vice’s Motherboard, a hacker accessed TOMS Shoes’ mailing list and sent an email encouraging users to log off and go enjoy the outdoors. The email specificall

The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, ClearSky’s security researchers report.The attacks are related to a campaign Microsoft recently exposed as targeting a U.S. presidential candidate, government officials, media targets, and prominent expatriate

People are slowly learning to be careful about providing their credentials when prompted by an email or phone call, but hackers are getting more creative and tricking users into giving their credentials when users think they’re just signing into their mobile app.  For example, BankBot is Android-targeting malware using fake overlay screens to mimic existing

An analysis of more than 2.2 billion emails between April and June (Q2) 2019 exposes the current tactics, techniques and targets of contemporary attackers. FireEye's latest email threat update highlights three specific themes: attackers are following business in making greater use of the cloud; Microsoft is by far the most abused brand in phishing attac

While we talk about online safety each week on this blog, October is National Cybersecurity Awareness Month (NCSAM), a time to come together and turn up the volume on the digital safety and security conversation worldwide. To kick off that effort, here’s a comprehensive Device and App Safety Guide to give your family quick ways to boost safety and secu

According to a SecurityWeek article, “With over 66% of emails first opened on a mobile device and email arguably the first point of attack for a phishing actor, unprotected emails on a mobile device can easily turn into a new avenue for attack.”  Furthermore, it’s not just corporate email that you have to worry about. Users check their personal emails from

Over the years, I’ve been the star of a number of sub-stellar parenting moments. More than once, I found myself reprimanding my kids for doing things that kids do — things I never stopped to teach them otherwise. Like the time I reprimanded my son for not thanking his friend’s mother properly before we left a birthday party. He was seven when his

A large number of spam messages recently sent from the same botnet were observed featuring randomized headers and even different templates, with some emails resembling phishing, Trustwave reports.Emails sent as part of this campaign, which Trustwave security researchers refer to as Chameleon, originated from all around the world (a list of source IP addresse

A threat actor referred to as POISON CARP has targeted senior members of Tibetan groups via WhatsApp for around six months, Citizen Lab reveals.The attacks, carried out between November 2018 and May 2019, employed individually tailored WhatsApp text exchanges, where the attackers were posing as NGO workers, journalists, and other fake personas.Links sent to

Did you know that YouTube has 23 million content creators worldwide? Well, it turns out that many of these video gurus found themselves in the middle of a cybersecurity calamity this past weekend. According to Forbes, reporter Catalin Cimpanua discovered a massive spear phishing campaign targeting YouTube content creators, tricking them into giving up their

One of the oldest tricks in the cybercrime playbook is phishing. It first hit the digital scene in 1995, at a time when millions flocked to America Online (AOL) every day. And if we know one thing about cybercriminals, it’s that they tend to follow the masses. In earlier iterations, phishing attempts were easy to spot due to link misspellings, odd link redir

byPaul DucklinLast month, we wrote about an Instagram scam that presented you with what looked like a two-factor authentication (2FA) code.This time, the crooks are tapping into a concern that many of us have – falling foul of copyright law.Lots of us innocently post and repost photos, GIFs, video clips and screenshots that we find amusing, informative