Skimmer acts as payment service provider via rogue iframe
Even e-commerce sites that do not take payment information themselves can be abused by crooks. In this post, we show how a web skimmer is able to inject an artificial iframe into the checkout page to prompt users for their credit card information. Victims will only realize something’s not right when they are redirected to the real (and external) payment form.
A week in security (April 22 – 28)
A roundup of security news from April 22–28, covering phishing, CCTV evasion, VPNs, and keeping data safe.
A look inside the FBI’s 2018 IC3 online crime report
The FBI’s Internet Crime Complaint Center have released their 2018 report about online crime. Which attacks are most popular? Where are the victims located? And how much money has been lost in the process?
How gamers can protect against increasing cyberthreats
We take a look at the various cyberthreats video gamers may encounter online, their real-world consequences, and what users can do to protect themselves.
A week in security (March 25 – 31)
A roundup of news stories from March 25 – 31, including phishing, hacking, Government studies, mobile dangers on official stores and more.
A week in security (March 18 – 24)
A roundup of cybersecurity news from March 18–24, including Facebook’s privacy pivot, password reuse, new research on hospital phishing attacks, infected iPhone apps, and more.
New research finds hospitals are easy targets for phishing attacks
New research from Brigham and Women’s Hospital in Boston finds hospital employees are extremely vulnerable to phishing attacks. The study highlights just how effective phishing remains as a tactic, and why awareness of email scams is more critical than ever.
What K–12 schools need to shore up cybersecurity
We discuss the challenges facing K–12 schools looking to protect students’ data, and which solutions they can adopt in order to build up defenses and increase cybersecurity awareness.
Sophisticated phishing: a roundup of noteworthy campaigns
A phishing page that hides behind a translation service. A kit that uses fake font files. A hyper-realistic campaign that could likely fool even the pros. We look at these noteworthy phishing attempts and more to show how far phishers have evolved, and remind users to remain vigilant against this threat.
Businesses: It’s time to implement an anti-phishing plan
If your organization doesn’t have an anti-phishing plan in place, it’s time to start thinking about one. Here’s what to tell your employees and customers about phishing attacks.