Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

'Classic' phishing scam uses genuine BBC story as bait

by The Gurus
March 28, 2014
in Editor's News
Share on FacebookShare on Twitter

Phishing attacks which use genuine BBC news stories have been detected.
 
According to research by Panda security, fraudsters are trying to innovate and create more realistic scenarios. One scam detected this week showed a recent story about a lottery winner that was sent around the globe and informed the recipient that they had been “donated” £1.5 million and had to send their name and address for further details.
 
However a link led to the real BBC website and came from an email address associated with the Canadian telco Rogers.
 
Luis Corrons, technical director of PandaLabs, told IT Security Guru that this was a classic identity theft attack. “I didn’t bother to write back, but I am pretty sure that if you do it they will try to run the typical Nigerian scam where you finally have to pay some money in order to get the ‘donation’. It was smart the social engineering technique of using that specific piece of news,” he said.
 
TK Keanini, CTO of Lancope, said: “The threat here continues to evolved and like with music, there is always another song to write so there are an endless amount of possibilities they can compose until we finally solve the authenticity problem once and for all.
 
“The fundamental behind this category of threat is the lack of authenticity checking both socially and technically. We have technology today whereby we could prove cryptographically that information and links came from a source that is trusted by socially we are not using them. It is the same problem with seat belts in America; they existed for years, research shows they saved lives but until the Click-It-or-Ticket campaign came out, people did not change their behaviour.
 
“How do you know this webpage or email you are reading right now is from the source it claims to be? If you answer is because the header says so you are these fraudsters target market.”
 
Keanini said that he was always happy to see these tactics make mainstream news, because “the best countermeasure here is education” and the community will develop a healthy level of paranoia whereby most of these tactics will be just noise.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Meeting CREST at CRESTcon

Next Post

Over 20 Gbps DDoS attacks now become common for attackers

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information