Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with phishing
Showing posts in English
Jeannie Warner | 15 Jan 2013 | 3 comments

We're looking at a bumper crop of online frauds, cons, ID thefts, and check stealing this year. Some of them can steal your returns, others cost you your life savings or money you have not even begun to earn. As your W-2s come in, here are some simple pointers to remember about filing and online opportunities as well as methods for avoiding theft of multiple kinds.

  1. First and most important - the IRS will never email you. Ever. If you get an email from the IRS or EFTPS (Electronic Federal Tax Payment System), forward it to and do not respond!
  1. Beware fake Tax preparation companies.  Never enter information online unless you see HTTPS: or a green bar in the URL, and look for the Preparer Tax identification Number (PTIN) on your return. You should always receive a copy of your tax return, and a reputable tax service should never do your taxes for a percentage of the refund....
Jeannie Warner | 28 Aug 2012 | 0 comments

Keeping Your Personal Information Secure

It’s a great time for sports fans, with the summer Olympics still fresh in our minds, the NFL season kicking off, and hockey and basketball just around the corner. Unfortunately, it’s also a great time for cyber criminals who take advantage of the excitement to steal valuable personal information.

A common approach, known as “phishing,” uses phony emails that inform fans they have won the “NFL Lottery” or can purchase discounted tickets. These emails often contain links to websites that look genuine but are designed to trick users into providing login and password details. Some also include attachments that can download nasty computer viruses.

As scammers grow more sophisticated, users have to up their defensive game. Here are some tips to help protect against phishing attacks:

  1. Never click on links or open attachments in unsolicited emails....
Tim Callan | 11 Mar 2011 | 0 comments

For the past seven years or so we've seen a common criminal practice of creating just-in-time phishing scams around breaking news or other current events. These scams consistently appear for predictable events such as tax time or even March Madness, but they also arrive very quickly when high profile natural disasters occur. Dating back at least as far as the Katrina/Rita disaster (and occurring as recently as February's earthquake in Christchurch, New Zealand), these attacks seek to prey on concerned well wishers trying to donate money to aid disaster relief. The good...

Tim Callan | 07 Apr 2010 | 0 comments

For all you tax procrastinators, time is nearly up. But don't fret. Just follow these six safety tips to help you stay protected when filing taxes online while maintaining your sanity.

The number of people filing taxes online is up this year from the previous; according to the IRS, more than 82% of the 69 million returns received so far this year have come in via e-file, and home usage of e-file is up almost seven percent compared to this time last year.

With the increase of online tax filing, identity thieves and hackers have decided to capitalize on this upward trend by creating phishing sites claiming to be the IRS. The IRS warns users that there is only one official IRS web site,, and that the service will never initiate contact with taxpayers via e-mail. ...

Tim Callan | 13 Feb 2010 | 0 comments

This breaking news article explains that a Comerica Bank customer is sueing the bank for practices leaving that customer exposed to a phishing attack that cost the business $550,000. This suit comes on the heels of another piece of litigation between PlainsCapital and one of its customers over $800,000 lost in another scam.

While it remains to see how these lawsuits will play out, banks and other organizations dealing with valuable customer information should consider how their own online security actions would help them in the event of a similar lawsuit. In fact, part of Comerica's response is that the duped individuals should have seen that the phishing site was not the correct...

Tim Callan | 09 Oct 2009 | 0 comments

Phishing continues to occupy the news this week, first with the breakup of a nearly 100-person phishing gang in the US and Egypt, and now with the anecdote recently told by FBI Director Robert Mueller about his own near capitulation to a phishing attack.

Mueller's story is particularly interesting in that the phish site seemed "perfectly legitimate." I don't know what the site was, but I have to suspect that either Mueller is among the one third of the population using a pre-EV browser, or his particular bank is one of the laggards that has not adopted EV SSL. While the slant of the news stories I've seen has been "Don't feel bad, it can...

Tim Callan | 07 Oct 2009 | 0 comments

There's a lot going on this week. We've seen the widespread publicity of the theft of free e-mail accounts across a broad range of webmail providers. And at the same time we've seen the first detected instance of a null character attack in the wild. This story is still ongoing, the latest development being that PayPal has shut off the account of the researcher who created the null character certificate being used in this attack.

The connection between these two events is the ongoing need for knowledge of authentic identity and the role of...

Tim Callan | 29 Jul 2009 | 6 comments

Greetings from Las Vegas. Today we saw two presentations regarding attacks that affect the world of SSL. I'll give you a capsule summary of each and tell you how VeriSign certificates fit in. Lest this post become a tome, the summaries will have to be oversimplified. I'll strive to represent the subjects as accurately as I can.

First up was Moxie Marlinspike, detailing the latest additions to his sslstrip tool. The focus of this presentation was various ways to use null characters to fool browsers and other pieces of relying software into believing a certificate has been issued to a different domain than the one to which is was actually issued. The idea is that the attack would give the online criminal the ability to put up a certificate on what appears to be the exact same domain name as the targeted site. sslstrip accomplishes this feat through a Man-in-the-Middle attack and uses the null-character certificate to create its false certificates on the fly.