Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with phishing
Showing posts in English
Tim Callan | 25 Feb 2008 | 0 comments

A few weeks ago The SSL Blog mentioned that Microsoft was scheduled to push IE7 using Automatic Updates to the remaining systems that hadn't gotten the push yet. This push is important because more systems than ever will receive IE7. The segments that weren't pushed as heavily in the past were corporate systems, double-byte languages, and systems without piracy protection enabled, at a minimum. Now with more than 100 million IE7 users worldwide, the push to remaining systems went on schedule.

As Microsoft's Craig Spiezle puts it,

Advancements like the ability to spot the green address bar when visiting a site protected by EV SSL Certificates as well as uncompromising protection from the phishing filter, which blocks one million attempts to visit phishing sites each week, are...

Tim Callan | 11 Feb 2008 | 0 comments

At one point in my life before I joined VeriSign, my wife and I both operated consultancies out of our house. We often picked up each other's phone lines if it was more convenient, feeling free to fend off the telemarketers and pass along the calls that mattered.

One day my phone rings. I'm in the kitchen getting a drink, so she picks it up. As I walk back into our joint office, she's holding the handset and looking at me.

"It's about your company AmEx card," she tells me, puzzled look on her face. Puzzled for the simple reason that my one-man consulting firm did not have an American Express card.

Tim Callan | 10 Dec 2007 | 0 comments

Regular readers of The SSL Blog know that Extended Validation SSL has seen strong early uptake in the online investing space, as evidenced by early deployments by Charles Schwab and E*TRADE. Now you can add Scottrade to the mix.

Why so much interest among online investing sites? It makes perfect sense to me. These sites have high value customers that they want to retain, and they manage a high value financial asset that the customer considers important to keep safe. Their customers are juicy identity theft targets since they tend to have money and good credit. And of course the...

Tim Callan | 07 Dec 2007 | 0 comments

I've mentioned in the past that phishing extends far beyond online banks. This story details the recent success of phishing attacks aimed at Oak Ridge National Laboratory, a technology lab for the U.S. Department of Energy. This incident reminds us that any business with whom people share potentially valuable information is a potential phishing target. The phishers will continue to explore new opportunities and continue to find successful targets. Even businesses that are not phishing targets today should set up their site security as if they will are - or will become one soon.

Tim Callan | 07 Nov 2007 | 0 comments

Yesterday I discussed the possibility of Presidential campaigns being phished. This article in SC Magazine explains the criminal activity we already have seen in this arena.

The essence of the story is that anti-virus software vendor Webroot just in the past few days announced that is had detected malware attacks against major Presidential campaigns. Reports SC Magazine,

the campaign websites of Obama, a Democratic senator from Illinois, and Paul, a Republican representative from the 14th Congressional District of Texas, have been spoofed as part of online scams.

The article goes on to say...

Tim Callan | 06 Nov 2007 | 0 comments

In light of Ron Paul's massive fundraising day yesterday ($3.8 million raised online in a single day) one security blogger has brought up the question of phishing attacks against Web-based political fundraising. In his Threat Chaos blog Richard Stiennon asks the question,

But how many of those 35,000 donors checked the URL carefully before providing their credit card information as well as the name of their employer? Was it a phishing site they were visiting?

Richard is exactly right to be asking this question. As I have pointed out in the past, phishing attacks a great deal more than simply banks. Why are they not attacking online political parties? They probably are. And if they aren't, it's only a matter of time until they do.

Tim Callan | 21 Sep 2007 | 0 comments

This new article in PC World discusses how PayPal is defeating phishing. CISO Michael Barrett views Extended Validation SSL as a valuable addition to this effort.

Barrett said Paypal is also hopeful that tools, including browser-based visual cues that warn people about suspected phishing sites and so-called extended validation Web site digital certificates, will help end-users further discriminate between legitimate sites and phishing lures.

Tim Callan | 27 Aug 2007 | 0 comments

A recent trend in phishing has been to simulate the letter W by putting a pair of Vs in a row (e.g. as opposed to I don't know if that's why Bank of the West was an early EV SSL adopter, but it may be.

The latest victim is Western Union (or VVestern Union, as the phishers would call it). From what I can tell, Western Union takes security and trust very seriously, so it...

Tim Callan | 23 Aug 2007 | 0 comments

One of the common misconceptions I run into is that the only sites targetted by phishers are banks. That hasn't been true for several years. Today we see phishing attacks against lotteries, utilities, search, e-commerce, social networking sites, online greeting cards, and taxes. And now job sites, thanks to the recently published phishing scheme against...

Tim Callan | 01 Aug 2007 | 0 comments

I've mentioned in the past that Firefox is moving forward on incorporating support for EV SSL into its next release. Firefox security interface designer Johnathan Nightingale has written a decent amount about his ideas for the Firefox 3 security interface, of which EV is an important piece. You can wander around his blog (as linked above) and find many things to read about usability and interface design. I'll point out a few of them here.

Johnathan's slide deck for his recent presentation at the OSCON open source summit.