phishing

The list of customers affected by the Epsilon database breach continues to grow.

The breach, which took place last week but was announced over the weekend, compromised the e-mail addresses and some names belonging to the customers of many major U.S. companies that outsource their marketing and e-mail communications to Epsilon.

The company said Monday that 2 percent of the companies it counts as clients are affected by the security breach. There is no official list of affected companies that's available, and a company spokesperson said Epsilon cannot release the names of its clients. Epsilon is in the … Read more

It's impossible to spend time online right now and not see pleas to help the victims of the Japanese earthquake and tsunami. But whether we're simply trying to watch videos to see the extent of the destruction or looking for ways to donate money, one must click nimbly click to get around the scams and phishing schemes that abound in the wake of tragedy.

My colleague, Elinor Mills, wrote a fantastic article with examples of recent scams and included tips on what you can do to avoid catching a computer virus or losing money to a phony relief … Read more

In every disaster scammers see an opportunity, and the crisis in Japan is no exception. Already there have been fake Red Cross e-mails circulating and there will no doubt be more scams coming.

Those e-mails appear to come from the British Red Cross. They provide some news on the earthquake and tsunami in Japan and urge people to donate to a Yahoo e-mail address on a Moneybookers account, a money transfer service that enables recipients to remain anonymous, according to App River, an e-mail hosting and security services provider.

However, real charities have e-mail addresses with their own domain and … Read more

To get around phishing blacklists in browsers, scammers are luring people by using HTML attachments instead of URLs, a security firm is warning.

Chrome and Firefox are good at detecting phishing sites and warning Web surfers via a browser notice when they are about to visit a site that looks dangerous. So good, in fact, that scammers are resorting to a new tactic to lure victims into their traps via e-mails--attaching HTML files that are stored locally when they are opened, according to an M86 blog post yesterday.

After the user fills in a form with the information the scammers … Read more

If you tend to fall for Facebook posts like "Lose 18 pounds now!" or "WTF I can't believe this picture of you is online!" I can't help you. But if you'd like to secure your Facebook sessions from hackers and spies, you're in luck.

Facebook is now rolling out a new security feature that enables HTTPS encryption throughout your Facebook session. This long-awaited feature, which encrypts data transferred during Facebook sessions, is designed to prevent attackers from compromising users' accounts.

Here's how to enable it:

Until now, the only way to … Read more

The bottom line: Norton Internet Security 2011 maintains its recent strong performance record and introduces some useful new features in the latest version, making it one of the top Internet security suites available.

Review:

Editors' note: Portions of this review are based on CNET's review for Norton Internet Security 2010.

Over the past few years, Symantec has completed a course reversal for its Norton consumer Internet security suites. The massive package of security tools works better than it ever has before, with an impressive set of features, some useful new tools including the free Power Eraser, and third-party security … Read more

Cybercriminals are cranking out fake Web sites branded as eBay, banks, and other financial companies to the tune of tens of thousands every week, according to new research.

During a three-month study of its global malware database, Panda Security found on average 57,000 new Web sites created each week with the aim of exploiting a brand name in order to steal information that can be used to drain peoples' bank accounts.

About 80 percent of those were phishing sites designed to trick people into entering their login credentials or other … Read more

So these reports of a major security hole in iTunes, one through which people have had their PayPal accounts drained?

Not much to them, I'm told. Or, rather, not much to their assertion that Apple is at fault here. There's no security hole in iTunes, and if you've been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes account, it's likely because you've fallen victim to a phishing scam--a variation on the one that's been around for years now. Sources close to Apple tell me iTunes has not … Read more

E-mail inboxes are getting hit this week with spam campaigns that appear to be legitimate Twitter messages but which lead to malware and phishing sites, security firms warned on Wednesday.

Some e-mails masquerade as messages from Twitter's customer support team warning the recipient that the site has detected an attempt to steal the Twitter account password and prompting the recipient to click on a link to download a "secure module" to protect the account, according to Vietnamese antivirus firm Bkis and Trend Micro.

If the link is clicked on a Trojan horse designed to target Windows will … Read more