BetaNews: Think you can spot a phishing email? Think again

BetaNews: Think you can spot a phishing email? Think again. “People may not be as good as they think they are at spotting phishing scams, according to researchers at the Missouri University of Science and Technology. Dr Casey Canfield, Missouri S&T assistant professor of engineering management and systems engineering, worked with Carnegie Mellon University colleagues Baruch Fischhoff and Ales Davis on the study, which measures how well people’s confidence in their ability to detect phishing matches with reality.”

Ars Technica: 18 months after indictment, Iranian phishers are still targeting universities

Ars Technica: 18 months after indictment, Iranian phishers are still targeting universities. “In March 2018, nine Iranians were criminally charged for their involvement with the Mabna Institute, a company federal prosecutors said was created in 2013 for the express purpose of using coordinated cyber intrusions to steal terabytes of academic data from universities, academic journal publishers, tech companies, and government organizations. Almost 18 months later, the group’s hacking activities are still going strong, Secureworks, a Dell-owned security company, said on Wednesday.”

TechCrunch: Bellingcat journalists targeted by failed phishing attempt

TechCrunch: Bellingcat journalists targeted by failed phishing attempt. “News emerged that a small number of ProtonMail email accounts were targeted this week — several of which belonged to Bellingcat’s researchers who work on projects related to activities by the Russian government. A phishing email purportedly from ProtonMail itself asked users to change their email account passwords or generate new encryption keys through a similarly-named domain set up by the attackers. Records show the fake site was registered anonymously, according to an analysis by security researchers.”

Krebs on Security: Legal Threats Make Powerful Phishing Lures

Krebs on Security: Legal Threats Make Powerful Phishing Lures. “Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.”

Engadget: Chrome exploit uses a fake address bar for phishing attacks

Engadget: Chrome exploit uses a fake address bar for phishing attacks. “Cyberattackers don’t need to find obscure technical flaws to launch phishing attacks — they might just need a screen capture and some clever web coding. Developer James Fisher has found a relatively simple exploit in Chrome for mobile that takes advantage of how the app displays the address bar. When you scroll down from the top of a page, the approach displays a fake address bar that won’t disappear until you visit another site. The attacker can even craft the page to prevent you from seeing the real address bar when you scroll up.”