Crimeware server used by NetWalker ransomware seized and shut down

By: Paul Ducklin — August 14^th 2023 at 14:06

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

Naked Security

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

By: Paul Ducklin — January 20^th 2023 at 17:59

Once more, it's time for Shakespeare's words: Once more unto the breach...

Naked Security

“Suspicious login” scammers up their game – take care at Christmas

By: Paul Ducklin — December 21^st 2022 at 17:59

A picture is worth 1024 words - we clicked through so you don't have to.

Naked Security

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

By: Naked Security writer — November 25^th 2022 at 17:17

Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING

Naked Security

How social media scammers buy time to steal your 2FA codes

By: Paul Ducklin — November 21^st 2022 at 17:02

The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake

ffs-2fa-1200

Naked Security

Twitter Blue Badge email scams – Don’t fall for them!

By: Naked Security writer — November 4^th 2022 at 17:59

That was the week that was...

Naked Security

Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!

By: Paul Ducklin — September 13^th 2022 at 20:52

Simple but super-sneaky - use a picture of a browser, and convince people it's real...

pipe-light-not-1200

Naked Security

Facebook 2FA scammers return – this time in just 21 minutes

By: Paul Ducklin — July 13^th 2022 at 16:46

Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutes

Naked Security

That didn’t last! Microsoft turns off the Office security it just turned on

By: Paul Ducklin — July 11^th 2022 at 13:27

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

Naked Security

Facebook 2FA phish arrives just 28 minutes after scam domain created

By: Paul Ducklin — July 1^st 2022 at 20:01

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.

Naked Security

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

By: Paul Ducklin — June 16^th 2022 at 16:52

Lastest epsiode - listen now!

Naked Security

Know your enemy! Learn how cybercrime adversaries get in…

By: Paul Ducklin — June 7^th 2022 at 15:49

Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!

Naked Security

S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]

By: Paul Ducklin — June 2^nd 2022 at 15:37

Latest episode - listen now!

Naked Security

Beware the Smish! Home delivery scams with a professional feel…

By: Paul Ducklin — May 30^th 2022 at 17:59

Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...

Naked Security

Phishing goes KISS: Don’t let plain and simple messages catch you out!

By: Paul Ducklin — April 25^th 2022 at 16:58

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

Naked Security

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

By: Paul Ducklin — March 3^rd 2022 at 14:04

Latest episode - listen now (or read it, if that's your preference)...

Naked Security

Instagram scammers as busy as ever: passwords and 2FA codes at risk

By: Paul Ducklin — February 28^th 2022 at 17:56

Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...

Naked Security

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

By: Paul Ducklin — February 24^th 2022 at 16:51

Latest episode - listen now!

Naked Security

Microsoft blocks web installation of its own App Installer files

By: Paul Ducklin — February 7^th 2022 at 16:36

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Naked Security

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

By: Paul Ducklin — January 28^th 2022 at 23:58

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Naked Security

Instagram copyright infringment scams – don’t get sucked in!

By: Paul Ducklin — December 30^th 2021 at 14:40

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams...

Naked Security

Black Friday and Cyber Monday – here’s what you REALLY need to do!

By: Paul Ducklin — November 22^nd 2021 at 12:52

The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?

Naked Security

“Customer complaint” email scam preys on your fear of getting into trouble at work

By: Paul Ducklin — November 5^th 2021 at 17:49

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.