[Previous] Be Protected from Twitter-like Phishing Scams with Internet...

 [Next] Phishing in Irish...

Some related posts from Technorati and Google.

[TechCrunch] Twitter Responds To Phishing Attack: Twitter’s suffering some degree of embarrassment as a result of phishing and so it’s easier for them to attempt to address it like this rather than implementing the proper security mechanisms (especially extended validation ssl, which we at VeriSign are hoping to see a lot more socnets get on board with). This wouldn’t solve the problem of hacks through third-party apps like Tweetdeck but it would at least protect users accessing Twitter in a browser, where there’s so much that can go awry.

[The Last Watchdog] Unstoppable new phishing attacks blanket Facebook, Twitter ...: Unlike the attackers spreading ZeuS infections, the Bredolab campaigners do not try to first get the recipient to type in his or her password. As shown below, this criminal gang cut right to the quick and asks you to download a zip file that installs the Bredolab wormhole, according to security firm M86.

[African-elephant.co.uk] CAN STRONG AUTHENTICATION SORT OUT PHISHING AND FRAUD?: Add to Mister Wong Add to Netscape Add to reddit Add to Stumble Upon Add to Technorati Add to Tip'd Add to Twitter Add to Yahoo My Web Hide Sites. Tags:AUTHENTICATION,Fraud,Phishing,Sort,Strong .

[InSecurity Complex] Twitter users warned about new phishing attack | InSecurity ...: At VeriSign we note this as more reason to encrypt sites (not just financial and ecommerce) And internet users and development folks have their piece of this action to respond to, but if, for example, if SocNet's like Twitter, Facebook, were encrypted with Extended Validation SSL, it would cut down on phishing attempts that could compromise log-in credentials across multiple websites.

[SIS Blog] Online Security Tip No. 2: Phishing Scams - SIS Blog: According to nophishing.org, “Phishing” is when criminals use email, phone and online scams to purposefully and maliciously trick people into sharing information such as passwords, social security numbers, account and credit card .You can also click on it to view the certificate information published by VeriSign, a trusted certificate provider.

[Switched] Twitter Hit by Another Direct Message Phishing Scam: But here at VeriSign we feel that a multiple layered approach to security is best; just to give an example, phishers often embed false links via other routes as well (Twitter, etc) where following urls is not often seen as an issue.

[Entrepreneur & Self-Employed Business Journal] Avoid Becoming Phish Bait: Identifying Scams on the Web ...: Statistics from a recent survey commissioned by VeriSign reveal that 88 percent of U.S. Web surfers are unable to identify various forms of phishing Web sites from authentic sites they emulate in a side-by-side comparison. The survey, which was also conducted in Germany, Sweden, Australia, India, Denmark and the United Kingdom, shows that U.S. Internet users were least likely to identify the telltale signs of a phishing site.

[Dean Collins] Dean Collins: de-latinisation of the web: I've got memories of reading a Tim Berners-Lee quote, whereby when he invented the WWW he envisaged people clicking on textual hyperlinks and never actually viewing the URL behind it. The trust comes from the digital signature retrieved from the URL, rather than from the URL itself.

[Simple Thoughts - Java and Web Blog] Is India a Potential Target of Cyber Terrorism?: McAfee India's technical product manager Vinoo Thomas said that Cybercriminals today keep an eye on what keywords users mostly search now a days and based upon that they develop viruses, spams, phishing emails and botnets. "Malware authors make use of breaking .

[CNET Blogs] Gmail also hit by e-mail phishing scheme | Webware - CNET: I work for VeriSign and see of validation for two factor authentication here, because in those instances leaking the world's strongest (or weakest) password won't matter if you don't have the proper token. So maybe it isn't totally the fault of the email providers except indirectly, since there are potentially helpful technologies out there they aren't taking advantage of (probably due to financial reasons, to keep the email free?).

[Sean Michael Kerner] Report: Most users can't spot a phishing site - InternetNews:The ...: VeriSign is out with a new report this morning, stating that 88 percent of web users in the US can't identify phishing sites. Phishing sites are spoofed sites of legitimate sites that aim to trick users into giving up information.

[Search Engine Optimization Blog] Twitt.er, Twe.et or Tw.it? | Search Engine Optimization Blog: Bit.ly is a newer competitor to TinyURL that launched by raising $2 million from several prominent angel investors. One of the bit.ly backers is Betaworks, the startup accelerator behind Twitter related companies such as Summize (acquired by Twitter in July 2008), and has Twitter investors and advisors Chris Sacca and Ron Conway on their team.

[Graham Cluley's blog] Sophos and bit.ly - making short links safer | Graham Cluley's blog: Of course, it shouldn't be forgotten that bit.ly is just one of many URL-shortening services out there - and I'm not aware of any which are currently working as hard to fight the bad guys as bit.ly are. It's possible that the cybercriminals might switch their focus to other less well-known URL shorteners when planting traps for unwary users - so now is not the time to let your guard down.

[ESET ThreatBlog] Extended Validation SSL | ESET ThreatBlog: just to give an example, phishers often embed false links via other routes as well (Twitter, etc) where following urls is not often seen as an issue. If users, however, can immediately see that a Web site is either a potential phishing site or one that has gone through extensive authentication checks (as EV SSL provides), this will no doubt benefit them.

Reflected tags on Technorati: Blog, Phishing, Global Security Watch