Recent Posts

Recent Blog Posts

The PhishLabs Blog

No more Full Disclosure, EA server used for phishing - The Week in Cybercrime - March 21, 2014

Posted by Stacy Shelley on Mar 21, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Highly-regarded threat researcher Don Jackson joins to serve as Director of Threat Intelligence and security analytics innovator Christopher O'Rourke joins as our Senior Product Manager. 

The longstanding mailing list for publishing vulnerabilities has closed it's doors. Full Disclosure has seen it's fair share of controversy over the years, and the announcement from admin John Cartwright credits a recent dispute with an "individual researcher" as the tipping point for the decision. 

Want to know how professional phishing operations carry out attacks? Check out the Inside the Phishing Ecosystem blog series. The second posts focuses on launch steps after a phishing site has been staged. In the post, we walk through how phishers set up emailer programs, get their hands on email address lists, and craft convincing phishing emails.

One of EA Games' servers was hacked via a known vulnerability in the 2008 version of a PHP-based calendar application. From there, phishers installed a phishing site targeting Apple IDs. Web software and plugins are top targets for fraudsters looking to host malicious content. Especially those used on popular domains because they are less likely to be blacklisted in safe browsing filters...

The U.S. Department of Justice has indicted 3 alleged cybercriminals for attempting to steal $15M by compromising customer bank accounts, transferring funds to accounts they controlled, and feeding the funds into cash out operations that used stolen identities. Good to see continued progress towards prosecuting cybercriminals - just wish there was more!


Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all