PhishingScams
Latest
Sophisticated hack attack? Don't believe the hype.
You wouldn't believe how sophisticated hacking has become in the past few years. It has, in fact, gotten so mind-blowingly complex and erudite that this word, sophisticated, is now the only one human beings can really use to describe any single act of computer-security violation. Actually, no. The word, at best, has almost always been used to cover up egregious screwups of breached companies, and shoddy reporting. Or, when at a loss to understand even the most mundane of hacks. Even high-minded publications step into infosec's linguistic dung heap and track the word throughout their pieces on whatever latest rehashed cyber-bomb hysteria-of-the-week they're pushing.
Guild Wars 2 account phishing, outstanding issues [Updated]
With a game as large as Guild Wars 2, it's inevitable that the unscrupulous would try to compromise accounts. Perhaps the only unexpected part was how quickly the hacking attempts started -- even before launch players were receiving notifications of these attempts. And the problem appears to be escalating as more players are affected. Along with many others, multiple Massively staff received an email (or two) stating that someone had requested a password change, and it definitely wasn't them. In the case of receiving this notification, do as ArenaNet instructs in the email: Nothing. Some folks are also reporting phishing attempts to obtain account information. Never reply to such email, and remember that ArenaNet will never ask for your password. Players can take steps to increase their account security. Since the log-in name is required to be an email address, use an email dedicated to only the GW2 game account and nothing else. Also, make sure you use a unique (and hard to guess) password and never share it. [Update: Reader Ring Bonefield sent us this link to a discussion on Reddit in which ANet employees request that those players using an exclusive email address for GW2 file a support ticket to help the studio investigate the claims. ArenaNet has also published on Reddit a list of outstanding issues relating to security, grouping, forums, trading post, and more.]
AppleCare rep tells Ed Bott Mac malware reports are up
An anonymous AppleCare support representative spoke to ZDNet's Ed Bott over the weekend, telling the reporter that complaints about malware infections on the Mac increased significantly in the first half of May. "This last week over 50% of our calls have been about [malware]," said the AppleCare staffer. "In two days last week I personally took 60 calls that referred to Mac Defender." Earlier this month, a new series of malicious software packages with names like "Mac Defender," "Mac Security" and "Mac Protector" began to assault Apple's computing platform. Websites would alert users their Macs were infected and persuade them to download and install "Mac Defender" to protect their computers from the alleged attack. Rather than eliminate malware, these trojans prompt users to provide credit card information to their authors. It's all a scam. Even so, the scam appears to be quite effective. The AppleCare staffer claims many callers believed the warnings from these malware packages were legitimate or came from Apple, and in the last week, call volume for the computer-maker's support lines was up to five times higher than normal. "I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls," the AppleCare representative told Bott. It's unclear from Bott's interview how many callers had actually installed the phony "Mac Defender" software and how many were calling to verify the authenticity of an alert on a website claiming their computers were infected. The AppleCare staffer's facts and figures are notably anecdotal. It's difficult, for example, to reconcile a five-fold increase in call volume since the malware attacks began when only half the calls have to do with "Mac Defender." Although the AppleCare staffer's story sounds a lot like a surfer boasting about a tremendous wave, it's important to use common sense when installing software from the internet. Unlike a virus or worm that sneaks onto a computer without authorization, trojans like "Mac Defender" require an administrator to provide his or her password and knowingly install the malicious software. When TUAW first reported these malware attacks, we offered some helpful tips for avoiding these digital con games. Is this AppleCare representative capitalizing on the latest wave of Mac malware hype and exaggerating his or her story for attention? Or is the "Mac Defender" family of trojans really gaining traction among a community of unsuspecting Mac users? Let us know what you think in the comments.
