Archive for the ‘security’ Category


1. Secure your WIFI connection

secure your digital life from hackersHome users are particularly prone to leaving their routers open without passwords, in order to make sure that you’re protected check your router settings to verify whether encryption is turned on or not. leaving access unencrypted can be just a minor issue of bandwidth being stolen by unauthorized users freeloading off your connection to more serious cybercrimes like credit card fraud or hacking taking place using your internet connection, which may be traced back to you.

The majority of routers support encrypted connections, support either WEP or WPA/WPA2, always opt for WPA/WPA2 as it’s far more secure. If you have the option hide SSID broadcast, turn that on as well, it basically allows you to make your wireless router invisible to outsiders and they need to know your SSID to access the network.

2. Encrypt your hard drive

secure your digital life from hackersIt’s important to keep your data secure in case of loss of hardware or even theft. An encrypted hard drive basically prevents its contents from being access without the password. It is obviously more important to encrypt thumb drives and laptop drives. Windows 7 Ultimate and Business editions come with a built in hard drive functionality using a software called BitLocker which will encrypt your entire hard drive, but users with Home Premium or Basic users shouldn’t feel left out as there is a free way to encrypt your hard drive using trucrypt.

Mac users can use FileVault to encrypt their folders, and OSX Lion will allow you to encrypt your entire hard drive as well.You can also get hardware encryption which will use fingerprint recognition to unlock data inside the drive like the Lacie Rugged Safe.

3. Keep your software updated

secure your digital life from hackersIt’s a given that you need to keep your operating system, antivirus and web browser up to date in order to protect yourself from exploits, and if you haven’t got automatic update turned on for them, you should do it now.

However a lot of users often overlook other software such as Acrobat Reader, Flash, Java and iTunes when it comes to keeping software updated. It’s important to realize that many of these applications have direct access to the operating system, and an exploit in these applications can be used as a gateway into your system files. Flash and Acrobat are used heavily with web browsers which is the number one source of malware infections.

4. Upgrade your antivirus suite.

secure your digital life from hackersIt’s as important to keep your virus suite updated as much as it is to keep your virus definitions updated. The reason for this is because antivirus software evolve in the way they deal with malware, such as introducing heuristic technologies which identify common traits of viruses, the way they interact with the system and actively block these scripts. This is why having an outdated antivirus software, despite updated virus definitions may not provide the best possible protection. If you’re using an older version of antivirus software you may entitled to discounted upgrades to newer versions.

5. Secure your smartphones

secure your digital life from hackersMany people completely overlook this fact, but smartphones are essentially mini computers which hold swathes of personal information about you. They often hold logins to your facebook/twitter accounts which are set on auto login, online banking and other financial information as well as access to email. If someone gets hold of all these details it can cause a lot of stress and havoc to your life.

It’s vital to keep your devices with password lock activated, additionally you should take some precautionary measures in case you lose your device.

Apple has a very cool security software called Find my iPhone which is a free app by Apple, which lets you track your phone by GPS, lock and remotely delete data from it. You can even use it just to locate your iPhone if you misplace it, causing it to sound an alarm.

For Android users it’s important to stay protected, smartphones are just as vulnerable to viruses as a PC, although the android platform is more prone to them than apple due to the open platform nature of the former. Android phones require antivirus protection, all the popular desktop antivirus brands offer android support as well.

The app store is less prone to malware due to the fact that all apps are vetted by Apple before publishing, although if you’ve jail broken your iPhone, antivirus protection may be something you need to look at.

6. Vet web page links using a link checker

Cyber criminals are using sophisticated strategies to drive users onto their web pages, increasingly innocent websites are being targeted using exploits to find security holes to hack and implant code on them which can launch JavaScript applications and infect computers when users visit the infected site. Link checkers scan links on your search results and optionally other websites and indicate whether links are safe, websites are scanned by their own servers so it does not impair your computer performance. Link checkers are available with most anti malware security suites such as with AVG, McAfee and Symantec.

7. Laptop Security for mobile workers

secure your digital life from hackersLaptops thefts are common, and are easy targets due to their transportable nature. If you work away from your office it’s important to invest in a Kensington Lock. While a lock won’t prevent trained thieves armed with cable cutters, it will prevent opportunistic thieves which is the overwhelming majority of laptop thefts.

It’s also important to keep prying eyes away from your data, always password protect your login, and when leaving your laptop unattended, using the screen lock feature in Windows to prevent unauthorized users from looking at or accessing your information.

If you work with particularly sensitive data a privacy screen may provide an added level of protection, the screen is only viewable to the person sitting directly in front, so people sitting around you cannot look at your screen. Targus and 3M are well known for producing privacy screens for all manner of monitor sizes.

8. HTTPS encryption for websites

secure your digital life from hackersMost people are well informed with the necessity of using https secure connections with online shopping when entering sensitive personal information. However, it can be argued that websites like facebook, twitter, gmail and others hold equally sensitive information about you.

Did you know you can elect to use https secure connections on these websites? For case by case uses, you can insert a ‘s’ after the http on the web address, if there isn’t one already to access the site securely. However if you want to access the sites securely every time you visit, you can login select the option to always use https in the profile settings.

9. Use online backup to keep an offsite storage of your files.

secure your digital life from hackersA great way for mobile workers to keep data kept safe and secure while on the move is to use online backup, this provides great peace of mind if your computer gets lost, as it allows you to recover your files from the cloud. Online backup services like Sugar Sync also provide users with high level synchronization features which can be used as a great time management tool as well, as it keeps data across all your computers consistent and up to date. You can look up various online backup reviews here to compare their features and read up user reviews.

10. Avoid public wifi and public computers.

Using public computers can be incredibly risky as malware and key loggers can be installed to track your keystrokes and cached files in order to gain access to your private information.

secure your digital life from hackersAdditionally, public wifi connections can be risky as the servers can be breached with malware additionally phantom hotspots can be set up which appear like legitimate hotspots, but are actually other ordinary laptops which act as a middleman eavesdropping into the connection.

An example on how cached data can be hijacked to login to your web accounts can be demonstrated using FireSheep.

Thankfully mobile 3G internet connections are becoming more affordable, and are often faster than public wifi hotspots. 3G connections are far more secure, additionally you may be able to tether your Smartphone internet connection to work on your laptop. I hope this article helped you all for sure. And do follow these above 10 steps and secure your digital life from hackers.

Advertisements

Former CEO Steve Jobs handles the iPhone 4 at WWDC 2010. Photo: Jon Snyder/Wired.com

A little more light has been shed on the odd story of Apple losing another iPhone prototype in a Bay Area bar.

The man who’s home was searched by what he believed to be San Francisco Police Department officers was Bernal Heights resident Sergio Calderón, SF Weekly discovered. And the police officers? They may have been investigators working for Apple who were actually impersonating police officers.

Impersonating a police officer is a misdemeanor in California, and is punishable by up to a year of jail time. Another option is that Apple was working with police officers, and a proper report was never filed. When the SFPD has been called and asked about the Apple incident, representatives said they had no knowledge of the search.

“This is something that’s going to need to be investigated now,” SFPD spokesman Lt. Troy Dangerfield told SF Weekly. “If this guy is saying that the people said they were SFPD, that’s a big deal.”

On Wednesday CNET News.com reported that in late July an Apple representative lost a “priceless” next generation iPhone prototype in San Francisco bar Cava 22. Apple reportedly used GPS to track the phone to a Bernal Heights area home, where police officers were given permission to search the home for the device. The resident was offered money by Apple for the iPhone’s safe return, but it was not turned in. The phone was sold on Craigslist for $200, according to CNET, but no independent evidence of the post has surfaced.

The incident is reminiscent of what happened last year when an iPhone 4 prototype was left at a Redwood City bar, and purchased for $5,000 by Gizmodo.

Here’s what went down, according to the new report by SF Weekly:

Calderón said that at about 6 p.m. six people — four men and two women — wearing badges of some kind showed up at his door. “They said, ‘Hey, Sergio, we’re from the San Francisco Police Department.’” He said they asked him whether he had been at Cava 22 over the weekend (he had) and told him that they had traced a lost iPhone to his home using GPS.

They did not say they were there on Apple’s behalf, but they said that the “owner of the phone” would offer Calderón $300 for the phone.

Calderón told SF Weekly that he was threatened by the law-enforcement officers when they visited his house, and said that he has no knowledge of the prototype.

One of the officers who visited the Calderón household was a man named “Tony”. He left his phone number with Calderón in case he discovered any information about the lost phone. It turns out the phone number belongs to an ex-cop named Anthony Colon, who apparently now works for Apple. A search on LinkedIn found that Colon works as a special investigator for Apple and is a former San Jose police officer. That page is now removed from the site, but caches can still be viewed.

This tale keeps getting weirder and weirder. Apple hasn’t returned phone calls on the matter from Wired.com.


Karsten Nohl

A German computer boffin has worked out a way to crack code used to encrypt most of the world’s mobile Internet traffic. Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards.

Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK’s mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication.

The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs.”With our technology we can capture GPRS data communications in a radius of 5 km,” he told the paper before heading to a meeting of the Chaos Computer Club, a group that describes itself as Europe’s largest hacker coalition.

Nohl, who has a doctorate in computer engineering from the University of Virginia, insisted his work was purely academic. “We have written advice from our lawyers stating that our research is within the legal realm,” he said. “Obviously the data we produce could of course be used for illegitimate purposes.”

His modified phone was used to test networks in Germany, Italy and other European countries. In Germany, decrypted and read data transmissions on T-Mobile, O2 Germany, Vodafone and E-Plus. This was pretty easy because the level of encryption was weak.

Nohl, makes his cash working for mobile operators who hire him to detect vulnerabilities in their systems. He said that many operators run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype.

Filed in: Featured News, Hacking News, Security News, Technical News Tags: , ,

Hacked in 60 SecondsForget your car keys? Soon it won’t make a difference, as long as you have your laptop. An interesting viral Web video (see below) making the rounds since the Black Hat cybersecurity conference earlier this month depicts two researchers from iSEC Partners(a San Francisco-based security firm) breaking into a 1998 Subaru Outback via their PC. In less than 60 seconds, they wirelessly find the car’s security system module, bypass it and start the engine remotely.

iSEC researchers Don Bailey and Mat Solnik claim to be able to hack their way into a securely locked car because its alarm relies on a cell phone or satellite network that can receive commands via text messaging. Devices connecting via a cellular or satellite network are assigned the equivalent of a phone number or Web address. If hackers can figure out the number or address for a particular car, they could use a PC to send commands via text messages that instruct the car to disarm, unlock and start.

One of the reasons this text-messaging approach is disconcerting is that text messages aren’t so easy to block, unless you don’t want to receive any texts (either to your car or phone). Google Voice, iBlacklist and a few others (including wireless carriers AT&T and Verizon) do offer some tools for filtering unwanted text messages.

The researchers acknowledge that stealing a particular car would be difficult because you would have to know that car’s number or address, neither of which are easy to find. What bothers them more is that wireless-enabled systems are showing up not just in cars but also in Supervisory Control and Data Acquisition  (SCADA) systems that control and secure power plants, water-treatment facilities and other components of the nation’s critical infrastructure, they told CNET.

iSEC isn’t the only research team to have caught on to the dangers of ubiquitous networking. As Scientific American reported in April, researchers from the University of California, San Diego (UCSD), and the University of Washington in Seattle likewise claimed that a hacker could insert malicious software onto a car’s computer system using the vehicle’s Bluetooth and cell phone connections, allowing someone to use a mobile phone to unlock the car’s doors and start its engine remotely. UCSD computer science professor Stefan Savage and Washington assistant computer science and engineering professor Tadayoshi Kohno had also previously demonstrated the ability to use a computer plugged into a car’s On-Board Diagnostic system (OBD–II) port to take control of the electronic control units to (among other things) disable the brakes, selectively brake individual wheels on demand, and stop the engine—all independent of the driver’s actions (pdf). This was not done wirelessly but did highlight vulnerabilities that car-makers might want to investigate as they continue to open up their vehicles to outside communications.


After venting out their ire against Sony PlayStation Network and Sony Pictures, hackers have pointed their guns at the Federal Bureau of Investigation.

The group LulzSec has hacked an FBI-affiliated website called InfraGard and siphoned off with the details of around 180 users. The attack was on their Atlanta chapter.

InfraGard is a government and private sector alliance which provides actionable intelligence to protect critical national information infrastructure. The website defines its role as: “InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.” The site has over 42,026 members.

The recently-drafted cyber strategy of the U.S. Department of Defense (DoD) that termed hacking as an “act of war” was cited by LulzSec as the primary reason for attacking the government site.

LulzSec stole username, e-mail IDs, and passwords of users from the website. The hackers further stated that most of the users stood in contradiction to FBI rule under which they are not supposed to use the same password on other websites — an anomaly which is “heavily frowned upon in the FBI and Infragard handbook.”

This glitch led the hackers to lay bare the email id of one of the InfraGard users Karim Hijazi. He re-used his password for InfraGard website to access his personal Gmail account. Using details from Hijazi’s account, the hackers were able to enter into his company called “Unveillance”, a whitehat firm that holds expertise in data breaches and botnets.

The hackers then contacted Hijazi, who they claimed was willing to offer them funds to eliminate his competitors in the market. Hijazi was also reportedly willing to part with the “inside info” in return for hackers’ silence.

LulzSec also warned that Unveillance was formulating an operation to seize control of Libyan cyberspace through unlawful means. It states that the U.S. government is funding the CSFI to attack Libya’s cyberspace. The hackers also published e-mails of 23 people who are supposedly involved in the project.

LulzSec claims that it recently hacked Sony Pictures and stole personal details of over 1,000,000 users. The information stolen included passwords, email address, home address and date of birth. They also stole admin details which included 75,000 music codes and 3.5 million music coupons.

In the SonyPictures fiasco the hacker group claims that Sony stored user password in plain text instead of encrypting the information. LulzSec said that this loophole meant Sony was “asking for it”.

Since they mentioned Libya and NATO in their message, will NATO be the next target?


Final Fantasy maker Square Enix hacked

Deus Ex Human Revolution image The Deus Ex website was one of those hit. Hackers may have stolen users’ e-mail addresses.

Hackers have broken into two websites belonging to Japanese video games maker Square Enix.

The company confirmed that the e-mail addresses of up to 25,000 customers who had registered for product updates may have been stolen as a result.

Resumes of 350 people applying for jobs in its Canadian office could also have been copied from the web servers.

Square Enix, which makes the popular Final Fantasy, Deus Ex and Tomb Raider games, apologised for the breach.

In a statement, it said: “Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites.

“We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.”

It is understood that the websites affected were Eidosmontreal.com, run by Square Enix’s subsidiary Eidos, and Deusex.com, a promotional site for the forthcoming game, Deus Ex: Human Revolution.

Scammer’s dream

Graham Cluley, a consultant at security firm Sophos, warned that both leaks could cause problems for the individuals concerned.

“With the e-mail there is a danger that gamers could be e-mailed by someone pretending to be from the company who gets them to click on a link or run some malicious software,” he told BBC News.

“The resumes are a blueprint for identity theft. They have everything that scammers want. The only thing missing is credit card information.”

Mr Cluley pointed out that there was also the potential for huge embarrassment as it was unlikely those who had applied for jobs would want their current employers to know.

Square Enix said there was no evidence that the information had been distributed.

It also emphasised that the company does not hold customers’ credit card data on its web servers.

Mr Chippy

Shortly after the attack, both websites displayed the message “Owned by Chippy1337”, as well as several other known hacker names, including Xero, XiX and Venuism.

However, it appears that some or all of those names may have been misappropriated by the real attackers.

Lara Croft Tomb Raider maker Eidos owned one of the hacked sites. The company is owned by Square Enix

Logs of Internet Relay Chat (IRC) conversations have appeared on the online, which appear to show the perpetrators discussing the hack as they carried it out.

In one section, the individuals taking part wrote: “We put it in the name of chippy1337 and write the names ryan, dfs, xero, nikon, xix, venuism and evilhom3r.

The same person then added the comment, “lol [laugh out loud]”.

Security in the video games industry has been in the spotlight in recent weeks after the hacking attacks on Sony’s PlayStation Network and SOE online multiplayer system.

The personal details of around 100 million users were stolen from the company’s servers.

Investigations into the source of the data breach are continuing, with specialist computer forensic teams and the FBI getting involved.

The PlayStation Network remains offline, more than three weeks after the intrusion was discovered.

follow at xbee30 on twitter


Hackers Steal Data From Simon Cowell’s X-Factor

May. 6 2011 – 7:02 am
Simon Cowell at the National Television Awards...Image via Wikipedia

UPDATE: A spokesperson for Fox says the network is COPPA compliant and blocked people under 13 years of age from registering for X Factor audition information on Fox.com. “This is a matter that we take very seriously,” the spokesperson says.

——-

Cyber criminals have been on stealing spree of late. Not long after the the theft of more than 100 million user account details from Sony, Fox has confirmed that hackers also breached fox.com and obtained a file of details on 73,000 people who requested information about the X-Factor auditions.

The Fox TV show. which is an Americanized version of a British talent program. begins filming today. The winner of the show gets a $5 million recording contract with Cowell’s Syco music label and Sony Music.

A spokesperson for Fox tells me that media reports about the hacking incident incorrectly stated that data for 250,000 people had been compromised and that the correct number was “about 73,000.” They added that the data, which was stolen last week, did not include financial information, social security numbers or user names and passwords.

“We took immediate action to stop the illegal intrusion and began working with federal authorities,” said Gaude Paez of Fox. “We’ve [sent] emails to impacted registrants to notify them of the unauthorised access and providing [sic] them information to help them guard against spam and phishing.”

Carole Therelaut of Naked Security points out that the data breach comes after the X-Factor changed its rules in the U.S. to allow children as young as 12 to enter its competition, unnervingly putting personal data on pre-teens in the hands of faceless hackers.

Cowell’s troubles come amid a wave of cyber security issues making the news this week. In entertainment, the French DJ David Guetta has reportedly employed an ex-Pentagon investigator to look into the theft by hackers of his new single. According to BBC Newsbeat, Guetta says parts of the song “Where Them Girls At” featuring Nicki Minaj were stolen by a hacker who added their own production and posted it online, claiming it was Guetta’s.

Yesterday it emerged that Last Pass, a service that syncs with browsers to let you control a variety of passwords with one master password, had asked its users to change their master passwords after discovering a potential breach to its database. In its latest blog post Last Pass said the issue affects roughly 0.5% of users.  Read PC World’s interview with the CEO of Last Pass here.

Sony is meanwhile offering American customers affected by a massive security breach, $1 million-insurance policies and a year of identity theft protection, according to Bloomberg. It comes after 101.6 million user accounts on Sony’s PlayStation Network and the Sony Online Entertainment network for gamers were compromised by hackers.


Sony’s Response to the U.S. House of Representatives

+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media

Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”

Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you (click here).

In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:

  1. Act with care and caution.
  2. Provide relevant information to the public when it has been verified.
  3. Take responsibility for our obligations to our customers.
  4. Work with law enforcement authorities.

We also informed the subcommittee of the following:

  • Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
  • We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
  • By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
  • As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
  • Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
  • We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.

We told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the “Welcome Back” program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.

We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly. We hope this update is helpful to you, and we will continue to keep you posted as we work to restore our network and provide you with both the entertainment and the security you deserve.


Stats › February 2010

click map for a larger version

Published: March 1, 2010

The statistics on this page are for February 1, 2010 through February 28, 2010.

Total Submissions: 17,855

The total number of suspected phishes submitted by the PhishTank community.

Valid Phishes: 9,946

The total number of submissions verified as valid by the PhishTank community.

Invalid Phishes: 526

The total number of submissions verified as invalid by the PhishTank community.

Note: Many phishing emails were offline at the time of submission to PhishTank. Offline phishes cannot be voted on, and therefore cannot be verified.

Total Votes: 69,430

The total number of “is a phish,” “is not a phish,” and “I don’t know” votes made by the PhishTank community.

Median Time To Verify: 08 hours, 08 minutes

The median time it took the PhishTank community to verify submissions as valid or invalid.

Most Active Users

Out of the more than 20,000 members of the PhishTank community, these members were the most active in February 2010.

Note: One member account (PhishReporter) represents an organization, not an individual.

Top 10 Submitters (submissions)
1 PhishReporter (8,209)
2 cleanmx (2,403)
3 propriome (1,381)
4 balomish (721)
5 joewein (459)
6 zender (417)
7 mxlab (360)
8 buaya (217)
9 phishir (188)
10 zender2 (135)
Top 10 Verifiers (votes)
1 stuartgrant (15,029)
2 buaya (12,070)
3 NotBuyingIt (8,069)
4 marcoadfox (7,613)
5 cybercrime (5,166)
6 Aminof (4,477)
7 tetak (4,250)
8 theGeezer (3,040)
9 Jdunnivan (717)
10 mgeide (717)

Phishing URLs

In February, 475 phishes (5% of valid phishes that month) used an IP address (i.e. http://12.34.56.78) and 9,471 (or 95%) used a domain name (i.e. http://example.com).

Top 10 Domains (valid phishes)
1 t35.com (559)
2 altervista.org (522)
3 slaenmex.com (501)
4 express-order.ru (421)
5 udaswy.cz (215)
6 webhosting-solutions.co.uk (134)
7 justfree.com (114)
8 pochta.ru (73)
9 nob2o.com (67)
10 radiosportfm.tg (62)
Top 10 IPs (valid phishes)
1 201.130.79.54 (505)
2 69.10.48.106 (458)
3 66.45.237.212 (438)
4 89.111.176.21 (421)
5 194.67.36.117 (149)
6 206.251.130.233 (135)
7 77.92.91.153 (134)
8 205.134.162.147 (115)
9 67.220.228.213 (113)
10 78.129.205.116 (92)

Networks That Host Phishes

The servers hosting verified phishes are under the responsibility of these networks. PhishTank knows this because it traces phishing Web sites to an IP address. These are the organizations responsible for those IP addresses.

Top 10 Networks Valid Phishes
1 NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC 562
2 MetroRED Telecom Services 505
3 RAPIDSWITCH-AS RapidSwitch 457
4 CENTROHOST-AS JSC Centrohost 431
5 ThePlanet.com Internet Services, Inc. 315
6 iWeb Technologies Inc. 239
7 SoftLayer Technologies Inc. 203
8 OVH OVH 198
9 Limestone Networks, Inc. 176
10 SOVAM-AS Golden Telecom, Moscow, Russia 159

Popular Targets

These are the brands that were fraudulently represented in phishing emails. Targets are identified by the submitter at the time of submission, or determined by PhishTank’s software to the best of its ability. The majority of phishes are not categorized with a target.

Top 10 Identified Targets Valid Phishes
1 PayPal 8,488
2 Internal Revenue Service 772
3 Facebook 715
4 HSBC Group 458
5 Bank of America Corporation 134
6 Tibia 130
7 eBay, Inc. 124
8 World of Warcraft 111
9 HSBC 103
10 Amazon.com 86


“Security experts are calling on Facebook to implement a three-point plan to improve safety online. Sophos says it receives reports every day of crime and fraud on Facebook, and that victims are desperate for advice on how to clean up their profiles and undo the consequences. In an open letter to Facebook, the firm calls upon the social networking giant to adopt three principles: privacy by default (opt-in sharing), vetted app developers, and use of https whenever possible. ‘Our question to Facebook is this — why wait until regulators force your hand on privacy? Act now for the greater good of all.'”