Social Engineering

Unicode Domain Phishing Attack Resurfaces
Hacking, Social Engineering

Unicode Domain Phishing Attack Resurfaces

Researchers are warning about a phishing attack that abuses the way some browsers handle unicode characters to display attack domains that are identical to legitimate ones. The concept behind the attack is quite old, but it has resurfaced in the current versions of both Firefox and Chrome. The attack relies […]

Inside the Tech Support Scam Ecosystem
Phone Fraud, Social Engineering

Inside the Tech Support Scam Ecosystem

A pair of doctoral students and their advisor, looking for insights into the inner workings of tech support scams, spent eight months collecting data on and studying the tactics and infrastructure of the scammers, using a purpose-built tool. What they uncovered is a complex, technically sophisticated ecosystem supported by malvertising and […]

Your Brain Is Bad at Security
Social Engineering

Your Brain Is Bad at Security

OAKLAND–Security teams are frustrated constantly by users who ignore warnings about phishing sites, bad certificates, or malware, and just click through to get wherever they were going. It turns out that behavior probably isn’t the users’ fault. It’s just human nature. There are many reasons why this behavior persists, even when users […]