Security News

For anyone who is a Stripe user - even if they haven't logged in for a while - the email seems pretty genuine. OK, the button didn't head to a Stripe domain, but the link didn't look particularly out of place, either - it was an HTTPS link to a regular-looking.com domain.

First, while the most recent versions of this stealthy phish targeted corporate users of Microsoft's Office 365 service, the same approach could be leveraged to ensnare users of many other cloud providers. In early December, security experts at PhishLabs detailed a sophisticated phishing scheme targeting Office 365 users that used a malicious link which took people who clicked to an official Office 365 login page - login.

Threatpost editors discuss this week's biggest news - from a data breach of Bed Bath & Beyond, a tricky phishing attack and widespread APT activity.

Developer interfaces used by Security Research Labs researchers to turn digital home assistants into ‘Smart Spies’.

We recently showed you how crooks rip off social networking passwords - here's what they do with stolen accounts.

Percentage-based URL encoding plus Google domain trickery is helping malicious emails to evade filters.

Your Instagram account has value to the crooks - so they're coming up with some cunning tricks to get at your passsword.

A round of phishing emails purports to be from job seekers - but actually uses a slew of detection evasion tactics to download malware on victim systems.

The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.

Spammers and scammers are getting better at spelling and grammar - so make sure you aren't relying on language alone to spot phishes...