Basically, phishing is a type of fraud that aims to extract personal data: logins, passwords, wallet numbers, and so forth. It’s essentially digital social engineering.

There’s a variety of phishing known as spear phishing. What distinguishes spear phishing from other types of phishing is that it targets a specific person or employees of a specific company. That targeting makes spear phishing more dangerous; cybercriminals meticulously gather information about the victim to make the “bait” more enticing. A well-produced spear phishing e-mail can be very difficult to distinguish from a legitimate one. So, spear phishing makes it easier to hook the victim.

The holidays are upon us, and so it is to remind ourselves once again of just how much cyber criminals enjoy playing on the very fears of consumer fraud they elicit.

If the last thing you want interrupting your time with friends and loved ones is a slew of fraudulent bank charges, you’ll need to keep your wits about you. As you read this, an illicit campaign is underway to deceive PayPal users into believing recent transactions they’ve made “could not be verified.” In emails bearing PayPal’s logo, consumers are warned that PayPal has detected suspicious activity on their accounts and that the company requires updated information to avoid fraudulent charges. 

Hackers have launched a new phishing campaign against LinkedIn members that uses compromised LinkedIn accounts to send messages with malicious links and downloads to potential victims in an attempt to steal credentials and personal information.

The campaign, first spotted by security researchers at cybersecurity firm Malwarebtyes, makes use of real LinkedIn accounts that have been compromised in order to make the phishing messages sent via LinkedIn’s messaging system appear legitimate. According to Malwarebytes researchers, the attackers have managed to hijack a number of LinkedIn member accounts.

Twice in five days, developers of Chrome browser extensions have lost control of their code after unidentified attackers compromised the Google Chrome Web Store accounts used to issue updates.

The most recent case happened Wednesday to Chris Pederick, creator of the Web Developer extension. Last Friday, developers of Copyfish, a browser extension that performs optical character recognition, also had their account hijacked. In both cases, the attackers used the unauthorized access to publish fraudulent updates that by default are automatically pushed to all Chrome users who have the extensions installed. 

The Gmail phishing attack that played out across Google's billion-user email platform Wednesday afternoon was "particularly insidious" and created by someone with considerable skill, say cybersecurity experts.

The scam involved sending users a malicious link from what looked like a familiar contact; when users clicked it and logged on, the hacker gained access to their Gmail credentials, thereby getting the keys to the kingdom for a user's entire online life — and enabling the virus to replicate itself. While Google says it has fixed the problem, it still remains a mystery who may have launched the worm that quickly made the rounds online.

A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet.

He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users. What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right?

At least two smishing campaigns have hit iOS users in the past week, with over 7,500 users clicking the malicious links and ending up on phishing pages designed to con them out of their Apple login credentials.

Intel McAfee security experts first discovered something was wrong, when their security products started picking up suspicious SMS messages from a US number. These messages had the format of an email. Researchers say that users who clicked on this link ended up on a hacked website, where a message was displayed, telling them they had to verify their account as soon as possible, or Apple would lock it.

Scammers use stolen database of real Booking.com travel orders. Russian Booking.com customers received e-mails from fraudsters at the beginning of October. Scammers asked for prepayment in full for a previously booked room.

It should be mentioned that Booking.com never asks for payment up front. Customers got emails supposedly from Booking.com with real reservation number, dates and names of hotels. While studying customers’ correspondence, security researchers said the domain names used by scammers for sending letters were not sent by Booking.com or hotels.

A hacker group that appears to be residing in China has been targeting India and Southeast Asian nations in a bid to extract information about ongoing border disputes and other diplomatic issues.

Describing the hackers as part of an APT group, cybersecurity vendor FireEye said the attack campaign had been ongoing since 2011 and targeted more than 100 victims. The group would send spearphishing e-mails attached with Microsoft Word documents containing a script, which would create backdoor on infected machines. FireEye also detected the attacks in April 2015, a month ahead of India's premier Narendra Modi's first state visit to China.

In a new document leaked from Bitstamp, one of the more popular Bitcoin exchanges in the world, the company details how a phishing attack several months ago bereft the company of roughly $5 million at then-current prices.

Beginning around page nine of the leaked report, which is clearly marked confidential but is already floating around numerous mirror sites since its initial leak, the document details how the company discovered an "ominous" and large data movement of around 3.5 gigabytes from Bitstamp's server to an IP in Germany. The company determined that it was their wallet.dat file that had gone over the tubes from their servers to some unknown.