CAPTCHAs – the questions that a website asks you to answer to prove if you’re a human being or not – come in many shapes and forms.
Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you tosolve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages.
As a keen chess player, I was interested to see this CAPTCHA being used on an online chess forum:
Okay, so it’s not much of a challenge if you’re a chess player, but it also clearly locks out any users who do not know how to play chess. (For those of you can’t see the checkmate, the answer is upside-down at the bottom of this article – and make sure to realise that Black is playing from the bottom)
But most importantly, if a CAPTCHA system like this were to become widely-used, how tricky would it be for an automated bot to solve the puzzle?MORE
SophosLabs is intercepting a spammed-out malware campaign, pretending to be an email about a revealing photo posted online of the recipient.
The emails, which have a variety of subject lines and message bodies, arrive with an attached ZIP file (IMG0893.zip) which contains a Trojan horse.
Subject lines used in the spammed-out malware campaign include:
- RE:Check the attachment you have to react somehow to this picture
- FW:Check the attachment you have to react somehow to this picture
- RE:You HAVE to check this photo in attachment man
- RE:They killed your privacy man your photo is all over facebook! NAKED!
- RE:Why did you put this photo online?
The message bodies contained inside the email can also vary. Here are some examples:
- Hi there ,
I got to show you this picture in attachment. I can't tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who's that dude??.
- Hi there ,
I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today... why did you put it online? wouldn't it harm your job? what if parents see it? you must be way cooler than i thought about you man :)))).
- Excuse me,
But i really need to ask you - is it you at this picture in attachment? I can't tell you where I got this picture it doesn't actually matter... The question is is it really you???.MORE
If you’ve an unauthorised party has logged into your Facebook account, then you’re far from alone.
New official statistics revealed by the social networking giant reveal that 0.06% of the more than billion logins that they have each day are compromised.
Put another way, that’s more than 600,000 per day – or, if you really like to make your mind melt, one every 14 milliseconds.
The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm.
The new security features include Trusted friends (called “Guardian angels” in the infographic). Read the rest of this entry »
One of the most effective techniques anti-spam products have to block spam messages from reaching your inbox is reputation filtering.
What do you do if you are a spammer? Figure out a way to get a legitimate mail provider to deliver your messages for you…MORE
With British students about to start another year at university, the last thing they probably want to hear is that there is a problem with a student loan.
But that’s precisely the camouflage that online scammers are using to steal personal information today.
An email, claiming to come from Directgov UK, tells students that there is a problem with the online account for their student loan, and they need to update their account urgently.
Here’s a typical spammed-out message we’ve seen in our traps:
Student Loan Update.
Dear Student Finance Customer.
We at HM Government noticed your Student loan online log in details is incorrect and need to be updated.
DOWNLOAD THE ATTACHMENT TO UPDATE YOUR ACCOUNT NOW
Inline Verification. Directgov UK.
Student Loan Update.html
Clicking on the HTML attachment is not a good idea, however, as it will urge you to enter your details which are then sent via a website to the phishers.
Sophos products block the message as spam, and block the webpage that the HTML form is attempting to post the personal information.
Remember to always be suspicious of unsolicited attachments. Also, I would hope that a good student would have noticed the grammatical mistake in the phisher’s email..