False login pages are a common method of phishing login credentials from users. If a website look legit, it’s easy for your muscle memory to kick in and for you to start typing your username and password without checking that the URL is correct (or the website is legitimate).

Complicating matters is a new issue, recently profiled by developer Jim Fisher, that shows just how easy it is for a website to use a fake address bar to make you think you’re somewhere you’re not.

As the end of the year draws nearer, reports of scams have increased with scammers using increasingly sophisticated methods to part the unaware from their money. Recent scam reports take advantage of seasonal trends, with an uptick in scams impersonating the ATO or appearing to be about a package delivery. Here's all the dodgy emails and phone calls to look out for.

A newly discovered bug in Gmail makes it possible for senders to push email out while obfuscating the sender's address. The bug allows a sender to malform the "From:" header so that Gmail leaves the field unpopulated and the sender's name invisible even when the message is opened.

Here we go again. Radware's threat research group recently announced that more than 40,000 Facebook users were duped into downloading a "Relieve Stress Paint" application, via a crafty phishing email, that stole their login credentials and browser cookies while they pretend-painted in the app. Worse, the attack was clever enough to avoid being flagged by a typical antivirus app.

So, how can you keep your data safe in these instances? Let's review.

The Winter Olympics kick off in just a day or so. And while this is a time for everyone to become an expert in figure skating, luge and curling, it's also a major event. And that means threat actors are honing their email skills to prepare new phishing messages and other scams.

At some point, we've all been contacted by a Nigerian prince, long-lost uncle, or some guy that just can't manage to get a bank account with the promise that if we just make one small wire transfer we'll have millions in our account by morning.

Phishing attacks, wherein scammers pretend to be legitimate companies in order to trick you into handing over sensitive information such as usernames, passwords or credit card information, are getting more difficult to spot. Even Google is susceptible to more sophisticated attacks, which have popped up everywhere from email attachments to shared Google documents.

iOS: Security researcher Felix Krause is killing it this month, if "it" means iPhone users' sense of security. We recently covered two of his security warnings: If you give an app permission to use your camera, it can also track your location and even secretly take photos and videos. Now he points out that if you're not careful, any app could easily steal your Apple ID.

Most security reports are pretty dull. They tell the same story. The bad guys can get into almost any system, spend weeks or months there, exfitrate data and generally run amok. They use social engineering attacks or exploit vulnerabilities to find their way into networks. But the Carbon Black report, released today focusses on something else - the malware marketplace.

You'd think that programmers would be more savvy about online scams than your average computer user and that's likely true. Even so, Google felt it wise to contact Web Store developers about a current "phishing campaign" aimed right at them.

You get a new email that looks like it's from a friend, a company, a government official, or even a family member. All that's in that email is a link. You click it, because of course you do. You're taken to a login page, where you enter your credentials. Then, that site turns out to be fake and collects your password. Congratulations, you've been phished.

Oh God, a hacker's on the loose with a new (but familiar) Google Docs phishing scam, and journalists are in the crosshairs.

With a little know-how, most phishing scams are pretty easy to detect. This one, on the other hand, is devilishly clever and just might dupe you if you're not careful.

The autofill systems in browsers like Google Chrome, Safari and Opera, as well as plugins like LastPass, can be easily tricked into giving away your information on web pages. Here's how you can keep your personal information secure.

When employees are made to feel embarrassed about falling for social engineering attacks, they become counter-productive to their organisations' attempts to fend off cybercriminals, according to one security expert. Here's why.

While big organisations may be used to being targeted by various forms of online attacks, an increasing number of small businesses are falling victim to cybercriminals, according to a security expert from Cisco. He also shared some advice on how small businesses can better protect themselves online.

"Vishing", or voice-based phishing, is a method used by identity thieves to steal your credit card number and other personal information over the phone. Here's how to tell if a call is actually from a scammer, and the best way to handle the situation if you're not sure.

One of the most popular ways for cybercriminals to steal personal information is by using email phishing scams. Cybercriminals often use this method of attack to trick employees from large organisations into clicking onto malicious links so they can gain access to corporate networks that contain valuable data. Here are 10 tips on how to avoid becoming a email phishing victim.

Chances are if your email or social media account has ever been compromised, you accidentally gave your credentials to the scammers yourself. The most common way to infiltrate an account is called phishing, in which people trick you into handing over your login info to false websites that look legitimate.