Tax return scammers usually strike early in the year, when they can turn the personal information of victims into fraudulent tax refund claims. But members of Akamai's threat research team found a recent surge in "off-season" phishing attacks masquerading as notices from the Internal Revenue Service, targeting over 100,000 individuals. The attackers used at least 289 different domains hosting fake IRS websites—the majority of them legitimate sites that had been compromised. This wave of attacks came as the October 15 deadline for people who had filed for extensions approached.
According to a post by Akamai's Or Katz, the phishing campaigns kicked off in the second half of August, with the majority of victims targeted between August 22 and September 5. But the campaigns continued to be launched into early October. Each of the fake websites used visually identical HTML pages, with randomly generated style tags and other content, in an attempt to throw off signature detection by security software.
Most of the domains were active for fewer than 20 days. However, a significant number of them remained active after a month—undetected by the owners of the sites. "The lack of maintenance on legacy websites, as well as the challenges of patching and removing injected content, explains the duration over which phishing pages can remain active," Katz wrote.
LOS ANGELES—Buzz. Crozz. Buggy. Vizzion. And now Space Vizzion. No, I haven't overdosed on the letter Z; those are the slightly wacky names for a series of not-at-all-wacky electric ID concept cars from Volkswagen, the newest of which was just unveiled on Tuesday night in Los Angeles. The ID Space Vizzion is the latest installment in an electrification push from one of the world's largest automakers, one aiming to sell 20 million electric cars worldwide over the next 10 years.
Volkswagen Group had little choice but to embrace electric powertrains in the aftermath of dieselgate—the alternative would be failing to meet 2021's European CO2 rules, which would result in billions of dollars in fines. Audi and Porsche, the two big premium brands within the group, got their battery EVs to market first. The first of these—the Audi e-tron—is mainly a stop-gap, a Q8 with batteries and two electric motors in place of the normal internal combustion engine stuff. The Porsche Taycan had an extra year to gestate, and is all the better for it, a mostly clean-sheet design that's wowed everyone who's driven it.
Meanwhile, over at VW (the brand, not the group) the engineers were working on MEB (Modularer E-Antriebs-Baukasten, or Modular Electrification Toolkit), which it will use to build millions of BEVs over the next decade. VW has long embraced the use of modular architectures; its current MQB (Modularer Querbaukasten, or Modular Transverse Toolkit) gives rise to such diverse cars as the VW Atlas and Audi TT-RS. And MEB should be even more flexible, as the various ID concept cars have shown.
Social media firms must provide data from the accounts of a teenager who killed herself, a coroner says.
Traveling can be a fun, illuminating experience, but packing for your travels is often stressful. Everything you choose to bring with you on your excursions must have a purpose, because unnecessary items do not belong in anyone's cramped suitcase. Whether you're traveling for business or pleasure, it can be difficult to decide which pieces of tech deserve to come with you and which you only think would be useful.
It can also be hard to find gadgets that are suitable for travel—devices that work even more efficiently when you're not in your normal environment. To combat this, Ars has picked out some of the best travel tech gifts that will be solid additions to anyone's travel bag. All of the items below we've personally tested or reviewed, so we're confident saying that none of these devices will end up languishing, abandoned, at the bottom of your suitcase.
Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs.
Two 17th-century shipwrecks on the bottom of a busy Swedish shipping channel may be the sister ships of the ill-fated Vasa. Archaeologists with Sweden's Vrak—Museum of Wrecks discovered the vessels in a 35-meter-deep channel near Stockholm during a recent survey. Neither wreck is as well-preserved as Vasa (to be fair, there are probably ships actually sailing today that aren't as well-preserved as Vasa), but they're in remarkably good shape for several centuries on the bottom.
Studying the wrecks could reveal more details about how early naval engineers revised their designs to avoid another disaster like Vasa.Hiding in plain sight
The wrecks may be the remains of two of the four large warships Sweden's King Gustav II Adolf built in the 1620s and 1630s. The earliest of the four ships, Vasa, had a first trip out of port in 1628 that ended in disaster; the top-heavy vessel caught a gust of wind and leaned over far enough to let water rush in through open gun ports. King Gustav's prized warship sank just a few dozen meters offshore in front of hundreds of spectators, killing half the crew onboard.
Software designed to curtail excessive play has come to all gambling machines in betting shops.
The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.org said on Tuesday.
The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the miss-matching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.
"It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."
Twitter said the stunt was misleading to the public and would not be tolerated in future - but did not take any direct action.
Alexa chief discusses plans to make the virtual assistant more useful when used outside the home.