A typical phishing email message tries to represent (falsely) a single institution. For example, a spammer sends a phishing message, forging the email to appear as if it’s from a financial institution. The recipient is then asked to enter personal information for some fictional reason (for example, “verify your identity”). In an effort to obtain as much information as possible about the unsuspecting user, the spammer usually asks for more information than what is asked at a legitimate website. While a legitimate site may only ask for username and password, a phishing site usually seeks additional information such as a credit card or pin number, mother’s maiden name, and/or a social security number. Once the user hits the “submit” button, the private information is sent into the hands of criminals.
Symantec has recently observed a spam message that is pretending to be from HM Revenue & Customs in the United Kingdom. The message is very...
During one of my recent journeys around the Internet there was a particular ad being displayed on a website that caught my attention. The type of ad I am referring to wasn’t a totally new concept—ads like it have been running on websites for years, and actually found their start in print in the decades previous. You must have seen them. These are the ads that promise incredible monetary returns for working from home, but without doing a lot of work. Recently, this site and many others have been serving "Google pays me $5k a month" ads:
These particular ads usually redirect users to one of the following sites:
The bad guys deserve recognition for being ever mindful of significant events and the recent scheme of phishing attacks doesn’t leave us surprised. Symantec recently observed a fresh round of phishing scams targeting the Australian Taxation Office (ATO) at the closing of the financial year.
The opportunistic scammers are distributing phishing emails that falsely claim to be from the ATO, offering online tax refunds. The email bears the tax office logo and a lure to visit the phishing link for the phony tax refund request:
The scam emails have a From and Subject header such as the following:
From: Australian Tax Office <admin@ato.gov> Subject: ATO Notification-...
Well, it looks like phishers are now focusing their efforts on Facebook. Symantec has observed that a current method of attack sends a message to a victim's Facebook account "Inbox," as well as an email notification with the subject "Hello" or "Hi.” The email appears to have come from the victim's friend and includes text asking the user to visit an obscure URL link. Apparently, the link takes the user to a fake login page of the popular Facebook site.
Similar to the last week's “.im” and “.at” domains, this time the domains used are of the type “.be”. If you see a similar email or notification, do not click on any such .be, .im, or .at links, or enter in your Facebook username and password. Attackers will try to steal your login credentials so that your account can be used to launch future attacks—making you infamous within your Facebook circle of friends for inadvertently sending that message and...
Hold on! I am not with the fraudsters, nor am I praising the bad guys. It’s just something about the concepts they come up with. In order to acquire sensitive information such as usernames, passwords, and credit card details, fraudsters usually masquerade as a trustworthy entity using electronic communication. But, thanks to numerous “phishing awareness” online programs, the number of people that were not fooled and took no action on phishing email rose from 75 percent in 2006 to 82 percent 2007 (survey conducted by SC Magazine).
After the run-on-the-bank issues that impacted most major banks during the 2008 global financial crisis, e-money/e-wallet stored value services came into highlight. In simple terms, an e-wallet functions much like a physical wallet, but it provides security, efficiency, and added utility to the end user and above all, it is not susceptible to the run-on-the-bank issues. The main reason for its popularity is because, unlike banks,...
