How close can they get to you? So close that they can actually talk to you, no matter where in the world they are located? Nigerian 419 scams are not new and have been a nuisance to email users for years. Traditionally, Nigerian scammers have reached out to email users through text-based emails, Word documents, PDF documents, and are increasingly targeteting social networking sites. However, all of these techniques have one thing in common—rubbish stories of a huge money inheritance, kinship, and financial assistance that is communicated via typed messages.
Spammers are constantly in search of techniques that will allow them to reach users’ inboxes by beating anti-spam filters. Any deceit used is fair game for them. Recently, we noticed one such technique used by spammers to make their way into users’ inboxes exploiting VoIP (voice over IP) services. The spammers are creating fake accounts on sites providing VoIP services and then, using these fake...
We have already written about threats that can encrypt files or lock victims out of their computers in order to extract a ransom. Today I want to talk about yet another similar threat. It uses scare or nuisance tactics—similar to rogue antivirus programs—in an attempt to demand ransom from its victims.
Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits. The ad will cover part of the original Web page, as shown below.
The ad will stay on the screen even if the page is scrolled:
SMS phishing (“SMSishing”) occurs when you receive an SMS message that is purportedly sent from a reputable source, such as your bank, asking for personal details. Although SMSishing first started a few years ago, a couple of recent SMSishing attempts directed at some colleagues of mine provided a good opportunity to document the attack.
The attacks start when attackers use automated services that allow sending many SMS messages at once and send messages such as the following:
FRM:3106******@*********.com
MSG:H*****FCU Notice: Please contact us immediately at 6366******
Or:
FRM:F**
SUBJ:Alert
MSG:F****** Alert. Unusual activity - Call now at 1-(888)3**-****
In the above two cases, the bank names and phone numbers are censored, but the messages typically follow the same pattern of specifying a bank and that there is some type of urgent need for you to contact them. When you call the number you...
Hopefully the readers of the Security Response Blogs are well aware of advance-fee fraud, which is also known as a 419 scam. A 419 scam typically pops up disguised as an email from some member of a royal family from a country far away, trying to transfer large amounts of money to you. The story used in the fraud schemes doesn’t vary much these days. However, these advance-fee scams have evolved and adapted to all of the new information sources that are available, including social networks. Such as with the following example, which was seen a couple of times at the beginning of June this year.
The scammer searched in Facebook for people who have highlighted the fact that they are disc jockeys. Since it is likely that such people usually want to be found and are proud to be DJs, it is quite easy for an attacker to create a very targeted user list for his scam. Simply browsing and comparing dedicated user interest groups can reveal all of the necessary information.
In early June , Symantec reported that the FTC had worked with others to shut down the Internet service provider Pricewert LLC. While this was a good example of how security professionals can work together in the fight against cybercrime, spam volumes remained at a very high level throughout June, averaging 90 percent of all email messages. The recent passing of Michael Jackson and the subsequent public interest is yet another example of how spammers are willing to use any notable event as a cover to distribute their messages.
Click here to download the July 2009 State of Spam Report, which highlights the following trends:
Different Faces of Michael Jackson Spam and Malware
Fourth of July Holiday Brings Fireworks and More Spam Campaigns
In the present scenario, when more people are paying attention to the risks and have taken the proper steps needed for increased security, fraudulent sites are easily visible when not using SSL. However, a recent attack spotted by Symantec was using a legitimate SSL certificate to masquerade as a legitimate site. Fraudsters continue to use these kinds of techniques to perpetuate identify theft and these particular attacks aren’t as noticeable.
Over the last thirty days, Symantec has observed the highest number of URLs abusing SSL certificates for the last year. A single compromised Web server with an SSL certificate can be used to host a broad range of phishing sites that can have a higher success rate, in that the visitors erroneously believe that they have a secure connection with their intended site.
Fraudsters have targeted the users of major brands by compromising Web servers with SSL certificates so that the fraudulent pages display the familiar lock icon...
