Hopefully the readers of the Security Response Blogs are well aware of advance-fee fraud, which is also known as a 419 scam. A 419 scam typically pops up disguised as an email from some member of a royal family from a country far away, trying to transfer large amounts of money to you. The story used in the fraud schemes doesn’t vary much these days. However, these advance-fee scams have evolved and adapted to all of the new information sources that are available, including social networks. Such as with the following example, which was seen a couple of times at the beginning of June this year.
The scammer searched in Facebook for people who have highlighted the fact that they are disc jockeys. Since it is likely that such people usually want to be found and are proud to be DJs, it is quite easy for an attacker to create a very targeted user list for his scam. Simply browsing and comparing dedicated user interest groups can reveal all of the necessary information.
There are hundreds of ready-for-use phishing kits available on the Internet. At the beginning of this month, a list with more than 400 links had been circulated on mailing lists and forums. Some kits are a compilation of different sophisticated scripts that can spoof many different brands at once and sometimes even bypass two-factor authentication schemas. However, the vast majority are simply archived copies of the original Web site, modified to include a small PHP script that will send the stolen credentials to an email account.
We know that not all phishers have a Ph.D. in the art of phishing; therefore, you can sometimes find some interesting and funny pieces of code in phishing kits found on the Internet. As Easter is coming up soon, I decided to compile a top five list of the funniest Easter eggs that I have seen in phishing kits lately.
In 5th place: Local image paths Sometimes, phishers do not check if all links are converted correctly....
It is surely of no surprise, especially toregular readers of our Weblog, that not only banks are targeted byphishing attacks, but nearly anything that can be scammed. We alreadycommented on the rise in attacks targeting virtual worlds andespecially massively multiplayer online role-playing games (MMORPGs) inearlier posts. The growing market for virtual currency and playeraccounts does attract new scammers. It’s the nature of things that ifsomething becomes popular to use, it will also become popular toattack.
There was no exclamation of surprise then (a.k.a. Wow!) when I sawthe latest phishing email for World of Warcraft. In general, itattempted to get a reaction from me by telling me that my account wastemorarly suspended and that I need to log in to verify my details.Well actually, I would rather not log in to unlock my account but hey,it’s their story, not mine.
Well, we all know that playing games can influence your real life,even if it’s just the lack of sleep you get from spending whole nightsplaying online games. But there’s more to it. There are several crucialpoints that have to be considered when running around virtual fieldswith your character. Unfortunately, as in life, some people don't playby the rules.
Sometimes those virtual worlds are not as peaceful as one mightthink or hope. You, or more precisely your avatar, might getblackmailed for protection money or bullied by others. Destruction ofvirtual goods can happen if you don’t pay. The discovery of weapons ofmass destruction in Second Life confirms this point. (Yes, they doexist; search for “Jessie Massacre” if you don’t believe it.)
But, there are other entrapments to watch out for. We already reported on gold farming and the problem with in-game spam in a...
Have you ever “ego-Googled” yourself? That is, looked yourself up onGoogle? Chances are, if you haven’t, others have. Your employerprobably did it before hiring you, so it can’t be that bad, right? Butare you really aware of all the information that is available onlineabout you?
Nowadays, of course, one of the easiest ways to data-mine somebodyis to look them up on the many social networking sites that have sprungup over the past few years. These sites are hugely popular and you findthem for nearly every user group. You can find old buddies from schoolthat you’ve lost touch with, connect with people that listen to thesame music as you, or post your CV to attract a new employer.
For sure, they can be useful. And I admit that I, too, have usedthem several times. Sometimes it can even be very amusing. For example,I once received an email from a headhunter. Besides offering me aposition, she complained she couldn’t reach me on my listed phonenumber: ++1 234 567 890. What...
“Because that's where the money is” was apparently the reason givenby Willie Sutton when asked why he kept robbing banks. Even though thatstatement may be correct, Willie Sutton never said it like this – as heexplains in his book “Where the Money Was.” Still, it evolved into oneof those urban myths, quoted many times. But there is an even betteranalogy to be made between the life of this bank robber from the 1940sand today’s online crime.
One of his nicknames was “The Actor,” which he gained aftercommitting robberies in broad daylight, impersonating trustedpersonnel. He varied his disguise from telegraph messenger tomaintenance man to policeman. He had realized that an acetylene torchwas not the best way into a safe – it was much easier to abuse people’strust, as no one really expected such assaults from within their ownranks. It was like an insider job, but without actually belonging tothe team in the first place. Those old-school social engineering tricksare comparable...
Recently, some people received quite a shock while doing their normal online banking business, as reported by Heise news. While browsing their bank’s Web site, they suddenly noticed that an international phone number and a country flag were integrated into the transaction page.
From that point on, the reaction of different users will vary. You might call me pessimistic, but I assume some people would not question it (if they noticed it at all), and would continue with their normal online banking transactions. The same people might also fall for general phishing email attacks. Afterall, user awareness is not yet universal.
Security-savvy users, however, would identify this as a phishing attack of some sort and stop their current online banking session immediately (after taking some screenshots, of course). They would then call up the bank to tell them that a new kind of phishing attack...
Another Valentine’s Day has passed and everyone knows that there are certain guidelines that should be followed on this day of love. Over the years, I've developed a top three list of recommendations: • Don’t forget Valentine’s Day. • Don’t forget to get in touch with your loved ones. • Don’t open any strange email attachments, not even if they seem to come from a secret admirer and have a special greeting card attached.
But after the stories I heard this year around Valentine’s Day, it appears I'll need to add new advice to my top three list. Apparently many people received a suspicious text message on their mobile phone this Valentine’s Day. The text message came from an online love message service, which lets you record a message onto a central voice recording machine that can be dialed into. The service then sends a timed SMS to your friend, who can collect the recorded message by calling a number. Of course you have to pay around US$ 4 per minute for...
Phishing attacks evolved from simple email attacks quite a long time ago. These days, we still see many attacks with obfuscated links and spoofed Web sites, but the emerging threat is in phishing malware. Even in the malware domain we have seen further developments, from basic key logging to session modification Trojans. The attacks are becoming more sophisticated in order to circumvent the current prevention methods.
Take, for example, the Trojan.Satiloler family. This threat monitors traffic that is sent and received by a Web browser. It can inject script code into received Web pages before they are passed to the user’s browser. If the Trojan finds a predefined online banking Web site, it replaces all of the Web form submit functions with its own functions. This enables the Trojan to control the information flow on that particular site without the user noticing. If a...
The amount of email I have received lately regarding "making easy money from home" has increased tremendously. These “job offers” all have two things in common; you are required to have an online bank account and you must be able to check email frequently. In return for these requirements there are promises that large amounts of money can be made, usually five to ten percent in commission for every payment forwarded to the company headquarters.
To make it even more convincing, fake companies are created and complete Web sites with job offers and background information are generated. Interested parties receive convincing job offers with social benefits and health care plans. So, what's behind it? As you have probably guessed by now, these are recruitment emails from phishers. They are constantly searching for "money mules" that will receive payments from stolen accounts and then transfer the cash back to the real attacker. Many phishers are swimming in...
