Phishing attacks jeopardize users’ personal information, including banking credentials. The huge gain that Internet miscreants receive from these attacks drives them to think of newer and more effective bait to phish users’ personal data. To carry out their plans, spammers most commonly abuse new security services/features provided by legitimate companies.
Many financial institutions have already started providing a pin/password generator device (also known as “secret reader”) for their customers to conduct secure online transactions. The device generates random pin codes after a specified interval of time. In a recent phishing attack the fraudsters promoted a similar secret reader.
This fake message claims that a bank has developed a secret reader that generates a password of 10 alphanumeric characters. The message also targets existing customers who are already using this device provided by the bank, and informs them that existing device will...
Scammers based in Nigeria have long been known for using legitimate email formats for spreading infamously fraudulent 419 messages. We have already monitored e-card services, social networking invites, and various other services provided on social networking sites. Yet another example is a calendar service being abused for sending scam messages.
Sadly there is an addition to this list, where the “send link to friend” service is exploited for sending scam messages. Many news websites provide an option to send news links to another person. A text area is also provided to write personalized messages. It is a general tendency of netizens to share important news with friends by forwarding the links along with their comments on the news. In a recent spam attack we monitored a typical 419 scam message injected into the text area of a news article. With this, scammers smartly introduce a scam message in an otherwise very legitimate looking mail.
How close can they get to you? So close that they can actually talk to you, no matter where in the world they are located? Nigerian 419 scams are not new and have been a nuisance to email users for years. Traditionally, Nigerian scammers have reached out to email users through text-based emails, Word documents, PDF documents, and are increasingly targeteting social networking sites. However, all of these techniques have one thing in common—rubbish stories of a huge money inheritance, kinship, and financial assistance that is communicated via typed messages.
Spammers are constantly in search of techniques that will allow them to reach users’ inboxes by beating anti-spam filters. Any deceit used is fair game for them. Recently, we noticed one such technique used by spammers to make their way into users’ inboxes exploiting VoIP (voice over IP) services. The spammers are creating fake accounts on sites providing VoIP services and then, using these fake...
