Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Messaging Gateway
Showing posts in English
Football Phishing Fever Continues
Mathew Maniyara | 05 Dec 2012 23:52:35 GMT | 0 comments

Contributor: Avdhoot Patil

Several phishing attacks using football have been observed during 2012. Phishers have shown their interest in football clubs, football celebrities, and the 2014 FIFA World Cup. In November 2012, the trend continued with phishers spoofing the 2014 FIFA World Cup in Brazilian Portuguese on a free web hosting site.

In one example, a phishing site prompted users to sign up for a  daily offer to win prizes worth hundreds of dollars, including trips to the World Cup. The phishing page featured the World Cup mascot Fuleco on the right hand side. While signing up for the offer, the user is asked to select from three Brazilian electronic payment brands. After the brand is selected, the phishing site requests the user’s confidential information.

The information required includes the user's:

  • Card number
  • Electronic signature
  • Card holder name
  • Password
  • Email address...
Read more
Browser Add-ons Add Fraudulent Data
Mathew Maniyara | 29 Nov 2012 06:53:37 GMT | 0 comments

Contributor: Wahengbam RobinSingh

Phishers continue to devise diverse strategies to improve their chances of harvesting users’ confidential information. Symantec constantly monitors and keeps track of these phishing trends. In November 2012, Symantec observed a phishing site that loaded a malicious browser add-on. The malicious add-on, if installed, would lead users to phishing sites even when a legitimate website is entered in the address bar. Phishers utilized a typosquatting domain to host the phishing site and their primary motive in this strategy was financial gain. The phishing site spoofed a popular e-commerce website.

Figure 1. Browser prevents automatic installation of the malicious add-on

 

The phishing site detects the...

Read more
Thanksgiving & Black Friday On Spammers’ Radar
Anand Muralidharan | 15 Nov 2012 13:22:37 GMT | 0 comments

Some events familiar among people in the United States are commencing this month, including: Thanksgiving—a great occasion to thank dear friends and family for their kindness; and Black Friday—a day after Thanksgiving, usually the busiest retail shopping day of the year. Spam messages related to these events have begun flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of e-cards, clearance sales of cars and trucks, products bidding to get the best deals, replica watches. Clicking the URL will automatically redirect the user to a fake offer website.
 

Figure 1: An e-card for Thanksgiving...

Read more
Christmas Would Not Text You That Early
Candid Wueest | 13 Nov 2012 21:39:34 GMT | 0 comments

Even with mobile phones now being an essential part of our lives, I am still not used to receiving text message spam. Hence, I was kind of excited when I recently received one on my private number. The claim was that I had won something from Apple. The spam was sent from a number in Virginia, +1 540 514 [REMOVED], and it looks like the scam is currently run in a few different countries.
 

Figure 1. Swiss German version of scam text message
 

If you click on the link, which you obviously should not do, you will end up at a site that tells you that your gift is a brand new iPhone 5. All you have to do is enter the winning code that you received in the text message. The text is badly written with several spelling errors, just like in the old...

Read more
You Have Received a Christmas Card
Anand Muralidharan | 08 Nov 2012 23:03:41 GMT | 0 comments

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the "Christmas Card.zip" attachment. After opening the attachment, the malicious code is downloaded on to the user's system. Symantec detects the attachment as W32/AutoRun.BBC!worm.
 

Figure 1. Christmas card example
 

As expected, spammers are promoting fake offers by targeting specific categories, including:

  • Products
  • Health
  • Internet
  • Finances
  • Replicas
...
Read more
Sandy Storms Inboxes
Samir_Patil | 31 Oct 2012 14:30:39 GMT | 0 comments

Hurricane Sandy, one of the most devastating Superstorms in decades, hit the US East coast. Causing the loss of lives and businesses and leaving countless people without electricity, Sandy has now added spam to its list of misery. We are observing spam messages related to the hurricane flowing into Symantec Probe Networks. The top word combinations in message headlines are "hurricane – sandy", "coast – sandy", "sandy – storm", and "sandy – superstorm."

Figure 1. Message volume over a two-day period

Typical spam attacks like "Gift card offer" and "Money making & Financial" spam are currently targeting the disaster. Below are the screenshots of some spam samples.

...

Read more
Tricks, Treats, and Halloween!
Samir_Patil | 30 Oct 2012 11:16:13 GMT | 0 comments

In a couple of days we will be celebrating Halloween. Some of us will be booking family trips, others will be preparing for themed parties with interesting costumes and fun games. To make it easy for their customers, various online companies offer goodies along with Halloween necessities. You might even receive emails from them regarding discounts and freebies. However, in a frenzy to get ready for this long awaited event, do not get carried away if suddenly you see an out of this world offer like the ones listed below.

While some organizations will offer reasonable discounts, others offer the sun and the moon in lieu of your purse or your personal details. Spammers have laid snares for unsuspecting Internet users ready to fall for these offers.

For example, you might decide to shop around for a new car this Halloween or you might want to do some last minute online purchases for your child. Spammers, keeping these needs in mind have already prepared an array of...

Read more
Spam with .gov URLs
Eric Park | 19 Oct 2012 17:01:26 GMT | 0 comments

Symantec is observing an increase in spam messages containing .gov URLs. A screenshot of a sample message is below:
 


 

Traditionally, .gov URLs have been restricted to government entities. This brings up the question of how spammers are using .gov URLs in spam messages.

The answer is on this webpage:

1.USA.gov is the result of a collaboration between USA.gov and bitly.com, the popular URL shortening service. Now, whenever anyone uses bitly to shorten a URL that ends in .gov or .mil, they will receive a short, trustworthy 1.usa.gov URL in return.

While this feature has legitimate uses for government agencies and employees, it has also opened a door for...

Read more
Scammers Love Football and Social Media Themes
Mathew Maniyara | 28 Sep 2012 14:48:20 GMT | 0 comments

Contributor: Avdhoot Patil

Phishers have recently gained a lot of interest in football. After the scam on the 2014 FIFA World Cup, they have set their eyes on footballer Lionel Messi. In September 2012, Symantec observed the use of various social-networking themes in phishing. A number of these themes featured Lionel Messi. The phishing sites were hosted on free web-hosting sites.

In the first example, the background image of the phishing site was of Lionel Messi and the theme promoted football club Barcelona FC. On the other hand, the legitimate social-networking site in question does not provide users with any theme. End users were prompted to login in order to gain access to Messi’s social networking page. Of course, this is only a ploy and there is no gain for users from a phishing site. After the login credentials are entered, the phishing site redirected to the...

Read more
Phishers Kick Off 2014 FIFA World Cup
Mathew Maniyara | 13 Sep 2012 20:09:55 GMT | 0 comments

Co-Author: Ashish Diwakar

The next FIFA World Cup is scheduled to take place in June 2014 in Brazil and phishers have already taken the opportunity to promote the event. World Cups are a favorite of phishers, as observed in the phishing sites focused on the 2010 FIFA World Cup and the 2011 Cricket World Cup. In September 2012, phishing sites spoofed a popular Brazilian credit and debit card company using the 2014 FIFA World Cup as bait.
 


 

The phishing sites were in Brazilian Portuguese. A number of the phishing sites featured Brazilian footballer Neymar da...

Read more