Co-author: Avdhoot Patil

Celebrity promotion has gained momentum in the world of phishing. In October 2011, we observed Indonesian rock star Ahmad Dhani was being used as phishing bait and phishers continue their stream of celebrity bait with popular singers Selena Gomez and Demi Lovato. Celebrities with a large fan following are phishers’ favorites (because they believe a larger audience will mean more duped users).

In today's example, phishers created phishing sites that spoofed the login pages of a popular information services website. The phishing pages contained a picture of the singer and the page altered to give the impression that users could gain access to additional content about the celebrity after entering their own login credentials. It should be noted good websites will never alter the format of their login page for celebrity promotions. After the...

Thanks to the co-author of this blog, Avdhoot Patil.

In the month of January 2011 Symantec reported adult scams that targeted Indonesian Facebook users. These scams claimed to have an application in which users could view adult videos of Indonesian celebrities, taken from hidden cameras.

It seems that phishers are now using specific celebrities as bait for their phishing sites. This is unlike the previous Indonesian adult scams whose phishing pages gave the impression that the adult video would be of a random celebrity. In October 2011 phishers continued their adult scams on Facebook, but this time they chose the Indonesian rock star Ahmad Dhani in particular. Dhani is the frontman of the rock bands “Dewa 19” and “Ahmad Band”. The phishing site contained a photograph of Ahmad Dhani and Indonesian singer Dewi Persik. The Indonesian caption of...

Contributor: Anand Muralidharan

The sad news making the rounds these days is the death of Steve Jobs, Apple Co-founder and former CEO. His death has been a terrible loss to both Apple and Apple fans everywhere.

Spammers are capitalizing on this incident by sending malicious links related to the news of Steve Jobs’ death. Below is a screenshot of one such spam email containing a malicious link:

More malicious links found relating to death spam are:

http://[removed]com/pink.html
http://720[removed].info/habit.html
http://ebuy[removed].com/kids.html
http://[removed].com/grain.html

All these websites contain obfuscated code leading to a BlackHole exploit. Most of the domains are recently registered, however a few of the older domains look quite legitimate and seem to be hijacked.

Below are the Subject lines which have been...

Thanks to Shravan Shashikant and the Norton Confidential Online team for providing the data, and to Christopher Mendes for compiling it.

Does phish taste better than spam? Yes, perhaps it does. Allow me to explain.

The recent past has been one of the most volatile financial periods in history. World economies have reached a very critical stage—sovereign debt crises, bailouts, loan defaulters causing banks to shiver, sales shrinkages causing trade surplus, and bankruptcies. Add to all of this the fears of a double-dip economic recession theory making the rounds and it looks like a really dreadful picture.

But how does this affect the consumer from the point of view of email security? The consumer is the fulcrum point, the hinge of the story! All these negatives hits consumer spending in a very big way. The first wave of recession had definitely dented consumer confidence, and with the “Double Dip” theory lurking on the horizon it...