Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with scam
Showing posts in English
Sean Butler | 29 Oct 2014 06:04:06 GMT

spam_campaign_concept.jpg

Symantec has recently seen a spam campaign involving fake wire transfer request emails. While this technique is not new, and has had some coverage in the press this year, we have seen an increase in this type of spam recently.

The purpose of this type of email is very simple—to get the recipient to process a payment for non-existent goods or services by way of a wire or credit transfer. The scammers send an email to a target recipient, usually pretending to be from the CEO or a senior executive of an organization. The scammers will usually send the fake wire transfer emails to employees working in the finance department of a company, as those employees will have the ability to action payment requests.

Another tactic the scammers use...

Nick Johnston | 17 Oct 2014 20:01:12 GMT

In March 2014, we blogged about how Google Docs and Google Drive users were being targeted by a sophisticated phishing scam. In this scam, messages included links to a fake Google Docs login page hosted on Google itself.

We continue to see millions of phishing messages every day, and recently we saw a similar scam targeting Dropbox users. The scam uses an email (with the subject "important") claiming that the recipient has been sent a document that is too big to be sent by email, or cannot be sent by email for security reasons. Instead, the email claims, the document can be viewed by clicking on the link included in the message. However, the link opens a fake Dropbox login page, hosted on Dropbox itself.

Dropbox 1.png

Figure 1. Fake Dropbox login page
...

Satnam Narang | 01 Sep 2014 20:41:48 GMT

It’s all over the news—private photographs of celebrities, including Jennifer Lawrence and Kate Upton, were posted online over the weekend. As for how they were obtained, various reports have suggested the attacker gained access to the celebrities’ Apple iCloud accounts. Based on the widespread interest in this story, we are warning users about scams around this narrative.

Apple ID phishing
Whether or not iCloud was the point of compromise in this incident, scammers have been interested in stealing these credentials for some time. We previously wrote about email scams claiming to be from Apple support asking users to update or verify their Apple IDs (Apple IDs are used for setting up an iCloud account). These emails contain links to phishing websites that...

Satnam Narang | 05 Jun 2014 10:59:51 GMT

Dating back to last year, Symantec has been following a trend involving adult webcam spam on social networks, dating applications, and photo sharing applications. Our research found that no matter which platform it was found on, most adult webcam spam shared a common thread: it led users to a mobile messaging service called Kik.

What is Kik?
Kik is an instant messaging service available for all smartphone platforms. The service has more than 100 million users and is extremely popular with teenagers.

A recent history of adult webcam spam

Twitter
The first cross advertising for Kik spam made its way to Twitter towards the end of summer 2013. Spam bots would target specific keywords and send a reply when one was found. For instance, tweets with the word “horny” would be met with a response from a spam bot, posing as a female, containing the word “horny.” The message would ask the user to reply back...

Satnam Narang | 27 May 2014 16:21:34 GMT

image1_24.png

Symantec has discovered a paid retweet service targeting aspiring artists, managers and bands on Twitter with the promise of retweets from real users. These scammers are charging victims 50 cents for every "person" they hire to retweet every tweet for 30 days. Despite claiming that each account is operated by a real person, the service consists of little more than automated accounts, also known as Twitter spam bots.
 

image2_14.png

Figure 1. Retweet service offering pitched to managers of artists
 

As you would expect, numbers define popularity on social media—from the number of Facebook "likes" to the number of Twitter followers and Twitter retweets....

Satnam Narang | 30 Apr 2014 10:17:09 GMT

Late last week, Facebook users in India were tricked by scammers who were claiming to offer a tool that could hack Facebook in order to obtain passwords belonging to the users’ friends. Unfortunately for these users, they actually ended up hacking their own accounts for the scammers and exposed their friends in the process.

Figure1_11.png

Figure 1. Scam promoting how to hack your Facebook friends

Want to hack your friends?
A post began circulating on Facebook from a particular page featuring a video with instructions on “Facebook Hacking” with a disclaimer stating that it was for education purposes only. The post links to a document hosted on Google Drive that contains some code that, according to the scam, will allow users to reveal their friends’ Facebook passwords. The instructions attempt to convince the user to paste...

Satnam Narang | 09 Apr 2014 04:50:42 GMT

Over the last week, Instagram scammers have been posting images offering fake lottery winnings to followers. They have convinced users to share the posts, give up personal information, and even send money back to the scammers.

In this scam, a number of Instagram accounts have been created to impersonate real-life lottery winners from the UK and US. These accounts claim to offer US$1,000 to each Instagram user who follows them and leaves a comment with their email address.

figure1_20.png
Figure 1. Instagram accounts impersonating real-life lottery winners

The accounts impersonating lottery winners have been extremely successful, and have gained anywhere from 5,000 to 100,000 followers.

Once they have amassed a certain number of followers, they reveal a secondary Instagram account belonging to their “accountant”, who is in charge of...

Avdhoot Patil | 07 Apr 2014 07:25:58 GMT

Contributor: Parag Sawant

Phishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.

The phishing page, hosted on a free web hosting site, targets Facebook users and contains a fake voting campaign, “WHO IS GREAT BOYS OR GIRLS?” along with the “VOTE” button to register votes. The page is also embedded with pair of bar charts representing voting ratio and displays the total votes gained for the last four years. These give a more legitimate feel to the fake application.

figure1_1.jpg
Figure 1. The Facebook application asks users to register their votes

The first phishing page contains a button to initiate the...

Satnam Narang | 26 Mar 2014 08:37:40 GMT

In late January this year, eager fans purchased tickets for Coachella, an annual two-weekend, three-day music festival but were later targeted by scammers in a phishing campaign that persisted up till the end of February.

Front Gate Tickets, the company responsible for handling the festival’s ticketing had sent an email to ticket buyers at the end of February warning users on the phishing campaign stating:

“The phishing involved a fraudulent website designed to look like the login page for Coachella ticket buyers to access their Front Gate accounts, built in an attempt to capture username and password information.”

The email went on to explain that the phishing links were circulated on message boards and email campaigns, and that the perpetrators had harvested the email addresses of ticket buyers who posted them publicly on message...

Satnam Narang | 04 Feb 2014 03:00:30 GMT

Scammers are taking advantage of recent Super Bowl social buzz in a scheme that targets entrants of an Esurance contest. The company premiered a commercial following Super Bowl, where they offered US$1.5 million to one lucky Twitter user who used the hashtag #EsuranceSave30. Following this, Symantec Security Response has observed a number of fake Esurance Twitter accounts being created to leverage the attention generated by this contest.

Many of these Twitter accounts used variations of Esurance’s brand name and logo to convince users they are affiliated with the company. These accounts include the following Twitter handles:

  • EsuranceWinBig
  • EsuranceGW
  • Essurance
  • Esurrance
  • Esurnace
  • Esuranc

There are also other accounts that use logos and imagery making them look like they belong to Esurance, but their names have nothing...