Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Online Fraud
Showing posts in English
Eric Park | 16 Apr 2014 12:58:18 GMT

A variation on the 419 email scam is being used by fraudsters to take advantage of couples desperate to adopt a child. Once they are carefully lured into a fake adoption process, the victims are then asked for money to cover legal and administrative fees.

While most recent 419 scams rely more on the naivety of victims than any ingenuity on the part of the spammer, some fraudsters are beginning to make more of an effort to directly communicate with the victim to secure their confidence. Their scams are well researched, convincingly presented and may borrow stories from real life to make their stories more authentic and better able to withstand a little scrutiny.

While fake adoption scams have been seen from time to time before, in this instance Symantec observed real life...

Avdhoot Patil | 11 Apr 2014 11:11:40 GMT

Politicians are frequently featured on phishing sites and in light of the ongoing general election in India, phishers are starting to target Indian users by using a local politician and his party as bait. 

Symantec recently observed a phishing site which spoofs Facebook’s appearance and includes Arvind Kejariwal, the former chief minister of New Delhi and leader of the Aam Aadmi Party. The phishing site was hosted on servers based in Lansing, Michigan in the US. 

figure1_facebookspam.png
Figure 1. A fake Facebook “like” button and a picture of Arvind Kejariwal on the phishing site

As seen in the previous image, the phishing site, titled “Unite With Us Against Corruption”, uses a poster of the Aam Aadmi Party along with a fake Facebook “like” button. The site’s background image is a picture of the party’s leader Arvind Kejariwal...

Satnam Narang | 09 Apr 2014 04:50:42 GMT

Over the last week, Instagram scammers have been posting images offering fake lottery winnings to followers. They have convinced users to share the posts, give up personal information, and even send money back to the scammers.

In this scam, a number of Instagram accounts have been created to impersonate real-life lottery winners from the UK and US. These accounts claim to offer US$1,000 to each Instagram user who follows them and leaves a comment with their email address.

figure1_20.png
Figure 1. Instagram accounts impersonating real-life lottery winners

The accounts impersonating lottery winners have been extremely successful, and have gained anywhere from 5,000 to 100,000 followers.

Once they have amassed a certain number of followers, they reveal a secondary Instagram account belonging to their “accountant”, who is in charge of...

Avdhoot Patil | 07 Apr 2014 07:25:58 GMT

Contributor: Parag Sawant

Phishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.

The phishing page, hosted on a free web hosting site, targets Facebook users and contains a fake voting campaign, “WHO IS GREAT BOYS OR GIRLS?” along with the “VOTE” button to register votes. The page is also embedded with pair of bar charts representing voting ratio and displays the total votes gained for the last four years. These give a more legitimate feel to the fake application.

figure1_1.jpg
Figure 1. The Facebook application asks users to register their votes

The first phishing page contains a button to initiate the...

Satnam Narang | 26 Mar 2014 08:37:40 GMT

In late January this year, eager fans purchased tickets for Coachella, an annual two-weekend, three-day music festival but were later targeted by scammers in a phishing campaign that persisted up till the end of February.

Front Gate Tickets, the company responsible for handling the festival’s ticketing had sent an email to ticket buyers at the end of February warning users on the phishing campaign stating:

“The phishing involved a fraudulent website designed to look like the login page for Coachella ticket buyers to access their Front Gate accounts, built in an attempt to capture username and password information.”

The email went on to explain that the phishing links were circulated on message boards and email campaigns, and that the perpetrators had harvested the email addresses of ticket buyers who posted them publicly on message...

Eric Park | 18 Feb 2014 18:34:22 GMT

In this blog detailing how spammers continue to change their messages in order to increase their success rate, we looked at the evolution of the same spam campaign from missed voicemail messages to spoofing various retailers, and then spoofing utility statements. Clicking on the link led the users to a download for a .zip file containing Trojan.Fakeavlock. Attackers may have realized that those attack vectors no longer entice recipients, so spammers have introduced two new schemes for this campaign that appear to be random and unrelated at first, but they do share a common goal.

The first scheme spoofs various courts around the country:

...

Eric Park | 11 Feb 2014 17:55:34 GMT

One of the most popular methods of spamming is snowshoe spam, also known as hit and run spam. This involves spam that comes from many IP addresses and many domains, in order to minimize the effect of antispam filtering. The spammer typically sends a burst of such spam and moves to new IP addresses with new domains. Previously used domains and IP addresses are rarely used again, if ever.

Some spammers like to use a similar pattern across their spam campaigns. This blog discusses a particular snowshoe spam operation that I have labeled “From-Name snowshoe”. While there are other features in the message that allow the campaigns to be grouped into the same bucket, the messages’ most distinct feature is that all of the email addresses that appear in the “from” line use real names as their usernames. 

  • From: [REMOVED] <Leila.Day@[REMOVED]>
  • From: [REMOVED] <CharlotteTate@[REMOVED]>
  • From: [REMOVED] <Diana.Pope@[REMOVED]>
  • ...
Satnam Narang | 04 Feb 2014 03:00:30 GMT

Scammers are taking advantage of recent Super Bowl social buzz in a scheme that targets entrants of an Esurance contest. The company premiered a commercial following Super Bowl, where they offered US$1.5 million to one lucky Twitter user who used the hashtag #EsuranceSave30. Following this, Symantec Security Response has observed a number of fake Esurance Twitter accounts being created to leverage the attention generated by this contest.

Many of these Twitter accounts used variations of Esurance’s brand name and logo to convince users they are affiliated with the company. These accounts include the following Twitter handles:

  • EsuranceWinBig
  • EsuranceGW
  • Essurance
  • Esurrance
  • Esurnace
  • Esuranc

There are also other accounts that use logos and imagery making them look like they belong to Esurance, but their names have nothing...

Christopher Mendes | 03 Feb 2014 18:13:40 GMT

Contributor: Sean Butler

As it’s the start of a Football World Cup year it’s only natural that we will see many campaigns in relation to this global event. There will be many marketing and promotional campaigns taking advantage of the hype and excitement surrounding this event. Amongst all of the legitimate marketing and promotion emails, you may also receive emails promising anything from free match tickets, to competitions and lottery prizes stating that you have won a car.

Sound too good to be true? Well, you would be right in thinking that!

Fraudsters will be looking to exploit the enthusiasm that comes with the FIFA World Cup, which will be taking place in Brazil this June. The ramifications of you being scammed could be very serious indeed. Not only could you become a victim of fraud by having your bank account emptied by these fraudsters, you could also end up with malware on your computer. This malware could do anything from stealing your...

Binny Kuriakose | 30 Jan 2014 09:39:42 GMT
China is gearing up to usher in the Year of the Horse, which begins with the new moon on January 31 this year. With more than a billion people worldwide preparing to celebrate the new year for the lunar calendar, the celebration this year promises more color than ever before.
 
Chinese New Year, also known as the spring festival, is a day for reunion and thanksgiving, where exchanging gifts is at the heart of the celebration. Friends, family, colleagues and even businesses exchange gifts to show love, respect and loyalty. Business owners often send gifts to their customers and shops offer gifts and discounts to show their gratitude. However, spammers are all too aware of this practice.
 
The spammers and fraudsters are known to capitalize on special occasions and exploit the noble gesture of giving gifts in order to send out spam. They are known to pose as friends and business owners and send emails promising gifts and...