Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Online Fraud
Showing posts in English
WikiPharmacy? Fake Notifications Spammed Out
Samir_Patil | 26 Apr 2012 06:46:31 GMT | 0 comments

Symantec is intercepting a resurgence of spam attacks on popular brands. Spam messages that are replicas of the Wikipedia email address confirmation alert are the new vector for the present. The said spam messages pretend to be originating from Wikipedia, and are selling meds, with the following subject line: “Subject: Wikipedia e-mail address confirmation”.

The spoofed Wikipedia page is a ploy to give legitimacy to the sale of meds online. The embedded URL in the message navigates to a fake online pharmacy site that is dressed up as a Wikipedia Web page. Furthermore, to give the email a legitimate look, the spammer has added the recipient’s IP address in the body of the spam mail. Needless to say this IP does not belong to the user.

Figure 1: Part of the spam message

...

Read more
Fake Discount Cards
Mathew Maniyara | 23 Apr 2012 22:37:33 GMT | 0 comments

Phishers are constantly developing new strategies in an effort to trick end users. In April 2012, phishers created sites spoofing the Apple brand with fake offers for Apple discount cards. In this phishing attack, customers were targeted by region: namely, the UK and Australia.

The phishing sites mimicked the webpage of Apple and prompted customers for their Apple ID. The phishing page stated the customer’s long-term loyalty toward the brand gave them eligibility for an Apple discount card as a reward. Upon entering an Apple ID and clicking the “Next” button, the customer was redirected to a page that asked for more confidential information:

Here,...

Read more
Increase in Hit & Run Spam
Eric Park | 20 Mar 2012 18:41:34 GMT | 0 comments

During the past two weeks, Symantec has observed an increase in hit & run spam activities (also known as snowshoe spam) in its Global Intelligence Network. Hit & run spam messages have the following characteristics:

  • Usually originates from IP ranges with neutral reputation
  • Uses a large IP range to dilute the amount of spam sent from each IP address
  • Contains features (such as Subject line, From line, and URLs) which change quickly
  • URL is the call-to-action
  • Often uses large quantity of “throw-away” domains in a single spam campaign

Here is a breakdown of top three products or services promoted by such spam over last week:

Date

#1Spam Promo

 ...
Read more
Phishers Introduce Adult Cams into Gaming Scams
Mathew Maniyara | 19 Mar 2012 18:58:25 GMT | 0 comments

Co-Author: Avdhoot Patil

Phishing sites with adult content are not uncommon. Phishers have often used adult content as bait in fake social networking applications. In March 2012, a phishing site spoofing a gaming brand claimed to have an adult webcam application. The phishing site was hosted on a free web hosting site and the phishing page was in Italian.

A fake offer was given on the phishing site and an adult webcam image was placed below it. According to the fake offer, the gaming brand had prepared a list of users who were willing to perform nude webcam shows for a small price, even free. The phishing site further claimed that by entering login credentials one could receive through email the names of the users willing to perform and be able to add them to their contact list. The phishing site explained that login credentials were required because the brand decided could not disclose the names of performers outside the network to maintain privacy. To gain...

Read more
The Wave of Linsanity Sweeps Through the Spam Industry
Ruby Yang | 15 Mar 2012 13:04:04 GMT | 0 comments

Nobody knew about Jeremy Lin a couple of months ago. But now, Linsanity rocks the world. Being a new NBA star, his name has already been mentioned countless times on ESPN, NY Times, and all other sports media.

If you are a fan of Jeremy Lin, you would probably like to collect his No.17 T-shirt, posters, and signature. One thing you would not like to collect is Linsanity junk mail. Unfortunately, spammers are jumping on the bandwagon as well.

As a Taiwanese descendant, Jeremy Lin’s background makes him unique in the NBA. Jeremy Lin inspires not only an enthusiasm for basketball, but also an interest in learning Chinese.  His humbleness and hard work also attract lots of overseas commercial invitations, especially in the Chinese market. In this particular trend, spammers use his fame to promote this Chinese flashcard website.

Lin has claimed that he is in no rush to use his...

Read more
Scam for FC Barcelona Fans
Mathew Maniyara | 12 Mar 2012 22:35:45 GMT | 0 comments

Co-Authors: Ashish Diwakar and Avdhoot Patil

Phishers often choose baits with the motive of targeting a large audience. Using popular celebrities as bait is a good example. Phishers understand that choosing celebrities with a large fan base would target the largest audience and supply more duped users. This month phishers are using the same strategy but, instead of targeting a popular celebrity, they associated their phishing site with the popular FC Barcelona football club. FC Barcelona is the world’s second richest football club and has a large fan following. The phishing site, hosted on a free web hosting site, has since been removed and is no longer active. However, though phishing sites are frequently short-lived, internet users should be aware that other phishing sites using this or a similar template could easily be encountered in future.

The phishing site...

Read more
Phishers Dislike Facebook Timeline
Mathew Maniyara | 08 Mar 2012 23:50:37 GMT | 0 comments

Co-Author: Ayub Khan

Phishers regularly introduce new types of fake applications with the motive of improving their chance to harvest user credentials. In February 2012, Symantec observed a phishing site recommending a fake application that allegedly removes “Timeline” profile for Facebook users. The phishing site was hosted on a free web hosting site.

The phishing site embedded the Facebook Timeline promotion video from YouTube, with the claim “Remove Timeline Now”. According to this phishing site, users will have their “Timeline” removed from their Facebook profile and get back their old profile page—only after they enter their login credentials. To make the fake application look more authentic, phishers added that it was protected by an antivirus product with the logo of the antivirus brand placed...

Read more
Russian Spammers Eye World Content Show
Samir_Patil | 08 Feb 2012 17:17:38 GMT | 0 comments

Thanks to Anand Muralidharan for their assistance with this research.

Televison channels across the world are set to be at the 14th International Exhibition and Forum, World Content Show, held Feb 7- 9, 2012, in Russia. The exhibition showcases the latest technologies and trends in the TV and telecommunication industry.

This techno-fair will be attended in large numbers by leading media businesses, and spammers don’t want to miss the opportunity to circulate spam around the event. In a bid to catch the reader’s attention, one such spam email reveals some appealing facts about the event, such as Interactive Elements, Prize Drawings, Performance of Popular Leader/Star, and Colorful Musical Concerts.

Here is an example of this Russian spam observed by Symantec:

Here are the subject...

Read more
Purchases From This Super Bowl Sale Will Not Take You Anywhere
Samir_Patil | 04 Feb 2012 20:15:18 GMT | 0 comments

You may not need pills to watch the super bowl but spammers feel that this definitely  is an occasion to do so! The most exciting annual championship of the NFL -  the Super Bowl XLVI - starts tomorrow. And as expected, spammers are playing a different ball game with the crazy Super Bowl fans.

Spam related to Super Bowl  can be spotted with the subject listed below:

Subject: Super Bowl [BRAND NAME] Sale
Subject: Super Bowl Special
Subject: Super Bowl
Subject: Super Bowl 2012 - You win no matter which team does!

One such spam sample that we discovered promotes an online pharmacy. The email offers a free generic combo pack after placing medical orders with them.

The link in the spam sample goes to the following online pharmacy site:

Another...

Read more
Phony ICC Promotion Award
Mayur Kulkarni | 01 Feb 2012 01:13:10 GMT | 0 comments

Nothing can be more enticing than to be chosen for some free goodies—be it mementos, a cash prize, or a ticket to watch a game. It gets even more interesting if you are from a cricket crazy continent and suddenly, out of the blue, you receive an email saying that you are “the chosen one”!

What would you do? At first thought you would pounce on the opportunity, like a jungle tiger does its prey. But hang on a second! What you might be thinking is an opportunity of a lifetime, sadly, is just the opposite. Let me put it bluntly: if you have received such an email, you are "the chosen prey”. And if you decide to reply to it, then you could be in for some big trouble!

Millions of people get scammed every day with such fantastic offers. The sad part of the story is that many get plundered in this game. Scammers put in a lot of planning before sending out such emails. Upcoming events are focused upon, strategies are formalized, and...

Read more