Video Screencast Help
Security Response
Showing posts tagged with Online Fraud
Showing posts in English
Samir_Patil | 31 Oct 2012 14:30:39 GMT

Hurricane Sandy, one of the most devastating Superstorms in decades, hit the US East coast. Causing the loss of lives and businesses and leaving countless people without electricity, Sandy has now added spam to its list of misery. We are observing spam messages related to the hurricane flowing into Symantec Probe Networks. The top word combinations in message headlines are "hurricane – sandy", "coast – sandy", "sandy – storm", and "sandy – superstorm."

Figure 1. Message volume over a two-day period

Typical spam attacks like "Gift card offer" and "Money making & Financial" spam are currently targeting the disaster. Below are the screenshots of some spam samples.

...

Samir_Patil | 30 Oct 2012 11:16:13 GMT

In a couple of days we will be celebrating Halloween. Some of us will be booking family trips, others will be preparing for themed parties with interesting costumes and fun games. To make it easy for their customers, various online companies offer goodies along with Halloween necessities. You might even receive emails from them regarding discounts and freebies. However, in a frenzy to get ready for this long awaited event, do not get carried away if suddenly you see an out of this world offer like the ones listed below.

While some organizations will offer reasonable discounts, others offer the sun and the moon in lieu of your purse or your personal details. Spammers have laid snares for unsuspecting Internet users ready to fall for these offers.

For example, you might decide to shop around for a new car this Halloween or you might want to do some last minute online purchases for your child. Spammers, keeping these needs in mind have already prepared an array of...

Eric Park | 19 Oct 2012 17:01:26 GMT

Symantec is observing an increase in spam messages containing .gov URLs. A screenshot of a sample message is below:
 


 

Traditionally, .gov URLs have been restricted to government entities. This brings up the question of how spammers are using .gov URLs in spam messages.

The answer is on this webpage:

1.USA.gov is the result of a collaboration between USA.gov and bitly.com, the popular URL shortening service. Now, whenever anyone uses bitly to shorten a URL that ends in .gov or .mil, they will receive a short, trustworthy 1.usa.gov URL in return.

While this feature has legitimate uses for government agencies and employees, it has also opened a door for...

Mathew Maniyara | 28 Sep 2012 14:48:20 GMT

Contributor: Avdhoot Patil

Phishers have recently gained a lot of interest in football. After the scam on the 2014 FIFA World Cup, they have set their eyes on footballer Lionel Messi. In September 2012, Symantec observed the use of various social-networking themes in phishing. A number of these themes featured Lionel Messi. The phishing sites were hosted on free web-hosting sites.

In the first example, the background image of the phishing site was of Lionel Messi and the theme promoted football club Barcelona FC. On the other hand, the legitimate social-networking site in question does not provide users with any theme. End users were prompted to login in order to gain access to Messi’s social networking page. Of course, this is only a ploy and there is no gain for users from a phishing site. After the login credentials are entered, the phishing site redirected to the...

Mathew Maniyara | 13 Sep 2012 20:09:55 GMT

Co-Author: Ashish Diwakar

The next FIFA World Cup is scheduled to take place in June 2014 in Brazil and phishers have already taken the opportunity to promote the event. World Cups are a favorite of phishers, as observed in the phishing sites focused on the 2010 FIFA World Cup and the 2011 Cricket World Cup. In September 2012, phishing sites spoofed a popular Brazilian credit and debit card company using the 2014 FIFA World Cup as bait.
 


 

The phishing sites were in Brazilian Portuguese. A number of the phishing sites featured Brazilian footballer Neymar da...

Anand Muralidharan | 29 Aug 2012 16:10:25 GMT

Since mid-August, Symantec have been observing spam samples containing links with file extensions in the URLs. If these links are clicked they do not open any files, instead they redirect the user to an online pharmacy website.  The following file extensions are used in the URLs:

  • .asp
  • .doc
  • .htm
  • .html
  • .mp3
  • .mpeg
  • .pdf
  • .php
  • .txt

The following URLs were seen in spam samples examined by Symantec:            

  • http:// [REMOVED].be/HOOK2_txt
  • http:// [REMOVED].com.br/897110_doc
  • http:// [REMOVED].com/677115_php
  • http:// [REMOVED].com/686112_asp
  • http:// [REMOVED].ru/706060_mp3
  • http:// [REMOVED].ru/HOOK2_htm
  • http:// [REMOVED].ru/vern_html
  • http://[REMOVED].org/521862_pdf
  • http:// [REMOVED].com/139097_mpeg

Spam email examples:

...

Mathew Maniyara | 10 Aug 2012 18:50:42 GMT

Celebrities are frequently featured in phishing sites. Now, phishers have taken an interest in targeting French users by using teenage celebrities as bait. Some of the celebrities recently used as bait were the singers Jojo, Justin Bieber, and Zac Efron. The phishing sites were hosted on free Web hosting sites.

In the first example, the phishing site spoofed the login page of an email service of a popular information services brand. The phishing page contained an image of Jojo and the contents of the page were altered to promote the singer. The legitimate brand does not promote any celebrities, but phishers modified the contents of the page to entice users. Phishers believe that by using popular celebrities they can gain a larger audience, which increases their chances of harvesting user credentials. After the login credentials have been entered, users are redirected to the legitimate website.

...

Mathew Maniyara | 10 Aug 2012 16:56:45 GMT

Co-Author: Avdhoot Patil

Lucky draw prizes are commonly used as bait in phishing schemes. The fake lottery prizes observed last Christmas and the charity lottery are examples. In July 2012, phishers offered a smart phone as a lucky draw prize. The phishing site spoofed a telecommunications company based in France and was hosted on servers based in Fulshear, USA.

The phishing site was in French and the title translates to “Congratulations”. A message on the phishing site stated that a lucky draw takes place every day and that the user won the draw for the current day. In this case, the lucky draw prize mentioned was a smart phone. To attain the prize, the user was required to enter personal information, including their:

  • User name
  • Surname...
Mathew Maniyara | 03 Aug 2012 17:36:42 GMT

Co-Author: Avdhoot Patil

Phishers continue to target Indonesian celebrities with adult scams. Phishing attacks on rock star Ahmad Dhani have already been seen. In July 2012, Symantec observed a phishing site that claimed to have an adult video of Indonesian actress and singer Aura Kasih. The phishing site spoofed a social networking brand and was hosted on a free Web hosting site.

The adult scam came in light of a recent scandal surrounding the singer. An adult video, allegedly of Aura Kasih and pop star Nazril Irham, has been circulating recently in Indonesia over the internet and mobile phones. It is rumored that the video started appearing after Nazril Irham’s laptop was stolen.

Phishers created the phishing site with an image of a video link of Aura Kasih. A message in Indonesian on the image prompted users to login to view the video. The message also...

Mathew Maniyara | 25 Jul 2012 21:25:45 GMT

Co-author: Avdhoot Patil

Phishing sites using celebrities as bait are on a rampage. In July 2012, Honey Singh, also known as Yo Yo Honey Singh, a popular Indian rapper, singer, music producer, and actor was featured on phishing sites. Symantec observed several phishing sites that spoofed a social networking brand that claimed to have an application for Honey Singh. The phishing sites were hosted by a free web hosting service.

The phishing sites promoted Honey Singh’s 2011 album, International Villager. A poster of the album's artwork was displayed on the left side of the phishing page and the login form was displayed on the right side. The phishing sites claimed to have an application that enabled users to listen to the Punjabi star's latest songs and videos. As with most applications on social networking sites, the application made a request to the user before allowing access. After a user's login credentials were entered into the phishing...