Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Online Fraud
Showing posts in English
Spammers’ Ploys
Samir_Patil | 02 Dec 2010 14:48:48 GMT | 0 comments

Come Christmas and everybody begins to bubble with joy and excitement. The season is such that no matter who you are or what you do, there is always some joy to be shared with everyone.

Christmas is particularly remembered for the gifts we give and receive. There is a plethora of gift items available on the Internet, so this is also a season during which e-commerce is at its peak. We at Symantec want to send a friendly reminder to you to be cautious while net-o-shopping this Christmas season. Don’t be misled by spammers’ unrealistic offers created to entice you!

To spread this message, here is a Christmas carol specially adapted and written just for you:

---------------------------

Spammers’ Ploys

Come, they told me Pa rup a pum pum
This is our Christmas treat, Pa rup a pum pum
Freebies and much to see, Pa rup a pum pum
Watches and meds and greets. Pa rup a pum pum, Rup a pum pum, rup a pum...

Read more
Phishers’ Roving Eyes Target Indian Educational Institutes
Mathew Maniyara | 01 Dec 2010 23:55:20 GMT | 0 comments

Recently, Symantec observed a phishing website that spoofed a popular email service brand. There wasn’t much to ponder on the phishing page or even with the brand that it was spoofing. Also, phishing websites attacking email service brands are not uncommon. But, the domain name that was used in hosting the phishing site was what made this particular phishing attempt interesting.

The phishing site’s domain name belonged to a popular government educational institute in India. Phishers are known for compromising legitimate websites and hosting their phishing sites on them. However, websites belonging to government, military, or educational institutes are usually more secure and are seldom compromised. In the past six months, several colleges and schools in India have been attacked by phishers. These include colleges that offer education in engineering, health sciences, management studies, gemological studies, and commerce. Let’s have a look at the statistics...

Read more
Lesser Thanksgiving Gifts
Samir_Patil | 23 Nov 2010 13:55:55 GMT | 0 comments

Thanksgiving is a great occasion to thank dear friends and family for their kindness and also a good time to start readying Christmas holiday decorations. Symantec recently observed spam samples targeting Thanksgiving Day. The volume of Thanksgiving spam messages is less than what we anticipated; perhaps this is due to the crackdown on the Russian spam kingpin, Igor Gusev.

Many of the spam samples observed are encouraging users to take advantage of early bird specials to enjoy savings, which are available for a limited period only. Clicking the URL will automatically redirect the user to a fake offer website. The sample shown below is one such spam email that expresses Thanksgiving offers:

 


 
The following are some of the subject lines used in the spam samples:

...

Read more
Don’t Let Halloween Haunt You
Samir_Patil | 18 Oct 2010 13:03:39 GMT | 0 comments

Halloween is drawing near, so the spammers are busy laying out bait in the form of Halloween jackpots, sweepstakes, gift cards, e-cards, personalized gifts, online contests, and even print products and costumes. Perhaps this is one of those seasons during which people—both young and old—celebrate with full gusto. Unfortunately, this type of popular event brings with it a whole host of malicious circumstances on the Internet that people are being enticed to fall for. For it is common knowledge that where people show some vulnerability, spammers are not far behind!

Below are some of the subject lines being used in the latest spam messages:

Subject:”xxxxx” Halloween Series Campaign Vol1
Subject: Halloween Treat Bags, Home Decorations, and More
Subject: Open this! $1 Million Prize
Subject...

Read more
Harry Potter and The Deadly Hallows of Spam
Samir_Patil | 14 Oct 2010 13:01:45 GMT | 0 comments

Harry Potter and the Deathly Hallows is the seventh and (supposedly) final adventure in the Harry Potter novel series. As the grand finale of the series draws nearer, I’m sure all of the Harry Potter enthusiasts are waiting in anticipation to see what’s in store. The Harry Potter and the Deathly Hallows novel has been adapted and split into two full-length movies. The first part is scheduled for release on November 19, 2010, and we at Symantec have already started observing spam messages in relation to this event.

In a related spam sample, spammers are trying to lure prey into their spell by promoting fake offers. According to the spammers, users must sign up “TODAY” and get all seven books in the Harry Potter series. As an incentive, the users will purportedly receive free tickets to see “Harry Potter and the Deathly Hallows PART I” in the theater on November 19. A great lucrative offer that you just cannot afford to...

Read more
Banking, Breaches, and Brands – Three Ways Cybercriminals Can Put You Out of Business
Kevin Haley | 15 Sep 2010 13:29:02 GMT | 0 comments

“It can’t happen to me”

Hunters and gatherers. Most people think of cybercrime against business to be the work of hunters such as cybercriminals who target then infiltrate a company to steal from it. Reading the newspaper, it’s easy to convince yourself that these hunters are after big game and a small business does not have to worry about these targeted attacks. Maybe; however, we’ll talk more about that later. The majority of cybercriminals can best be described as gatherers. They throw wide nets and take advantage of whatever victims land in those nets. Small businesses really must watch out for the gatherers.

Because the barrier of entry is low, there are many gatherers. A gatherer doesn’t have to be a criminal genius. They don’t even need advanced computer skills. They really don’t need to know much at all—except where to buy a toolkit. Toolkits allow criminals with limited skills to get...

Read more
Spam and Phishing Landscape: September 2010
Eric Park | 10 Sep 2010 20:41:40 GMT | 0 comments

Malware spam is back after a one-month hiatus! The attack has returned to the forefront of the spam threat landscape in the form of .zip and .html attachments, as discussed in the September 2010 State of Spam & Phishing report. Malware spam more than tripled in volume, and .zip attachment spam saw a four-fold increase month-over-month. As such, we reviewed what this attachment spam contained and discussed how those threats pose a serious risk to users. Overall, spam made up 92.51 % of all messages in August, compared with 91.89 % in July.

For this and much more, click here to download the September 2010 State of Spam & Phishing Report, which highlights the following trends:

•    Tale of .zip and .html Attachments
•    A Phishing Scam Linked to “High School Musical”...

Read more
Beware of Phishing on “Norton Internet Security”
Mathew Maniyara | 10 Sep 2010 20:17:58 GMT | 0 comments

In September 2010, Symantec observed a phishing site that targeted customers who use the product “Norton Internet Security”. Norton Internet Security is a Symantec product which provides prevention against malware, viruses, and email spam. It is also one of the leading anti-phishing solutions in the market.

 

Fraudsters attempted to steal credentials from users with a Norton account by means of a phishing page that claimed to be an account restoration page. The phishing site was titled “Norton Internet Security Alert” and asked for an identity verification of the user to restore his or her account. The confidential details asked for in the verification were the user’s name, email address, and password. The user was also asked to enter a code from a bogus CAPTCHA provided in...

Read more
Spammers Introduce New Email Internet Headers
Suyog Sainkar | 06 Sep 2010 20:07:45 GMT | 0 comments

Symantec has been tracking a recent phishing email attack that is targeting the users of a number of prominent global banking institutions. In this phishing attack it was observed that the spammers are using meaningless, random email headers—possibly in an attempt to circumvent anti-spam message filters. The spam attack was observed starting in July and is still active.

Let’s first understand what email headers are. Every email message comprises two parts: the message body and the message header. The header can be thought of as the envelope of the message, containing the address of the sender and the recipient, the subject, and other important tracking information. The body contains the actual textual content of the message and file attachments, if any.

Here are some of the most common email header fields:

Received:
Return-Path:
Sender:
X-Mailer:
From:
Date:
To:
Subject:
Message-ID:
MIME-Version...

Read more
Fake Survey Seeking Opinions on Social Networking Features
Samir_Patil | 27 Aug 2010 20:40:47 GMT | 0 comments

Symantec has observed a new spam tactic being used in which fake surveys are seeking users' opinions or views on features provided by their social networking site. The sample shown below is one such spam email targeting Facebook:

Various “Subject” lines of this spam are as follows:

Subject: Take our online survey and receive a new gaming unit!
Subject: Take our social networking survey and get a gift card!
Subject: Give your opinion on social networks and choose your prize!
Subject: Receive a hot new MP#3 player for your opinions!

Upon clicking the link provided in the message, the user is redirected to a fake survey page where the user has to answer questions related to features provided by social networking site. Upon completion of survey, the users are promised exciting gifts.

Spammers are trying to demonstrate the legitimacy of...

Read more