Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Online Fraud
Showing posts in English
The Arabic Wave Gathers Momentum in the Spam World
Samir_Patil | 23 Feb 2011 13:51:47 GMT

The Tunisian wave has captured the minds of people across the Middle East region. What is surprising to note is the creative use of the Internet in discussing such sensitive issues. The unrest in Tunisia has "tsunamied" into a mass movement straight at the heart of the Arab world. Egypt, with the ousting of President Hosni Mubarak, has become ground zero of this wave. But, as this movement gains momentum and spreads, there are many waiting to misuse this space—as demonstrated in the sample discussed below.

 
In this typical 419 scam message, the scammer masquerades as the erstwhile President Hosni Mubarak. A handsome proposal, considering the (bogus) bonanza of a 30% handling fee to be given to the one who cooperates in siphoning his booty out of Egypt. Further, because of the urgency of the situation, one is required to give "full contact information" as well...

Read more
Big Brother Brasil Bait is Back
Mathew Maniyara | 28 Jan 2011 14:53:35 GMT

In 2010, Symantec reported phishing sites that were spoofing a popular social networking brand. The phishing sites claimed to have a Web application with which end users could watch “Big Brother Brasil” online. This phishing attack was launched during the 10th season of the television show that was on air from January to March of 2010. On January 11, 2011, the 11th season of the show began and phishers are back again with the same bait to try their luck at harvesting user credentials. The latest phishing site was hosted on a free webhosting domain.


 
On certain legitimate Web sites, live video feeds of the show are available around the clock from multiple cameras in the Big Brother house. Some of these videos are suitable only for adult viewing. On the other hand, no live video...

Read more
W32.Waledac.B Carrying New Year Wishes
Suyog Sainkar | 05 Jan 2011 16:33:43 GMT

Since the close of 2010, Symantec has been observing a recent spam attack that is designed to distribute malware. On the arrival of the new year, Internet users often send best wishes to their friends and families through email or make use of online greeting card services. The spammers have exploited this likelihood, since the email messages in this spam attack appear to contain Happy New Year wishes in the form of an e-card, but in fact are distributing malicious code.

Below are some sample subject lines observed in this spam attack:

Subject:  New Year Ecard Notification
Subject:  Have a funfilled and blasting NewYear!
Subject:  Welcome 2011!
Subject:  Happy 2011 To U!
Subject:  Sparkling wishes on the New Year
Subject:  Happy New Year Wishes!
Subject:  Have a Happy New Year!
Subject: New Year 2011 Ecard Special Delivery

The message text urges the user to...

Read more
Spammers’ Ploys
Samir_Patil | 02 Dec 2010 14:48:48 GMT

Come Christmas and everybody begins to bubble with joy and excitement. The season is such that no matter who you are or what you do, there is always some joy to be shared with everyone.

Christmas is particularly remembered for the gifts we give and receive. There is a plethora of gift items available on the Internet, so this is also a season during which e-commerce is at its peak. We at Symantec want to send a friendly reminder to you to be cautious while net-o-shopping this Christmas season. Don’t be misled by spammers’ unrealistic offers created to entice you!

To spread this message, here is a Christmas carol specially adapted and written just for you:

---------------------------

Spammers’ Ploys

Come, they told me Pa rup a pum pum
This is our Christmas treat, Pa rup a pum pum
Freebies and much to see, Pa rup a pum pum
Watches and meds and greets. Pa rup a pum pum, Rup a pum pum, rup a pum...

Read more
Phishers’ Roving Eyes Target Indian Educational Institutes
Mathew Maniyara | 01 Dec 2010 23:55:20 GMT

Recently, Symantec observed a phishing website that spoofed a popular email service brand. There wasn’t much to ponder on the phishing page or even with the brand that it was spoofing. Also, phishing websites attacking email service brands are not uncommon. But, the domain name that was used in hosting the phishing site was what made this particular phishing attempt interesting.

The phishing site’s domain name belonged to a popular government educational institute in India. Phishers are known for compromising legitimate websites and hosting their phishing sites on them. However, websites belonging to government, military, or educational institutes are usually more secure and are seldom compromised. In the past six months, several colleges and schools in India have been attacked by phishers. These include colleges that offer education in engineering, health sciences, management studies, gemological studies, and commerce. Let’s have a look at the statistics...

Read more
Lesser Thanksgiving Gifts
Samir_Patil | 23 Nov 2010 13:55:55 GMT

Thanksgiving is a great occasion to thank dear friends and family for their kindness and also a good time to start readying Christmas holiday decorations. Symantec recently observed spam samples targeting Thanksgiving Day. The volume of Thanksgiving spam messages is less than what we anticipated; perhaps this is due to the crackdown on the Russian spam kingpin, Igor Gusev.

Many of the spam samples observed are encouraging users to take advantage of early bird specials to enjoy savings, which are available for a limited period only. Clicking the URL will automatically redirect the user to a fake offer website. The sample shown below is one such spam email that expresses Thanksgiving offers:

 


 
The following are some of the subject lines used in the spam samples:

...

Read more
Don’t Let Halloween Haunt You
Samir_Patil | 18 Oct 2010 13:03:39 GMT

Halloween is drawing near, so the spammers are busy laying out bait in the form of Halloween jackpots, sweepstakes, gift cards, e-cards, personalized gifts, online contests, and even print products and costumes. Perhaps this is one of those seasons during which people—both young and old—celebrate with full gusto. Unfortunately, this type of popular event brings with it a whole host of malicious circumstances on the Internet that people are being enticed to fall for. For it is common knowledge that where people show some vulnerability, spammers are not far behind!

Below are some of the subject lines being used in the latest spam messages:

Subject:”xxxxx” Halloween Series Campaign Vol1
Subject: Halloween Treat Bags, Home Decorations, and More
Subject: Open this! $1 Million Prize
Subject...

Read more
Harry Potter and The Deadly Hallows of Spam
Samir_Patil | 14 Oct 2010 13:01:45 GMT

Harry Potter and the Deathly Hallows is the seventh and (supposedly) final adventure in the Harry Potter novel series. As the grand finale of the series draws nearer, I’m sure all of the Harry Potter enthusiasts are waiting in anticipation to see what’s in store. The Harry Potter and the Deathly Hallows novel has been adapted and split into two full-length movies. The first part is scheduled for release on November 19, 2010, and we at Symantec have already started observing spam messages in relation to this event.

In a related spam sample, spammers are trying to lure prey into their spell by promoting fake offers. According to the spammers, users must sign up “TODAY” and get all seven books in the Harry Potter series. As an incentive, the users will purportedly receive free tickets to see “Harry Potter and the Deathly Hallows PART I” in the theater on November 19. A great lucrative offer that you just cannot afford to...

Read more
Banking, Breaches, and Brands – Three Ways Cybercriminals Can Put You Out of Business
Kevin Haley | 15 Sep 2010 13:29:02 GMT

“It can’t happen to me”

Hunters and gatherers. Most people think of cybercrime against business to be the work of hunters such as cybercriminals who target then infiltrate a company to steal from it. Reading the newspaper, it’s easy to convince yourself that these hunters are after big game and a small business does not have to worry about these targeted attacks. Maybe; however, we’ll talk more about that later. The majority of cybercriminals can best be described as gatherers. They throw wide nets and take advantage of whatever victims land in those nets. Small businesses really must watch out for the gatherers.

Because the barrier of entry is low, there are many gatherers. A gatherer doesn’t have to be a criminal genius. They don’t even need advanced computer skills. They really don’t need to know much at all—except where to buy a toolkit. Toolkits allow criminals with limited skills to get...

Read more
Spam and Phishing Landscape: September 2010
Eric Park | 10 Sep 2010 20:41:40 GMT

Malware spam is back after a one-month hiatus! The attack has returned to the forefront of the spam threat landscape in the form of .zip and .html attachments, as discussed in the September 2010 State of Spam & Phishing report. Malware spam more than tripled in volume, and .zip attachment spam saw a four-fold increase month-over-month. As such, we reviewed what this attachment spam contained and discussed how those threats pose a serious risk to users. Overall, spam made up 92.51 % of all messages in August, compared with 91.89 % in July.

For this and much more, click here to download the September 2010 State of Spam & Phishing Report, which highlights the following trends:

•    Tale of .zip and .html Attachments
•    A Phishing Scam Linked to “High School Musical”...

Read more