Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Online Fraud
Showing posts in English
So Wait, Where Do You Live?
Ron Bowes | 22 May 2007 07:00:00 GMT | 0 comments

A few months ago, I moved out of my home town in search of greenerpastures. In doing so, I called every company I could think of whomight have my previous address. And that was a lot of calling - thesedays, it seems like changing a home address is as difficult as changingan email address!

After I arrived, I bought a lot of stuff online. I purchasedeverything from books and movies to show tickets from major onlineretailers. I made every transaction with my credit card, and everythingwas shipped to my new address. I didn't have any problems - at first -all I needed was my credit card information and everything was shippedwhere I asked it to be shipped.

Recently, however, I purchased a new hard drive from a localcomputer store. Since it's on the far side of the city, I opted to haveit shipped rather than pick it up. This morning, I received an emailsaying that they wouldn't accept the order because my shipping addressdidn't match the address on my credit card. So I...

Read more
Phishing and Two-Factor Authentication Revisited
Zulfikar Ramzan | 17 May 2007 07:00:00 GMT | 0 comments

A while back, I blogged about the role of two-factor authentication tokens in protecting against phishing scams.Since then, the issue has come up again, and has recently has attractedmore attention, so I thought I’d spend some time here revisiting it.

First, let’s recall what two-factor authentication means. There arethree mechanisms we can use to prove to someone else that we are who wesay we are:
(1) something we have - a driver’s license, access card, or key
(2) something we are - a biometric like a fingerprint
(3) something we know - a password, or other common information aboutourselves (like a social security number, mailing address, or ourmother’s maiden name.)

Two-factor authentication simply refers to the idea ofauthenticating yourself using two of the above. Note that having twodifferent passwords is not...

Read more
“Authenticated Phishing” or “You Can Trust Us, We Know Where You Live”
Symantec Security Response | 14 May 2007 07:00:00 GMT | 0 comments

In my last blog entry, Pre-Phishing Recon for Context Aware Attacks,I talked about how generic phishing messages can be used to collectcontextual information for more advanced phishing attacks. In thisblog, I will describe two such types of advanced phishing attacks.

First, I must note that a pre-phishing recon attack is not the only waythat attackers can get their hands on contextual information about aperson. Attackers can also search the internet for public documentscontaining personally-identifying information. They can buy informationabout a person on an underground economy server, and they can get theinformation through a corporate data breach. In any case, if anattacker gets access to some personal information about someone, he orshe can attempt what is called a context-aware phishing attack.

A context-aware phishing attack...

Read more
Payment Service Companies Cash in on Identity Fraud
Yazan Gable | 02 May 2007 07:00:00 GMT | 0 comments

Big money is being made through buying and selling stolen creditcard information. There’s an entire market thriving in shady chat roomson public Internet relay chat (IRC) servers. Carders vie for the bestdeals, having to wade through the thousands of lines of advertisements.Large collections of credit card numbers, identities, credit carddumps, bank account credentials and online payment accounts are amongthe many things that are traded by the minute. But it isn’t only thecarders who make money from the sale of this information.

Payment service companies make their commissions on these sales aswell. Every deal involving stolen credit card information has to bepaid for, and payment service companies provide the carders with theability to transfer their money.

But what makes any particular payment service popular amongstcarders? There are a number of factors. Firstly, anonymity isimportant. A carder wants to provide as little personal information aspossible. They don’t...

Read more
ID Theft Down in the Dumps
Yazan Gable | 01 May 2007 07:00:00 GMT | 0 comments

Did you ever wonder how your credit card information is bought, soldor transferred? Have you ever wondered how someone uses your creditcard information after it is stolen to commit fraud? There are a numberof ways, but the preferred method is through using dumps. A dump is afile containing the data that is stored on a credit card’s magneticstrip. Dumps are the favorite currency of credit card fraud these days.

Carders, the people who deal in stolen credit card information andlaundering, pay premium prices for dumps. Premium is around $8.00 US,while simple credit card numbers, names and expiration dates are around$1.00 – 2.00 US. Sure, having a credit card number, name and expirydate work pretty well for on-line purchases, but the difficulty is ingetting the goods. Where should they be shipped to?

Dumps, on the other hand, allow the carder to dump the data ontopretty much any magnetic card. This includes hotel room keys, discountcards, gift cards, and other credit...

Read more
Drive-By Pharming Follow Up
Zulfikar Ramzan | 27 Mar 2007 07:00:00 GMT | 0 comments

In a previous blog entry,I talked about the concept of a "drive-by pharming" attack. The conceptreceived significant traction, and in this blog entry, I wanted tofollow up on some of the commentary.

Recall that in a drive-by pharming attack, the attacker sets up aWeb page that simply when viewed attempts to connect to the victim’shome broadband router and change its DNS settings. If successful,future DNS requests made by the victim will be resolved by theattacker’s DNS server. As a result, the attacker controls the victim’sInternet connection, which allows the attacker to choose which sitesthe victim sees when he or she surfs the Web. The victim is nowsusceptible to phishing, identity theft, and a whole host of othersecurity issues.

Wired versus wireless
A number of people incorrectly thought...

Read more
Making Money in China Through Malware
Eric Chien | 16 Mar 2007 07:00:00 GMT | 0 comments

One of the principles behind malware is that it follows technologyand mainstream culture. If ninety percent of the world was using theEricOS, the vast majority of threats would be designed to run on theEricOS because otherwise the threat would have nothing to infect.

In China, online computer usage patterns affect the types of malwareSymantec sees there. In particular, if you walk into an Internet cafein China, rarely do you see people using search engines like Google oron Web sites like MySpace. Instead, the vast majority of people haveheadphones on and are playing online games such as Lineage or World ofWarcraft.

Thus, Symantec sees a lot of Infostealers that attempt to stealcredentials for these types of online games. Once credentials arestolen, the hacker logs into the account, steals the virtual items, andthen attempts to sell them for real money through various boardsoutside the virtual gaming world.

An example of this threat is Lingling (Lingling means...

Read more
Please Leave a Message After the Phish
Candid Wueest | 13 Mar 2007 07:00:00 GMT | 0 comments

Recently, some people received quite a shock while doing their normal online banking business, as reported by Heise news. While browsing their bank’s Web site, they suddenly noticed that an international phone number and a country flag were integrated into the transaction page.

From that point on, the reaction of different users will vary. You might call me pessimistic, but I assume some people would not question it (if they noticed it at all), and would continue with their normal online banking transactions. The same people might also fall for general phishing email attacks. Afterall, user awareness is not yet universal.

Security-savvy users, however, would identify this as a phishing attack of some sort and stop their current online banking session immediately (after taking some screenshots, of course). They would then call up the bank to tell them that a new kind of phishing attack...

Read more
EBay Motor Scam Update
Liam O Murchu | 07 Mar 2007 08:00:00 GMT | 0 comments

On March 5, we posted a blog about a new threat called Trojan.Bayrob that targets users of the eBay auction site and, more specifically, motor auctions. Following further research, we are able to shed some more light on the mechanics of Trojan.Bayrob. As stated previously, this attack is targeted at users who will be highly likely to buy a car on eBay, (e.g. second-hand car sales companies).

In this attack, victims are sent an email about a car that is being offered for sale. The email contains a legitimate slide show program that shows images of the car on offer; however, the email also contains the Trojan.Bayrob file. Below are two examples of what the slide show looks like. While the victim views the slide show, the...

Read more
Clever HTML for URL Hiding
Eric Chien | 07 Mar 2007 08:00:00 GMT | 0 comments

Symantec has recently received a phishing email that makes use of an interesting technique of hiding a phishing site URL. When receiving a suspected phishing message, one of the methods of determining if the embedded URLs are legitimate or not is to simply pass your cursor over the underlined hyperlink and then check the URL in the status bar of your browser. In the status bar, you can see if the link belongs to the appropriate domain or not.

Using Javascript, one can alter the text in the status bar. So, when browsing on the Web in general, this isn't always a reliable technique to verify the underlying URL. However, when receiving an HTML email in an email client (including Webmail), Javascript is generally neutered so it does not execute, preventing the obfuscation of the status bar via Javascript, making this technique more reliable. However, this phishing message we recently received is able to modify what is displayed in the status bar...

Read more