Video Screencast Help
Security Response
Showing posts tagged with Online Fraud
Showing posts in English
Kelly Conley | 21 Oct 2008 23:37:52 GMT | 0 comments

Phishing is a way for individuals who are known as "phishers" to obtain your private information such as bank account details and passwords. Phishing messages come in the form of an email message that is directed to you and appears to be from a reputable company or business-often one that you have an association with and trust. But, it is not. The message will tell you to confirm your bank details, password, or login credentials or "your account may be closed." You are then directed to click on a link in the email to take you to a website to enter in the requested details. By employing scare tactics such as the threat of account closure, phishers are hoping to lure you in to their trap.

Once you click the link you are taken to a website that looks like the real website of the company the email is purporting to be from. But it is not. You enter your details and the phishers now have the information they need to steal your identity. What just...

Antonio Forzieri | 30 Sep 2008 17:49:01 GMT | 0 comments

A "phishing kit" is small piece of software usually written in PHP, HTML, and JavaScript that mimics legitimate portals (for example, financial institution websites) in order to acquire sensitive information such as usernames, passwords, and credit card details. The phishing kits of the first generation were quite simple; the fraudster would build a login page to collect stolen information on local files, saved on the compromised web servers. As shown in the picture below, after the credentials have been saved, users are redirected to the legitimate website.


This approach has an obvious drawback: if the directory-listing feature is enabled on the web server, other Internet users (including the compromised financial institutions) would be able to read those files. The countermeasure that was adopted by the fraudsters was the usage of...

Davide Veneziano | 29 Sep 2008 23:22:15 GMT | 0 comments

The evolution of a phishing attack is quite straightforward. At first, the fraudsters compromise a vulnerable server and deploy a package called a "phishing kit," which contains a clone application of the targeted institution. Then, mass mailing activities, with the aim of reaching a large number of recipients, are accomplished. Finally, the fraudsters use social engineering techniques to entice victims to submit their credentials, from which the fraudsters attempt to derive valid credentials. This will only happen if the fraudsters are able to convince users that they should trust the phishing website, or at least be tricked into believing it is a legitimate site and not raise any suspicion. Of course, this is not always a painless task.

Symantec has carried out several forensics analyses in order to evaluate the distribution of phished users over the different phases described above. Specifically, I want to focus my attention on the portion of users submitting...

Hon Lau | 19 Aug 2008 15:58:50 GMT | 0 comments

Back in the 90's, Jamiroquai had a hit album named "Travelling without Moving." The title gives an apt description of some of the fantastic things that you can now do on the Internet. For example, we can now literally travel the world without moving beyond the comfort of the armchair. Applications such as Google Earth and Google Maps (with its Street View feature) enable anybody with a decent Internet connection to literally drop in to virtually any location on this planet.

These applications are great for planning visits-you can see exactly how far your hotel is from the train station, where there is parking, or even plot your full itinerary. You can also use these applications to get a feel for an area before you go there; for example, if you were visiting an unfamiliar area it's really useful to see what the building or location you are going to actually looks like before you get there. Addresses are sometimes hard to recognize and as the saying goes, a...

Hon Lau | 04 Aug 2008 18:19:56 GMT | 0 comments

A timely warning to those wishing to purchase last minute tickets for the Beijing Olympic Games of 2008 to beware of scams and rip offs. There are some fake but very well crafted ticketing Web sites that have been duping unsuspecting members of the public out of their hard earned cash by posing as legitimate suppliers for Olympic events. In particular, one such scam site ( and its mirror site has, according to media reports, already ripped off many individuals, some to the tune of US $57,000.

This scam site claims to be able to source tickets for sold out sporting events, playing on the fact that many Olympic event tickets are already sold out due to huge demand. I checked out the site today and found that tickets for the opening ceremony (which were sold out some time ago) are...

Ben Nahorney | 23 May 2008 11:43:40 GMT | 0 comments

We’ve all done foolish things for romance. The exhilaration of discovering a new partner is one of the more exciting feelings in the human experience. However, this flutter of emotions can also drive us to distraction—so much so that reason and logic are often thrown out at its height.

It seems the online scammers of the world have realized this, if phony romance scams are any testament. Such “phomance” scams can sometimes go on for months, as the scammer slowly wins over the victim’s trust. These schemes generally lead to a request for money, under the guise that the scammer plans to visit. Ultimately, the meeting never occurs, the money is gone, and the victim is quite possibly left with nothing but a broken heart.

Fortunately many such scammers aren’t clever enough to achieve this final result, often giving away clear indications that they aren’t who they say they are. But by keeping an eye out for a few telltale signs, it...

Zulfikar Ramzan | 21 Apr 2008 23:53:38 GMT | 0 comments

On the eve of the much anticipated Pennsylvania Democratic Primary, we received public reports of a series of cross-site scripting vulnerabilities that affected Barack Obama's campaign Web site. We also saw reports of these vulnerabilities being disclosed publicly on the Web site. The corresponding code to exploit the vulnerabilities was used to redirect users to Hillary Clinton’s Web site.

Who says attackers don’t have a sense of humor? While a couple of these vulnerabilities were shored up before we could investigate them, we were able to examine some for validity.

At a high level, what appears to have happened is that an attacker took advantage of the fact that certain parts of the Obama campaign site allows users to post content, for example, in the form of community blog postings. While most users take advantage of such features to post political commentary, at least one user decided to try posting something more insidious.

Here’s how such...

Candid Wueest | 14 Mar 2008 07:00:00 GMT | 0 comments

There are hundreds of ready-for-use phishing kits available on the Internet. At the beginning of this month, a list with more than 400 links had been circulated on mailing lists and forums. Some kits are a compilation of different sophisticated scripts that can spoof many different brands at once and sometimes even bypass two-factor authentication schemas. However, the vast majority are simply archived copies of the original Web site, modified to include a small PHP script that will send the stolen credentials to an email account.

We know that not all phishers have a Ph.D. in the art of phishing; therefore, you can sometimes find some interesting and funny pieces of code in phishing kits found on the Internet. As Easter is coming up soon, I decided to compile a top five list of the funniest Easter eggs that I have seen in phishing kits lately.

In 5th place: Local image paths
Sometimes, phishers do not check if all links are converted correctly....

Chen Yu | 12 Mar 2008 07:00:00 GMT | 0 comments

My colleague, Takashi Katsuki, posted a blog that describes how Trojan.Farfli provides a service to affiliates, which allows them to increase the number of hits for an affiliate’s tracker. Recently I came across another Trojan, which provides such a service: Trojan.Trafbrush.

When Trojan.Trafbrush is executed, it drops several components and registers a browser helper object (BHO). It then downloads two configuration files from One of the files is config.ini, which contains display options of a...

Liam O Murchu | 05 Mar 2008 05:07:51 GMT | 0 comments

We have previously discussed Trojan.Bayrob without describing theentire attack from end to end. This article will show how the entirescam works from initial contact right through to the actual sale.Security experts at eBay are already well aware of it and working toprotect their customers.

Tip: It should be noted from the outset thatpotential buyers should read safety tips and follow preventativemeasures provided by their service provider.

To start with, take a look at this video for a walk-through of our analysis:

In order to attract potential victims the scammers first list carsfor sale on various auction sites. These auctions are not scams per se,but they are "legit" auctions that are used solely to attract potentialvictims—whoever asks a question or bids on these auctions becomes apotential victim. Once these auctions have expired the scammers get towork emailing each potential victim. These emails explain that thewinner of the original...