Video Screencast Help
Security Response
Showing posts tagged with phishing
Showing posts in English
Satnam Narang | 01 Sep 2014 20:41:48 GMT

It’s all over the news—private photographs of celebrities, including Jennifer Lawrence and Kate Upton, were posted online over the weekend. As for how they were obtained, various reports have suggested the attacker gained access to the celebrities’ Apple iCloud accounts. Based on the widespread interest in this story, we are warning users about scams around this narrative.

Apple ID phishing
Whether or not iCloud was the point of compromise in this incident, scammers have been interested in stealing these credentials for some time. We previously wrote about email scams claiming to be from Apple support asking users to update or verify their Apple IDs (Apple IDs are used for setting up an iCloud account). These emails contain links to phishing websites that...

Avdhoot Patil | 26 Aug 2014 08:40:29 GMT

Celebrity lures continue in the world of phishing. We have seen several phishing sites in the past that used altered celebrity images to get users’ attention. Today, we have a couple of examples in which phishers continued their celebrity  promotion campaigns with glamour models Martisha and Denise Milani. These phishing sites are typically developed for the purpose of stealing personal information from a large number of these celebrities’ fans.

In one campaign, the phishing page spoofed Facebook’s branding and contained an image of glamour model Martisha along with a message in the Arabic language. This message translates to “Chat with Arab boys and girls on Facebook”. The phishing site gave the impression that the user could get involved in adult chats when they entered their login credentials. In reality, after the user inputted their login credentials, they were redirected to the legitimate Facebook login page while their information was sent to the phishers. The...

Avdhoot Patil | 19 Aug 2014 23:33:39 GMT

Phishers are known for capitalizing on current events and using them in their phishing campaigns. Celebrity scandals are popular and Symantec recently observed a phishing attack on the Facebook platform that claimed to have the sex tape of well-known Filipino television host and news anchor Paolo Bediones. Paolo Bediones became a hot topic last month when an adult video featuring a person resembling this TV host appeared online.

Symantec discovered a fake Facebook site behind a campaign that offered the "sex scandal" video of Paolo Bediones.

image1_0.jpg

Figure. Phishing site requests user login, then steals credentials

A message on the phishing site requests users to login to watch the full sex video. If users enter their Facebook login credentials, the phishing page...

Symantec Security Response | 15 Aug 2014 19:24:03 GMT

image1_25.png

News of the Ebola virus epidemic in West Africa has hit every news outlet around the globe, and cybercriminals are once again using the latest headlines to bait victims. Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.

Malware and phishing campaigns
The first campaign is fairly simple. Attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.

In the second campaign, cybercriminals send out an email that impersonates Etisalat, a telecommunications service provider in the United Arab Emirates with footprints in 18 countries across the Middle East,...

Avdhoot Patil | 01 Aug 2014 08:32:58 GMT

Contributor: Virendra Phadtare

Phishers are continuing to focus on social networks as a platform for their phishing activities. Fake social media applications in phishing sites are not uncommon. In the past, we have seen a bogus Asian chat app and a fake voting campaign in phishing attacks. These fake apps are typically developed for the purpose of harvesting personal information. 

Symantec recently observed a phishing site with a fake gaming application that claimed to offer unlimited chips for an Indian poker gaming application called Teenpatti. Phishers promoted a fake version of the Teenpatti game called “Teenpatti Hack”. The phishing site was hosted on a free Web hosting service.

...

Binny Kuriakose | 23 Jul 2014 23:28:53 GMT

Contributor: Mayur Deshpande

Phishing emails masquerading as banking communications are observed in huge quantities every single day. Spammers will often exploit global news and major world events to carry out phishing attacks. Phishing emails often use international and regional news to disguise their phishing content and force the recipients to give up sensitive personal data.

Recently, Canada enacted an anti-spam law which mandates that all companies obtain explicit consent from customers for email correspondence. Spammers exploited this news to send phishing emails pretending to request consent for emails. This phishing attempt shown below goes a step further and fabricates fake news about a similar law in the United States.

Fake US Antispam Law 1 edit.png

Figure. Phishing sample...

Sammy Chu | 26 Jun 2014 19:49:01 GMT

Image spam has been around for a longtime and peaked in January 2007 when Symantec estimated that image spam accounted for nearly 52 percent of all spam. Pump-and-dump image stock spam made up a significant portion of that 52 percent. Image spam has been in hibernation mode for a long time until recently when Symantec detected a significant increase in these attacks from our global Intelligence network.

Between June 20 and June 23, 52.25 percent of spam messages contained an image, compared to just 2.23 percent between June 13 and June 19. As with the last wave of image spam, image stock spam made up a significant portion of image spam messages. 

Image Stock 1 edit.jpg

Figure 1. Significant increase in image spam

Pump-and-dump image stock spam’s main problem stems from how it can cause financial...

Sean Butler | 23 Jun 2014 21:05:36 GMT

On June 19, we came across an interesting e-card spam campaign. E-card spam typically distributes malware; however this campaign simply redirects the user to a “get rich quick” website.

This campaign’s emails are very basic. The messages are sent from a spoofed 123greetings.com email address and contain one sentence and a link.

ecard spam 1.png

Figure 1. E-card spam campaign email

After looking at the header for one of the emails, we saw that the email appears to have been sent from an Amazon IP address. This is most likely an attempt to trick anyone that reads the header into thinking the email is legitimate. However, the IP address actually resolves to a DNS name that is not associated with Amazon.

In the body of the emails, the spammers use URL shorteners to redirect victims to their site...

Sammy Chu | 12 Jun 2014 21:23:05 GMT

The Symantec Global Intelligence network has detected a significant increase in hit-and-run spam attacks (sometimes referred to as ‘snowshoe’ spam attacks) from .club domains in the last 24 hours. Earlier this year the Internet Corporation for Assigned Names and Numbers (ICANN) released a number of generic top-level domains (gTLD), with .club among them. Spammers have taken to abusing gTLDs, and specifically, the .club gTLD to perform hit-and-run spam attacks. Hit-and-run spam attacks quickly cycle through domains and IP addresses with unknown reputation to avoid detection. In this case they are using domains with the .club gTLD because of their lack of reputation.

We have observed the following “From:” header lines in these attacks:

  • From: "CarClearanceLot" <CarClearanceLot@[REMOVED].club>
  • From: "CarSavingsEvents" <CarSavingsEvents@[REMOVED].club>
  • From: "PriceNewCar" <PriceNewCar@[REMOVED].club>
  • From: Gift Cards <...
Satnam Narang | 29 May 2014 17:12:10 GMT

Following reports of Apple IDs being compromised and devices being held for ransom in Australia and New Zealand, Apple issued a statement to ZDNet proclaiming that their iCloud infrastructure had not been breached. They went on to warn users to “change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services.” Symantec would like to advise owners of Apple devices to keep an eye out for emails attempting to phish for Apple ID login credentials.

Going phishing for Apple IDs

While there have been no confirmed reports as to how these Apple IDs were compromised, one possible explanation is phishing scams. Due to all the media attention this event has received, Symantec is cautioning...