Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with phishing
Showing posts in English
Mathew Maniyara | 14 Dec 2012 23:10:35 GMT

Contributor: Avdhoot Patil

Fake social media applications in phishing sites are not uncommon. Phishers continue to devise new fake apps for the purpose of harvesting confidential information. In December 2012, a phishing site (spoofing Facebook) claimed to have an application to secure Facebook accounts from being hacked. The phishing site was hosted on a free Web-hosting site.

The phishing site required users to enter their Facebook login credentials to gain access to the fake security app. In addition to their Facebook login credentials, users must enter a confirmation code generated by clicking a button. Phishers likely believe asking users to enter a confirmation code and stating that it is certified while displaying a fake Facebook stock certificate will make this fake app page seem more authentic. Still, it is hard to understand how a sample stock certificate has any relevance to security on Facebook.
 

...

Anand Muralidharan | 13 Dec 2012 17:17:33 GMT

Contributor: Samir Patil

In the last few months, we have seen an increase in the volume of malicious spam. The majority of these new spam emails contain links to the Blackhole Exploit Kit.

Earlier this year Symantec reported on malicious spam during tax season that lead to the Blackhole Exploit Kit. Similar attacks targeting well-known businesses occurred throughout 2012, affecting major brands in various service industries such as payroll, fax, and social media.

The emails claim to be contacting the recipient in regards to account transactions, pending notifications, company complaint reports etc.

The main purpose of these spam campaigns is to lure recipients into clicking on links contained in the emails. These links then lead to malicious code being downloaded, which exploits common vulnerabilities.

Note: Read...

Mathew Maniyara | 07 Dec 2012 00:17:56 GMT

Contributor: Avdhoot Patil

Social media is a common target for phishers for the purposes of identity theft. Phishers are now seeking financial gain from social networking phishing sites. In November 2012, phishing sites spoofed a popular social networking site and asked for financial information as a requirement for to improve user security. The phishing sites were hosted on free web hosting sites.

The phishing site stated that the social networking site had made some improvements in security and required users to verify their identity by completing a security check. After the “Continue” button was clicked, users were asked to enter their personal details.

The personal details required included the user's:

  • First name
  • Last name
  • Email address
  • Password
  • Country
  • Gender
  • Birthday

The phishing pages that followed asked for users’ webmail address with their...

Mathew Maniyara | 05 Dec 2012 23:52:35 GMT

Contributor: Avdhoot Patil

Several phishing attacks using football have been observed during 2012. Phishers have shown their interest in football clubs, football celebrities, and the 2014 FIFA World Cup. In November 2012, the trend continued with phishers spoofing the 2014 FIFA World Cup in Brazilian Portuguese on a free web hosting site.

In one example, a phishing site prompted users to sign up for a  daily offer to win prizes worth hundreds of dollars, including trips to the World Cup. The phishing page featured the World Cup mascot Fuleco on the right hand side. While signing up for the offer, the user is asked to select from three Brazilian electronic payment brands. After the brand is selected, the phishing site requests the user’s confidential information.

The information required includes the user's:

  • Card number
  • Electronic signature
  • Card holder name
  • Password
  • Email address...
Mathew Maniyara | 29 Nov 2012 06:53:37 GMT

Contributor: Wahengbam RobinSingh

Phishers continue to devise diverse strategies to improve their chances of harvesting users’ confidential information. Symantec constantly monitors and keeps track of these phishing trends. In November 2012, Symantec observed a phishing site that loaded a malicious browser add-on. The malicious add-on, if installed, would lead users to phishing sites even when a legitimate website is entered in the address bar. Phishers utilized a typosquatting domain to host the phishing site and their primary motive in this strategy was financial gain. The phishing site spoofed a popular e-commerce website.

Figure 1. Browser prevents automatic installation of the malicious add-on

The phishing site detects the specific browser application used by the user and prompts for...

Anand Muralidharan | 15 Nov 2012 13:22:37 GMT

Some events familiar among people in the United States are commencing this month, including: Thanksgiving—a great occasion to thank dear friends and family for their kindness; and Black Friday—a day after Thanksgiving, usually the busiest retail shopping day of the year. Spam messages related to these events have begun flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of e-cards, clearance sales of cars and trucks, products bidding to get the best deals, replica watches. Clicking the URL will automatically redirect the user to a fake offer website.
 

Figure 1: An e-card for Thanksgiving day
 

...
Candid Wueest | 13 Nov 2012 21:39:34 GMT

Even with mobile phones now being an essential part of our lives, I am still not used to receiving text message spam. Hence, I was kind of excited when I recently received one on my private number. The claim was that I had won something from Apple. The spam was sent from a number in Virginia, +1 540 514 [REMOVED], and it looks like the scam is currently run in a few different countries.
 

Figure 1. Swiss German version of scam text message
 

If you click on the link, which you obviously should not do, you will end up at a site that tells you that your gift is a brand new iPhone 5. All you have to do is enter the winning code that you received in the text message. The text is badly written with several spelling errors, just like in the old...

Anand Muralidharan | 08 Nov 2012 23:03:41 GMT

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the "Christmas Card.zip" attachment. After opening the attachment, the malicious code is downloaded on to the user's system. Symantec detects the attachment as W32/AutoRun.BBC!worm.
 

Figure 1. Christmas card example
 

As expected, spammers are promoting fake offers by targeting specific categories, including:

  • Products
  • Health
  • Internet
  • Finances
  • Replicas

Most of these spam messages encourage users to buy the...

Mario Ballano | 05 Nov 2012 19:52:59 GMT

A few days ago, researchers from North Carolina State University published a video demonstrating how an app can simulate the reception of a text message from a spoofed source. SMS spoofing can be used for a number of malicious intentions, including SMS phishing attacks (SMSishing), which could trick someone into providing banking credentials or subscribing to paid services.

The code to perform this action has been publicly documented and in use since August, 2010. However, we have not yet found any instances that use the code for an SMSishing attack. Instead, the vast majority of apps use the code to deliver advertisements, including a couple hundred applications hosted on Google Play.

To send a spoofed SMS message there is no need to send a text message over the air. In fact, a...

Samir_Patil | 31 Oct 2012 14:30:39 GMT

Hurricane Sandy, one of the most devastating Superstorms in decades, hit the US East coast. Causing the loss of lives and businesses and leaving countless people without electricity, Sandy has now added spam to its list of misery. We are observing spam messages related to the hurricane flowing into Symantec Probe Networks. The top word combinations in message headlines are "hurricane – sandy", "coast – sandy", "sandy – storm", and "sandy – superstorm."

Figure 1. Message volume over a two-day period

Typical spam attacks like "Gift card offer" and "Money making & Financial" spam are currently targeting the disaster. Below are the screenshots of some spam samples.

...