Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with phishing
Showing posts in English
Banking, Breaches, and Brands – Three Ways Cybercriminals Can Put You Out of Business
Kevin Haley | 15 Sep 2010 13:29:02 GMT | 0 comments

“It can’t happen to me”

Hunters and gatherers. Most people think of cybercrime against business to be the work of hunters such as cybercriminals who target then infiltrate a company to steal from it. Reading the newspaper, it’s easy to convince yourself that these hunters are after big game and a small business does not have to worry about these targeted attacks. Maybe; however, we’ll talk more about that later. The majority of cybercriminals can best be described as gatherers. They throw wide nets and take advantage of whatever victims land in those nets. Small businesses really must watch out for the gatherers.

Because the barrier of entry is low, there are many gatherers. A gatherer doesn’t have to be a criminal genius. They don’t even need advanced computer skills. They really don’t need to know much at all—except where to buy a toolkit. Toolkits allow criminals with limited skills to get...

Read more
Phishing Digital Services Brands
Mathew Maniyara | 14 Sep 2010 22:49:08 GMT | 0 comments

Symantec recently observed a phishing attempt on a digital services brand based in the US. The brand offers services such as cable television, Internet, and telephone.

 

 

Fraudsters targeted customers who pay their cable TV or Internet bills online. The phishing sites prompted the customers to update their billing information to prevent unauthorized login attempts. The phishing page alleged that having an updated profile would help in avoiding phishing attacks. The page further stated that those accounts which were not updated would be kept on hold for security reasons. Of course this email is fraudulent.  If customers give away their confidential information to the phishing site, the fraudster will have succeeded in stealing the information for financial gain. Similar to the phishing of an Internet...

Read more
Spam and Phishing Landscape: September 2010
Eric Park | 10 Sep 2010 20:41:40 GMT | 0 comments

Malware spam is back after a one-month hiatus! The attack has returned to the forefront of the spam threat landscape in the form of .zip and .html attachments, as discussed in the September 2010 State of Spam & Phishing report. Malware spam more than tripled in volume, and .zip attachment spam saw a four-fold increase month-over-month. As such, we reviewed what this attachment spam contained and discussed how those threats pose a serious risk to users. Overall, spam made up 92.51 % of all messages in August, compared with 91.89 % in July.

For this and much more, click here to download the September 2010 State of Spam & Phishing Report, which highlights the following trends:

•    Tale of .zip and .html Attachments
•    A Phishing Scam Linked to “High School Musical”...

Read more
Beware of Phishing on “Norton Internet Security”
Mathew Maniyara | 10 Sep 2010 20:17:58 GMT | 0 comments

In September 2010, Symantec observed a phishing site that targeted customers who use the product “Norton Internet Security”. Norton Internet Security is a Symantec product which provides prevention against malware, viruses, and email spam. It is also one of the leading anti-phishing solutions in the market.

 

Fraudsters attempted to steal credentials from users with a Norton account by means of a phishing page that claimed to be an account restoration page. The phishing site was titled “Norton Internet Security Alert” and asked for an identity verification of the user to restore his or her account. The confidential details asked for in the verification were the user’s name, email address, and password. The user was also asked to enter a code from a bogus CAPTCHA provided in...

Read more
Spammers Introduce New Email Internet Headers
Suyog Sainkar | 06 Sep 2010 20:07:45 GMT | 0 comments

Symantec has been tracking a recent phishing email attack that is targeting the users of a number of prominent global banking institutions. In this phishing attack it was observed that the spammers are using meaningless, random email headers—possibly in an attempt to circumvent anti-spam message filters. The spam attack was observed starting in July and is still active.

Let’s first understand what email headers are. Every email message comprises two parts: the message body and the message header. The header can be thought of as the envelope of the message, containing the address of the sender and the recipient, the subject, and other important tracking information. The body contains the actual textual content of the message and file attachments, if any.

Here are some of the most common email header fields:

Received:
Return-Path:
Sender:
X-Mailer:
From:
Date:
To:
Subject:
Message-ID:
MIME-Version...

Read more
Fake Survey Seeking Opinions on Social Networking Features
Samir_Patil | 27 Aug 2010 20:40:47 GMT | 0 comments

Symantec has observed a new spam tactic being used in which fake surveys are seeking users' opinions or views on features provided by their social networking site. The sample shown below is one such spam email targeting Facebook:

Various “Subject” lines of this spam are as follows:

Subject: Take our online survey and receive a new gaming unit!
Subject: Take our social networking survey and get a gift card!
Subject: Give your opinion on social networks and choose your prize!
Subject: Receive a hot new MP#3 player for your opinions!

Upon clicking the link provided in the message, the user is redirected to a fake survey page where the user has to answer questions related to features provided by social networking site. Upon completion of survey, the users are promised exciting gifts.

Spammers are trying to demonstrate the legitimacy of...

Read more
Phishers Target Automotive Sales Brands
Mathew Maniyara | 19 Aug 2010 13:58:22 GMT | 0 comments

In the past couple of months, Symantec has observed phishing attacks on legitimate automotive sales brands that are based in the UK and the USA. These brands help customers to sell new and used vehicles such as cars, motorbikes, etc. The legitimate websites also provide customers with the facility to advertise the vehicles they wish to sell.

There were several phishing sites created to harvest customers’ confidential information. The phishing sites were hosted on free Web hosting domains. In one of the phishing sites the page stated that the brand was offering customers the opportunity to advertise for free. The customer was required to complete an identity verification (that was fake) so as to avail of the free offer. The verification process prompted for the customer’s email address, the ad’s ID, and a security question with its answer. In this attack the fraudsters attempted to convince customers that the phishing page was authentic by providing the...

Read more
Phishing Courier Service Brands
Mathew Maniyara | 16 Aug 2010 18:34:36 GMT | 0 comments

Symantec has recently observed phishing websites spoofing courier service brands. There were primarily three brands targeted and fraudsters were attempting to steal customers’ login credentials.

So what’s in the login credentials of courier service brands that fraudsters can take advantage of? Couriers provide their customer with several online features upon registering with the brand’s legitimate website. The features help customers to track their shipments, make online payments for their orders, specify the address for delivery, and so on. If login credentials are stolen, fraudsters can benefit from these features because it may enable them to reroute valuable packages to any address they provide.

In one of the phishing sites, the page prompted the customer to update user details, purportedly because "the account had not been updated for a considerable time."...

Read more
A Phishing Scam Linked to “High School Musical”
Mathew Maniyara | 09 Aug 2010 21:30:36 GMT | 0 comments

In August 2010, Symantec observed phishing websites spoofing a social networking brand that was linked to the film “High School Musical.” Typically, phishing sites are created to appear identical to the original website so that end users will find it difficult to distinguish between them. In the past couple of months, some phishing sites that spoofed social networking brands contained Web pages that were a bit different from the original.

So, why are fraudsters creating these phishing pages that aren’t identical to the original? Fraudsters are modifying the phishing site so that the page looks as though the brand was promoting certain ideas. In many instances, the ideas were associated with celebrities, special occasions, pornography, movies, major events, etc. These ideas are incorporated by modifying certain aspects of the phishing site such as the logo of the brand, Web page background, images, and so on.

In this particular phishing site the...

Read more
Fraudsters Provide False Security for Facebook Users
Mathew Maniyara | 09 Aug 2010 21:10:48 GMT | 0 comments

In August 2010, Symantec observed a phishing website that targeted Facebook login credentials, which claimed to provide security to Facebook users. The page was not imitating the legitimate Facebook website, but appeared to be an alternate website that provided this facility. The phishing site was titled as a “Security and Privacy Update” website. The page stated that Facebook users were vulnerable to threats such as spam messages or hackers that could cause problems with their user profiles. The page further stated that if users confirmed their identity by providing login details, then they would be safe from such threats. On the contrary, if a user gave up their login details to the phishing site, the fraudsters would have succeeded and could steal the details for use in future attacks.

A free Web hosting site hosted the phishing site. The words used in the phishing URL gave the...

Read more