Phishing

Our friend in the UK got this via a contact. It was from a Twitterer who obviously had his Twitter login stolen: (Twitter apparently is filtering this URL at this point.) The link led to a phishing page that used the deceptive tactic of showing an error message: “Wrong Username/Email and password combination.” You login, it steals your Twitter password, sends the above Tweet to all your contacts and continuing rounding up passwords. ...

Resident Evil. Man, those films are terrible. Frankly, I’m happy to end the writeup right there, but if I did you’d miss out on all the fun. Resident Evil Afterlife is now in cinemas (unfortunately) and scammers are all too happy to cash in. watchresidentevil4(dot)com is our port of call today: Try to watch the film, and you’re prompted to install ClickPotato (from Pinball Corp). There’s also four other items preticked, which is nice of them. Installing that lot gives you a prompt to “see premium content”. ...

We have started to see again a large increase in the amount of emails pretending to come from Facebook. There are two types of emails which are being sent in large amounts currently. Both of them use classical types of social engineering techniques. The first type is using the old trick with “the photos”. The final target is a website where SMSes can be sent for “free” (note the quotes). I would like to emphasize again that there is nothing out there for free. Even if you don’t pay for it, those who offer the service (or whatever is given for “free”) do get something in exchange. It might be your telephone number, your email address or something similar which is worth a lot on the Internet. ...

File-sharing organization Pirate Bay has been controversial for a long time, like maybe the length of its entire existence. It’s been in the news recently because a number of governments are trying to shut it down. That’s a situation ripe for social engineering. We found this scheme this morning: a number of typo-squatting sites carrying the following. (Note: the REAL Pirate Bay site is thepiratebay.org.) What would lead a victim to this? The phony site piratebay.com (below) comes up as the third result on a Google search for “piratebay” or fourth for “pirate bay.” ...

One of the most common scenarios we observe on a daily basis are users coaxed into phishing campaigns and malicious applications on Facebook. As we interact with our friends and family on social networks, we tend to trust of any and all of the information that appears to be from our “trusted network.” However, Facebook is one of the most trolled social networks by cyber criminals. They are waiting for you to make a mistake and once you make it, they will be sure to hack you and exploit your friends trust through your newly hacked account. ...

Here’s one of the latest Facebook phish attempts: videos of “beautifull” girls: It might look like the Facebook login page, but, check out the URL. I don’t think you want to log in to Facebook there.

Have you seen a message like this on Facebook? I just got the Dislike button, so now I can dislike all of your dumb posts lol!! If so, don’t click on the link. It’s the latest survey scam spreading virally across Facebook, using the tried-and-tested formula used in the past by other viral scams including “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”. ...

Honestly, how many times have you won free stuff by clicking on links? And no… those spam, trojan, and spyware do not count as free stuff. We recently found a scam that promises a free iPad to application testers. Apparently, the site lures the person into joining an iPad application testing program while the site owner makes profit from SMS fee charges and affiliation programs. To enroll in the program, “testers” are required to complete two steps. ...

Toy Story 3 is romping across cinemas Worldwide, and rightly so – it’s the best of the series by far. I thought it might be worth pointing out that being a product aimed at children doesn’t exclude it from internet shenanigans. If you have young children online who are partial to searching for Toy Story material, you might want to warn them about some of the below scams. One of the most popular tactics is advertising the “full movie” on Youtube, but directing the end-user to a bunch of surveys instead: ...

There is a well-respected and very useful site that everyone in the anti-virus industry uses – sometimes several times a day: Virus Total. You can upload suspicious files or their check sums to Virus Total to see if a file is malicious. The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate: What it tries to download is detected as FraudTool.Win32.FakeRean (fs). Here’s what the real Virus Total site looks like. It basically runs your code sample or check sum against 41 anti-virus engines and displays the resulting detections. ...