Phishing

PayPal users are at risk of getting their credentials stolen if they follow instructions given in a scam email. “We have reason to believe that your account was accessed by a third party…. PayPal will verify it with your bank records for your own protection. If you provide a wrong PIN your account will be suspended or limited for unauthorized account access.” ...

In an excellent blog, the people from Apache did a very good job analyzing and documenting how a security breach happened–going through all the stages of the attack and drawing conclusions. Should you ever become the unfortunate victim of an attack, this blog offers an example of how to document it! I quote:”If you are a user of the Apache-hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised.” So if you are a user, please act accordingly after reading this blog 😉 ...

“Faceparty is a UK based social networking site allowing users to create online profiles and interact with each other using forums and messaging facilities similar to email” – Wikipedia Faceparty does things a little differently to other social networking sites, however. Unlike most places where you register a username and password then start telling people how your farm is doing, to join Faceparty you need to send a text message to the tune of £25 / $38(!) and then enter your one time use password onto this page (warning: quite a few swearwords, because the site is indeed down with the kids). ...

Yesterday evening our spamtraps started receiving the email below in a mass mailing action. The email was immediately flagged as spam even before reaching our spamtraps. No wonder since it has no To:-field, it has a different Reply-to:- than the From:-field and it comes from a DSL line IP address. If the user replies to the email, the return address is set to [email protected]. ...

Of course I’m talking about football. When I say football I mean the game that is played with one ball thas is kicked with the foot, not the other game that is known as football in the US even though it’s played using the hands. Anyway I don’t like football at all, it’s too boring fo me. But, at least in Europe, everyone loves football. And one of the best national championships is the Spanish one, with the 2 biggest teams being Real Madrid and F.C. Barcelona. Every time they play against each other, millions of people watch that game, and news about it are going around all the time. Last Saturday they played in Madrid, and being this such a popular match, cybercriminals couldn’t miss this opportunity. ...

…”click here to view”. Yes, it seems almost anything is a target for money generating survey spam. In this case, we start with a Youtube video: And we finish with this: Even better, these “fill in a survey to see the content” websites now pop up an additional message as you try to leave the page: ...

There are a number of Toolbars out there in the wild with a nasty sting in the tail for anybody using them to login to Facebook. We’ve seen two of these so far; it’s possible there are more. Promoted as toolbars that allow you to cheat at popular Zynga games such as Mafia Wars, they appear to be normal at first glance with a collection of links to various websites and other features common to this type of program. ...

Well, this is unfortunate. In the UK, they have something called “The Big Issue”, which is a magazine designed to help the homeless get back into society via a legitimate income. It sells around 300,000 copies a week and is listed as the third-favourite newspaper of young British people aged 15 to 24, according to Wikipedia. At this moment in time, The Big Issue website is playing host to a French Paypal Phish – they have a zipped copy of the Phish uploaded to the server, and a live Phish directory too: ...

Despite the global economic slowdown, India witnessed a high number of new jobs in the country during the first quarter of 2010. With the job market looking positive, job sites seem to have benefited with more users accessing their websites. Below is a screenshot of a phishing website that takes advantage of the brand of a popular Indian job site: ...

A friend of mine forwarded a suspicious email message recently. I’ve replaced the domain, order number, etc. below: I validated for my friend that the email was bogus. The domain was not held by Domain Registry of America (DROA), and never had been. The domain was not expiring in the next 90 days. Later he received a follow-up email: ...