Phishing

A few of days ago, we encountered an e-mail with a malicious RTF attachment. It was sent with a supposed lawsuit notification message. The e-mail didn’t mention any company by name and took a shotgun, rather than targeted, approach. Today, a security blogger forwarded us (and others) his version of the e-mail: At this point, it appears that the attachment has been replaced by hyperlink pointing to the Marcus Law Center. ...

Who wouldn’t want some tax benefits in the current economic times? Don’t phishers and scammers know that all too well! In a new phishing scheme, We found that Child Tax Credit is being used as bait to lure parents to disclose their financial data. This attack specifically tries to convince users to make claims for credit and lower their tax burden by using their children’s education expenses. According to the Internal Revenue Service (IRS) website [PDF], taxpayers may be able to reduce their federal income tax by up to $1,000 for each qualifying child. Making use of this information, spam email discusses the expensive education of children and quickly advises recipients to use this expense to make claims for tax credits under the numerous tax benefits provided by the IRS. They make a further appeal that as a U.S. citizen or resident, recipients should apply for their tax returns. According to the email, users can get a tax refund of $75,000 for their children’s education. To apply for a refund, users need to complete a form attached to the email message. The fraudulent email has an HTML attachment named “#1924819299.pdf.htm”. ...

We previously reported a phishing attack on the Indian Income Tax Department. Phishing emails boasting of tax refunds were sent to users in an attempt to entice citizens to enter their credentials on a bogus website. Recently, new attacks have been observed in which the phishing website states that taxes can be paid online. As the fiscal year in India draws to an end, more people are rushing to pay taxes before the deadline. ...

Yesterday there was a volcanic eruption in Iceland, near the Eyjafjallajoekull glacier, that has led the Icelandic authorities to declare a state of emergency in southern Iceland. People living nearby have been evacuated in case of glacial melt water flooding and the airspace near the now active volcano is effectively closed off. As you have probably already guessed, any event which commands a high level of public interest will be pounced on quickly by the makers of fake antivirus software in order to make a quick buck. This incident is no exception. ...

Generally speaking, most website defacements I see tend to look the same with political activist Y decrying political activist Z, or leet hax0rs posting up a mile-long shoutout list to their crew. This one is, er, a little different – a defacement of what appears to have been a site involved in fish logistics and / or preservation, fish2see(dot)dk. I can only imagine the horror on the face of the site admin who woke up this morning to be confronted by this: ...

If you have children that play Neopets, you might want to warn them about this website or insert it into a blocklist of your choosing. The site is Neopoints(dot)tk, and promises lots of free Neopoints related items, with the help of a cute mascot called “Tuma the Draik”. I think there was a Norwegian prog rock group from the 70s called that, but I could be wrong. Of particular note here is the fact the site claims to offer “free magic paintbrushes”. These items are incredibly rare in Neopets land, and an excited child could easily wander into this particular trap as a result. ...

I have seen a lot of these lately. This one currently doing the rounds tries to dupe the reader into thinking that the International Monetary Fund (IMF) wants to use their accounts to transfer money meant for charity. In the email. the IMF (supposedly) wants to transfer $10 Million into the reader’s account using NatWest Bank. The contact details within the Bank are given as follows: Name: Mr. Donald Miller (Co-founder) Office Address: 11 El Shams Bldgs., 8th District Nasr City E-mail: Bernisecharityfoundationimf ‘at’ gmail.com Tel: (+44) 7031-939-750 Fax: (+44) 7011830323 ...

The DarkReading site is carrying a story about brand-protection firm MarkMonitor’s finding that phishing increased 62 percent in 2009 with 565,502 attacks in the year. MarkMonitor is based in San Francisco. Other conclusions in MarkMonitor’s 2009 BrandJacking Index report: The huge increase can probably be attributed to the use of botnets and the large amount of personal information that can be scraped from social network sources. 2009 saw the all-time high average of 600 phishing attacks per organization only 33 percent of victims were first-time targets. Social networks suffered 11,240 attacks – two percent of the year’s total. The U.S. hosted 44.7 percent of phishing attacks, up from 36.5 in 2008. DarkReading story Here. ...

The underlying structure of a typical website is made up of different folders and sub-folders, much like the ones that are on your computer. A webmaster (is this term still used often lol?) transfers files back and forth using an FTP client in order to update the website. In most cases, specific folders are created for a specific reason. For instance the ‘pub’ folder is usually a public repository that allows anybody access to. ...

I won’t abuse it, I promise…. cross my heart… spit into the wind… etc. Hi folks, Yesterday, I received this SPIM (Instant message spam) … usnews3.com sounds kind of official, doesn’t it? and the page looks impressive… There are lots of links on the page, but unfortunately, a mouse-over of each link reveals that they all go to the same place… That’s not a good sign for a legitimate webpage. Moreover, a whois shows that it was registered just on 7th December 2009, and that the ownership is hidden behind a privacy protector service. ...