…”click here to view”. Yes, it seems almost anything is a target for money generating survey spam. In this case, we start with a Youtube video: And we finish with this: Even better, these “fill in a survey to see the content” websites now pop up an additional message as you try to leave the page: “Help keep this content free. Please take one minute to complete a SPAM-free market research survey to gain access to this special content.” ...
If you like downloading or installing programs on your PC related to XBox gaming, you might want to take heed of this writeup. There’s a fake application kit in circulation that allows an attacker to create a website claiming to be an XBox Live application that takes the form of a Java install. Upon visiting a site related to this scam, the end-user will see a blank webpage with nothing other than a Java notice and a fake Softpedia award at the bottom of the screen: ...
There are a number of Toolbars out there in the wild with a nasty sting in the tail for anybody using them to login to Facebook. We’ve seen two of these so far; it’s possible there are more. Promoted as toolbars that allow you to cheat at popular Zynga games such as Mafia Wars, they appear to be normal at first glance with a collection of links to various websites and other features common to this type of program. ...
Spammers have decided that in order for Apple to meet sky-high growth expectations from its shareholders, Apple needs to diversify into selling drugs online. The spam looks similar to the following message below: Spammers have setup various hacked sites to redirect traffic to online drug stores. However, the spammers are probably frowning/pouting now as Sophos has once again thwarted their plans.
Well, this is unfortunate. In the UK, they have something called “The Big Issue”, which is a magazine designed to help the homeless get back into society via a legitimate income. It sells around 300,000 copies a week and is listed as the third-favourite newspaper of young British people aged 15 to 24, according to Wikipedia. At this moment in time, The Big Issue website is playing host to a French Paypal Phish – they have a zipped copy of the Phish uploaded to the server, and a live Phish directory too: ...
Despite the global economic slowdown, India witnessed a high number of new jobs in the country during the first quarter of 2010. With the job market looking positive, job sites seem to have benefited with more users accessing their websites. Below is a screenshot of a phishing website that takes advantage of the brand of a popular Indian job site: The increased number of candidates seeking jobs in India has led to the launch of phishing attacks on Indian job sites. The phishing page in the above example is asking for potential employers’ login credentials. The phishing website was created on servers located in the Netherlands. The credentials consist of a username and password as well as the employer’s email ID and password. After stealing these credentials, fraudsters send targeted spam messages to the employers. The spam message states that the employer is required to pay an amount to upgrade or continue his access of particular recruitment solutions. The link provided to make the payment leads to a phishing page that asks for confidential information such as credit card numbers, pin number, etc. Attackers also masquerade as the employer to send spam containing fake job opportunities to job seeking candidates—an action that means the attackers are always seeking financial gain. ...
A friend of mine forwarded a suspicious email message recently. I’ve replaced the domain, order number, etc. below: I validated for my friend that the email was bogus. The domain was not held by Domain Registry of America (DROA), and never had been. The domain was not expiring in the next 90 days. Later he received a follow-up email: The scam attempts to get domain holders to transfer service and pay accordingly. It seems this scam has been around for at least eight years, though it has morphed over time. Apparently the DROA has chosen to test the 2003 judgment by the Federal Trade Commission (http://www.ftc.gov/opa/2003/12/domainreg.shtm). One thing of interest here is the two-staged approach: The first message requires no action by the recipient, but the second message tells the user to obtain and hand over the keys to the castle. ...
There are a couple of programs in circulation at the moment designed to steal Steam account login credentials. People can have a lot of money invested in Steam purchases (if you purchase PC games online Steam is probably the best digital delivery service around), and it isn’t really the greatest thing in the world to have one stolen. Steam is a popular thing to have in webcafes, and the company behind it actually support this in a very big way. These particular infection files would cause the most trouble on the networks of netcafes with minimal security in place, allowing chancers to install files with a USB stick, let the stealer grab account logins then come back later to collect the passwords. ...
One our researchers was reading the comments about Dancing With The Stars, and Kate Gosselin’s performance (He’s a huge fan … don’t ask), when he noticed a link to a URL shortening service. Given that it was advertising a video of Kate Gosselin topless, he astutely realised that was a bit suspicious, and checked it out inside a nice, safe virtual pc. Indeed, the shortening service immediately transferred to a website showing a picture of Kate at the beach… ...
Whole Foods, a popular health and organic grocery chain, is the subject of a new Facebook scam that phishes for users’ credit and other personal information. A deluge of fraudulent Facebook Pages are popping up that promise a limited number of users Whole Foods gift cards. These Pages are accruing thousands of fans and siphoning off sensitive and lucrative data. The groups offering Whole Foods gift cards are in no way affiliated with the supermarket; rather, con artists are using the Pages to uncover important personal and financial information from users via a bogus credit assessment. After giving the requested information, users watch their computers crash as their identities are completely exposed. ...