Yes, Mac fans, virus writers continue to focus primarily on Windows, since nine of 10 computers connected to the Web are PCs. However, phishers are platform agnostic. And right now phishing attacks are surging. Phishers rely on social engineering to victimize Web users. And their latest sleigh-of-hand is to lure your into giving up your Web mail or social network account log-ons. Anyone who uses Hotmail, YahooMail, Gmail, Facebook, MySpace, LinkedIn or Twitter is likely being attacked — doesn’t matter what computer operating system they happen to be using.
Category Archives: Phishing
Don't be tricked by this Phishing Scam
We all get ton’s of spam/phishing emails some easier to spot than others. Today I saw this phishing email that could be very tricky for most to identify. It came from “Administrator” and reads:
Attention!
On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure. This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.
http://updates.[cut for safety]
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
System Administrator
The reason I was able to detect this was a phishing scam was because of the URL. The URL clearly is not that domain (but you have to see the entire URL). According to twitter this message was generated from a Zbot.
Attention!On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure. This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.http://updates.[cut for safety]Thank you in advance for your attention to this matter and sorry for possible inconveniences.System Administrato
Phishing Attack "Chat-in-the-Middle"
A new, unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab. RSA has coined this as a “Chat-in-the-Middle” phishing attack and it is first executed through routine means but then presents a more advanced layer of perpetrating online fraud.
How well can you identify a Phishing Scam?
I just took this quiz by SonicWall and was able to get them all right. This is a fun exercise to test your ability to recognize a phish scam at a glance. After a few questions you really start to see how difficult it really is to recognize a well done phishing attempt. If we as security professionals have a hard time recognizing phishing attempts, what’s it like for everyone else?
By definition spam means unsolicited commercial e-mail, which can be lead to phishing. Phishing is the process of attempting to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication.