The Security Pub

Random Thoughts About Security

Category Archives: Spam

Paypal Phishing Has Gone Multilingual

A recent report compiled by OpenDNS showed that 45 percent of all phishing attempts made in 2010 were targeting PayPal customers.

It is no wonder then that we witness PayPal phishing attempts on an almost daily basis. The latest one – spotted by Avira – comes in two flavors: English and French.

The e-mail itself is practically identical – the only difference is that in the English version takes the victim to the phishing page via a link, and the French version employs a button. Even the reference number cited in the e-mail is the same.

The e-mail also contains security tips that if followed it would thwart the phishers’ plans. I guess they thought the inclusion would make the e-mail look more legitimate and decided to bet on the fact that many people simply ignore such advice and follow the offered link/button.

Apple’s Ping Social Network is being Exploited

ping I bet Apple didn’t expect this when they released iTunes 10 and the new iTunes Ping a social network for music.  Spammers and scammers have quickly exploited this new feature that launched on Wednesday.  Ping is a cross between Facebook and Twitter, giving over 160 million iTunes users the ability to have networks of friends.

Sophos researchers have found that Ping is being over-run by scams and spam messages, some of which try and direct users into believing they will receive a free iPhone if they complete online surveys.

Most of the security industry has been pointing out the migration of spam from an email-only venture to blog/forum comments, Facebook, Twitter and other Web 2.0 platforms,” writes Chester Wisniewski of Sophos. “But apparently Apple didn’t consider this when designing Ping, as the service implements no spam or URL filtering. It is no big shock that less than 24 hours after launch, Ping is drowning in scams and spams.

More information about the Ping spam attacks, including screenshots, can be found in Chester Wisniewski’s Blog from Sophos.