Facebook is no longer alone in its troubles. Twitter is also becoming a target of phishers. The last few days have seen a slew of Twitter phishing attacks, possibly orchestrated in a chess-like multi-move plan that resulted in three sets of victims and, very likely, some seedy profits.
The scheme appears to have begun Thursday with the creation of bogus Twitter accounts, which the scammers used to "follow" other users, says Rik Ferguson, a senior security advisor at security-software maker Trend Micro. If these users checked out the profiles of their new followers and clicked on the Web addresses there, they were redirected to a fake Twitter site where they were prompted to hand over their passwords. In a smooth move, the site's address was tvviter.com (notice the double "v" and single "t"), likely an effort to reassure anyone who glanced at the address bar.
To increase the odds of this all happening, the bogus twitterers were usually "hot women," Mr. Ferguson says. "It's always preying on blokes being stupid, which is about right."
From there, the marks were passed back to the real Twitter and provided some additional new, hot followers. If they visited those followers' profiles and clicked on the Web links there, they were off to see some fairly X-rated "dating" sites. Mr. Ferguson suspects the scammers were earning money from the dating sites for each click from these potential customers.
The phishers also launched another phishing effort. From the accounts they compromised, they tweeted messages cheerfully telling followers "there is this funny blog going around" and offering a shortened URL that led, once again, to a fake Twitter page encouraging people to type in their passwords. Within a few hours, thankfully, Twitter cleaned up all these messages about the funny blog and reset those peoples’ passwords.
But there was still the matter of people who went to read the "funny blog" and gave away their passwords. Twitter didn’t know who this third group of victims were. Well, that mystery may have been solved on Sunday, when hacked accounts were used to tweet large amounts of spam pushing $5 acai berry diet supplements. (Those were soon followed by apologetic tweets from the owners of said accounts.)
Here are some tips on how avoid getting caught up in these kinds of phishing scams:
The scheme appears to have begun Thursday with the creation of bogus Twitter accounts, which the scammers used to "follow" other users, says Rik Ferguson, a senior security advisor at security-software maker Trend Micro. If these users checked out the profiles of their new followers and clicked on the Web addresses there, they were redirected to a fake Twitter site where they were prompted to hand over their passwords. In a smooth move, the site's address was tvviter.com (notice the double "v" and single "t"), likely an effort to reassure anyone who glanced at the address bar.
To increase the odds of this all happening, the bogus twitterers were usually "hot women," Mr. Ferguson says. "It's always preying on blokes being stupid, which is about right."
From there, the marks were passed back to the real Twitter and provided some additional new, hot followers. If they visited those followers' profiles and clicked on the Web links there, they were off to see some fairly X-rated "dating" sites. Mr. Ferguson suspects the scammers were earning money from the dating sites for each click from these potential customers.
The phishers also launched another phishing effort. From the accounts they compromised, they tweeted messages cheerfully telling followers "there is this funny blog going around" and offering a shortened URL that led, once again, to a fake Twitter page encouraging people to type in their passwords. Within a few hours, thankfully, Twitter cleaned up all these messages about the funny blog and reset those peoples’ passwords.
But there was still the matter of people who went to read the "funny blog" and gave away their passwords. Twitter didn’t know who this third group of victims were. Well, that mystery may have been solved on Sunday, when hacked accounts were used to tweet large amounts of spam pushing $5 acai berry diet supplements. (Those were soon followed by apologetic tweets from the owners of said accounts.)
Here are some tips on how avoid getting caught up in these kinds of phishing scams:
- Be careful what you click on. It may be part of a phishing ploy and, worse, it could be malicious.
- Before entering your login name and password in a Web site, check the address bar carefully to make sure you’re on the site you think you're on.
- Be especially wary of shortened URLs, which could obfuscate a bad site. To check where they lead, visit longurl or install one of its Firefox plug-ins, which let you hover over a shortened link and see the true destination before you click.
- Change your password immediately. And if you have used that password for other sites, change those too.
- Protect your friends by deleting phishing or spam messages from your Twitter feed, Facebook Wall or wherever they were posted or by warning them not to click on URLs in a scam email seemingly from you.
- Run an antivirus scanner, especially if you have a Windows PC. There are many free ones, including from Symantec and Microsoft.
Labels: ATM Scam, email spam, Nigerian Spam, spam news
Posted on Friday, June 19, 2009
Last week, several students fell victim to a scam involving spamming and phishing attempts that appeared to come from the "Lawrence IT network." According to ITS Director Steve Armstrong, phishing is the more serious problem, because it makes individuals think that the spam comes from a trustworthy source - in this case Lawrence University.
Spamming is an easy way for hackers to generate money - however, in order to do so, hackers must avoid the anti-spam programs on computers by first "phishing." According to Microsoft.com, "Often phishing scams rely on placing links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your bank, credit card company, or social networking site." After phishing, the hacker gains access to a legitimate account to start sending thousands of messages.
"The best way to spam is to use a legitimate e-mail account in an established organization - like Lawrence," said Armstrong. "Essentially, someone, usually pretending to be from the IT department, asks for the recipient to send them their username and password. Once they have this information, the 'bad guys' use it to take over the compromised e-mail account, and then they send thousands of spam messages."
According to Armstrong, the phishing attempts were targeted at the entire Lawrence community. However, only users who respond to the e-mails end up with compromised email accounts. In addition to compromising e-mail accounts, the spam slows the Lawrence network, wastes ITS staff resources and slows down the delivery of e-mail messages.
Although phishing has been a problem in the Lawrence network in the past several years, the recent amount of it is higher than normal. However, Armstrong noted that none of the phishing or spamming attempts have come from inside campus.
An email from ITS warned students to be wary of opening messages and sending personal information in an e-mail. If students have any doubts about the authenticity of an email, they should forward it to ITS or delete it. If a student has opened and replied to one of these messages, he or she should change his or her password and notify ITS immediately.
"The most important thing is to not give your username and password to anyone - especially not in an e-mail message," Armstrong said.
SOURCE : http://media.www.lawrentian.com/media/storage/paper409/news/2009/05/22/News/Students.Receive.Spam.EMail-3743135.shtml
Spamming is an easy way for hackers to generate money - however, in order to do so, hackers must avoid the anti-spam programs on computers by first "phishing." According to Microsoft.com, "Often phishing scams rely on placing links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your bank, credit card company, or social networking site." After phishing, the hacker gains access to a legitimate account to start sending thousands of messages.
"The best way to spam is to use a legitimate e-mail account in an established organization - like Lawrence," said Armstrong. "Essentially, someone, usually pretending to be from the IT department, asks for the recipient to send them their username and password. Once they have this information, the 'bad guys' use it to take over the compromised e-mail account, and then they send thousands of spam messages."
According to Armstrong, the phishing attempts were targeted at the entire Lawrence community. However, only users who respond to the e-mails end up with compromised email accounts. In addition to compromising e-mail accounts, the spam slows the Lawrence network, wastes ITS staff resources and slows down the delivery of e-mail messages.
Although phishing has been a problem in the Lawrence network in the past several years, the recent amount of it is higher than normal. However, Armstrong noted that none of the phishing or spamming attempts have come from inside campus.
An email from ITS warned students to be wary of opening messages and sending personal information in an e-mail. If students have any doubts about the authenticity of an email, they should forward it to ITS or delete it. If a student has opened and replied to one of these messages, he or she should change his or her password and notify ITS immediately.
"The most important thing is to not give your username and password to anyone - especially not in an e-mail message," Armstrong said.
SOURCE : http://media.www.lawrentian.com/media/storage/paper409/news/2009/05/22/News/Students.Receive.Spam.EMail-3743135.shtml
Labels: 419 Scam fraud, email scam, Nigerian Scam, Nigerian Spam, spam news
Posted on Monday, June 15, 2009
Malware analysts at BKIS (Bach Khoa Internetwork Security), a security vendor in Vietnam, caution end-users that a fresh attack is targeting users of Yahoo! Instant Messenger to steal their accounts and send spam from them.
Nguyen Minh Duc, Manager of Application Security Department, BKIS', first discovered the malicious attack when one of his friends sent him a spam mail promoting a service for weight loss, as reported by SoftPedia on May 18, 2009.
Researchers at BKIS state that the IM-based spam schemes have occurred several times in the past. But such e-mails are generally dispatched when someone log-in his account from a PC infected with malware. This infected PC helps in the distribution of messages.
However, the current attack does not follow this pattern, as Minh Duc discovered. According to him, when he received the spam mail, he called his friend and found that he had neither accessed his Yahoo Messenger account nor knew anything about the weight reducing service. Minh Duc concludes, the spam wasn't dispatched through automatic software from his friend's PC.
According to BKIS, it has been detecting the assaults since March 2009, but it hasn't still been able to determine the way the malicious e-mails are being sent. The security researchers said that the particular behavior in which hackers, instead of changing the passwords to log-in the accounts they hijacked and used them for spamming messages, was the characteristic of social-networking viruses and not common for IM services.
Minh Duc further notes the weight loss advertisement is accompanied with a buzzing sound, a type of spamming that is not popular. But he cautions that it could become a growing trend and use other IM applications too in future.
Thus, the security researchers say that users, who might be thinking that hackers have compromised their accounts in this particular way, would be safe to reset their password from an uninfected computer. They should also try to spot the PC from where the theft of their log-in details occurred, then do a full scan with an antivirus on that system and eventually begin utilizing a dependable security suite.
SOURCE : http://www.spamfighter.com/News-12430-BKIS-%E2%80%93-Yahoo-IM-Accounts-Compromised-to-Distribute-Spam.htm
Nguyen Minh Duc, Manager of Application Security Department, BKIS', first discovered the malicious attack when one of his friends sent him a spam mail promoting a service for weight loss, as reported by SoftPedia on May 18, 2009.
Researchers at BKIS state that the IM-based spam schemes have occurred several times in the past. But such e-mails are generally dispatched when someone log-in his account from a PC infected with malware. This infected PC helps in the distribution of messages.
However, the current attack does not follow this pattern, as Minh Duc discovered. According to him, when he received the spam mail, he called his friend and found that he had neither accessed his Yahoo Messenger account nor knew anything about the weight reducing service. Minh Duc concludes, the spam wasn't dispatched through automatic software from his friend's PC.
According to BKIS, it has been detecting the assaults since March 2009, but it hasn't still been able to determine the way the malicious e-mails are being sent. The security researchers said that the particular behavior in which hackers, instead of changing the passwords to log-in the accounts they hijacked and used them for spamming messages, was the characteristic of social-networking viruses and not common for IM services.
Minh Duc further notes the weight loss advertisement is accompanied with a buzzing sound, a type of spamming that is not popular. But he cautions that it could become a growing trend and use other IM applications too in future.
Thus, the security researchers say that users, who might be thinking that hackers have compromised their accounts in this particular way, would be safe to reset their password from an uninfected computer. They should also try to spot the PC from where the theft of their log-in details occurred, then do a full scan with an antivirus on that system and eventually begin utilizing a dependable security suite.
SOURCE : http://www.spamfighter.com/News-12430-BKIS-%E2%80%93-Yahoo-IM-Accounts-Compromised-to-Distribute-Spam.htm
Labels: 419 Scam fraud, email spam, Nigerian Scam, spam
Posted on Friday, June 12, 2009
Pop diva Madonna has caught swine flu as has actor Salma Hayek, if the latest round of spam mail doing the rounds is to be believed. Using this potential pandemic as a bait for phishing (stealing personal data from your hard disks), spammers are using creative and over-the-top headlines — often with links to respectable news sites for added credibility — to entice unwary users to click on random links that could turn out malicious.
About five per cent of global spam volume now mentions swine flu in the subject line - totting up to billions of messages every day, according to the software technology company McAfee. In the guise of seemingly innocuous links offering preventive tips to combat the flu, these digital creepy crawlies, encoded into malicious data stealing programmes, will install themselves in your PC, scan your hard disk for personal data and revert to the malware writer.
The last scams of such proportions were post-26/11 and during the U.S. presidential race. This sort of subterfuge is termed "social engineering" - security parlance for using current events to beguile the hapless netizen.
New opportunity
Not surprisingly, spammers sprang into action on April 23 just days after the swine flu outbreak was first reported. Though the problem is global in nature, McAfee has traced more than half of the total volume to Brazil, the United States and Germany. While some e-mails offer links to pharmaceutical sites and information on drugs for treatment, others are simply news reports and links or FAQ files.
Symantec Security Response spotted an Adobe PDF document titled "Swine influenza frequently asked questions.pdf." The problematic code has been detected as Bloodhound.Exploit.6, which contains an "Infostealer" file which is downloaded onto the system. Wary of fuelling panic surrounding this "sensitive situation," a Symantec executive explains: "When users attempt to access the PDF file, malcode (which is simply a set of software instructions) within the PDF attempts to exploit an old Adobe vulnerability (BID 33751) in order to drop malware on the local computer."
Further, a blog on the Symantec Official website refers to another campaign where the e-mail uses linked news headlines from reputed news agencies and seeks responses and user experiences to be filled in a form (with URL provided) or asks readers to write back with their e-mail address and phone number. "This time around it is an e-mail address that the spammers are more interested in collecting — perhaps as part of a harvest for their future campaigns," the blog states.
In an e-mail response to The Hindu, Prabhat Singh, senior director at McAfee Avert Labs, said domain names related to swine flu were being snapped up to host malware, launch spam and phishing attacks. The number of such sites has increased 30-fold over four days, experts claim. "In one case, a Russia-based site instructs the visitor to install a 'video codec' to view a movie. This isn't a real codec to allow viewing; instead, it is malicious software that puts the victim's computer at the beck and call of the attacker," Mr. Singh explained.
Experts advise computer users to keep all security and other software up to date and avoid opening files and e-mails from unknown sources. "Malware writers, spammers and scammers are lowlives using any high impact news story to push their wares. Users should not follow links that arrive in spam, instant messages or on social networking web sites. If they need any information on the flu situation, they can go to the World Health Organisation website or any reputable source," Mr. Singh said.
SOURCE : http://www.hindu.com/2009/05/24/stories/2009052456051500.htm
About five per cent of global spam volume now mentions swine flu in the subject line - totting up to billions of messages every day, according to the software technology company McAfee. In the guise of seemingly innocuous links offering preventive tips to combat the flu, these digital creepy crawlies, encoded into malicious data stealing programmes, will install themselves in your PC, scan your hard disk for personal data and revert to the malware writer.
The last scams of such proportions were post-26/11 and during the U.S. presidential race. This sort of subterfuge is termed "social engineering" - security parlance for using current events to beguile the hapless netizen.
New opportunity
Not surprisingly, spammers sprang into action on April 23 just days after the swine flu outbreak was first reported. Though the problem is global in nature, McAfee has traced more than half of the total volume to Brazil, the United States and Germany. While some e-mails offer links to pharmaceutical sites and information on drugs for treatment, others are simply news reports and links or FAQ files.
Symantec Security Response spotted an Adobe PDF document titled "Swine influenza frequently asked questions.pdf." The problematic code has been detected as Bloodhound.Exploit.6, which contains an "Infostealer" file which is downloaded onto the system. Wary of fuelling panic surrounding this "sensitive situation," a Symantec executive explains: "When users attempt to access the PDF file, malcode (which is simply a set of software instructions) within the PDF attempts to exploit an old Adobe vulnerability (BID 33751) in order to drop malware on the local computer."
Further, a blog on the Symantec Official website refers to another campaign where the e-mail uses linked news headlines from reputed news agencies and seeks responses and user experiences to be filled in a form (with URL provided) or asks readers to write back with their e-mail address and phone number. "This time around it is an e-mail address that the spammers are more interested in collecting — perhaps as part of a harvest for their future campaigns," the blog states.
In an e-mail response to The Hindu, Prabhat Singh, senior director at McAfee Avert Labs, said domain names related to swine flu were being snapped up to host malware, launch spam and phishing attacks. The number of such sites has increased 30-fold over four days, experts claim. "In one case, a Russia-based site instructs the visitor to install a 'video codec' to view a movie. This isn't a real codec to allow viewing; instead, it is malicious software that puts the victim's computer at the beck and call of the attacker," Mr. Singh explained.
Experts advise computer users to keep all security and other software up to date and avoid opening files and e-mails from unknown sources. "Malware writers, spammers and scammers are lowlives using any high impact news story to push their wares. Users should not follow links that arrive in spam, instant messages or on social networking web sites. If they need any information on the flu situation, they can go to the World Health Organisation website or any reputable source," Mr. Singh said.
SOURCE : http://www.hindu.com/2009/05/24/stories/2009052456051500.htm
Labels: 419 Scam fraud, email scam, Nigerian Scam, Nigerian Spam, spam
Posted on Wednesday, June 10, 2009
Have you been hit like millions of Facebook users by a new phishing scam that can result in crashing your computers or mobile phones and steal your passwords? If not, beware, do not open the files ending with ".at" or ".be".
The phishing scam is being run through the spam messages which steals the sensitive information of the Facebook users.
In the attack, the messages are circulated with a subject line of "Hello" and a prompt to check out "areps.at" or other URLs ending in ".at".
The mails with the subject line "Look at This" and links like -- goldbase.be, greenbuddy.be, silvertag.be, picoband.be -- leads to some malicious Web sites, which if visited, could secretly download malware onto computers through a "drive-by download" application.
The URL connectivity, before being blocked directs the visitor to a fake Facebook page and the mail ID and password are stolen as soon as it is logged-in again.
According to the All Facebook blog.Facebook, the password in such cases should be changed immediately and the same message should be sent across to one's Facebook acquaintance.
"Whoever is behind the scam has been steadily amassing a large number of e-mail addresses and passwords over the past few weeks," the blog says.
Though, Facebook spokesman Barry Schnitt said: "The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a per cent of users.
"We've been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly," he said.
The site has blocked links to the new phishing sites from being shared on Facebook and has added them to the block lists of the major browsers.
The social networking site is working with partners to have the sites taken down completely, he said adding Facebook is also cleaning up phony messages and wall posts and resetting the passwords of affected users.
"We believe the bad guys here are phishing an account and then trying those credentials on webmail providers," Schnitt said.
So, for example, if a user is compromised on Facebook and has the same login and ID password for their Gmail, the attacker may be able to intercept the Facebook password reset and compromise the account again in the future, he added.
SOURCE : http://economictimes.indiatimes.com/Infotech/Beware-of-another-Facebook-spam-/articleshow/4574044.cms
The phishing scam is being run through the spam messages which steals the sensitive information of the Facebook users.
In the attack, the messages are circulated with a subject line of "Hello" and a prompt to check out "areps.at" or other URLs ending in ".at".
The mails with the subject line "Look at This" and links like -- goldbase.be, greenbuddy.be, silvertag.be, picoband.be -- leads to some malicious Web sites, which if visited, could secretly download malware onto computers through a "drive-by download" application.
The URL connectivity, before being blocked directs the visitor to a fake Facebook page and the mail ID and password are stolen as soon as it is logged-in again.
According to the All Facebook blog.Facebook, the password in such cases should be changed immediately and the same message should be sent across to one's Facebook acquaintance.
"Whoever is behind the scam has been steadily amassing a large number of e-mail addresses and passwords over the past few weeks," the blog says.
Though, Facebook spokesman Barry Schnitt said: "The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a per cent of users.
"We've been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly," he said.
The site has blocked links to the new phishing sites from being shared on Facebook and has added them to the block lists of the major browsers.
The social networking site is working with partners to have the sites taken down completely, he said adding Facebook is also cleaning up phony messages and wall posts and resetting the passwords of affected users.
"We believe the bad guys here are phishing an account and then trying those credentials on webmail providers," Schnitt said.
So, for example, if a user is compromised on Facebook and has the same login and ID password for their Gmail, the attacker may be able to intercept the Facebook password reset and compromise the account again in the future, he added.
SOURCE : http://economictimes.indiatimes.com/Infotech/Beware-of-another-Facebook-spam-/articleshow/4574044.cms
Labels: 419 Scam fraud, ATM Scam, email scam, Nigerian Scam, Nigerian Spam
Posted on Sunday, June 7, 2009
It looks like the FBI has been busy lately sending e-mails to people telling them they need their assistance in an investigation.
The FBI is on a hiring spree(fbijobs.gov), but spam is not a recruiting tool.
The e-mail, pretending to be from the FBI, promises to release the money that you were promised when you were, get this, "transacting with ... some impostors claiming to be The Federal Bureau of Investigation."
The FBI Anti-Terrorist and Monetary Crimes Division does not exist, the FBI says in a press release on this topic. Nor does the FBI have a unit in Nigeria - although because most of this garbage originates there, that might not be such a bad idea.
Many of the people who get these e-mails are upset by them. Here's part of an e-mail I recently received from Hector Pequeno, a fed-up reader:
"I am constantly almost daily dealing with e-mails like this. Where are they getting my address? Should I be concerned? Is there an organization I should forward these to so they would be aware? Should I just delete and ignore?"
Let me answer these questions:
Where do they get your address?
E-mail addresses are easily culled from all sorts of sources. People who enter drawings, make purchases online or sign online petitions can get their e-mail into a list sold to spam operations. Sometimes a person who legitimately has your e-mail is the victim of a computer hijacking. That lets all the people in their address book get bombarded with spam.
If your e-mail appears anywhere on the Internet, you are fair game. It's likely one of the reasons I get a few hundred spam e-mails every day.
Another way to get e-mails is through what the Federal Trade Commission has called a "dictionary attack." The spammer creates a list of letter and number strings in front of an "@" sign and common domain name. That generates millions of spam e-mails, some of which hit valid addresses.
SOURCE : http://www.news-press.com/article/20090525/COLUMNISTS40/905250359/1005/NEWS0103
The FBI is on a hiring spree(fbijobs.gov), but spam is not a recruiting tool.
The e-mail, pretending to be from the FBI, promises to release the money that you were promised when you were, get this, "transacting with ... some impostors claiming to be The Federal Bureau of Investigation."
The FBI Anti-Terrorist and Monetary Crimes Division does not exist, the FBI says in a press release on this topic. Nor does the FBI have a unit in Nigeria - although because most of this garbage originates there, that might not be such a bad idea.
Many of the people who get these e-mails are upset by them. Here's part of an e-mail I recently received from Hector Pequeno, a fed-up reader:
"I am constantly almost daily dealing with e-mails like this. Where are they getting my address? Should I be concerned? Is there an organization I should forward these to so they would be aware? Should I just delete and ignore?"
Let me answer these questions:
Where do they get your address?
E-mail addresses are easily culled from all sorts of sources. People who enter drawings, make purchases online or sign online petitions can get their e-mail into a list sold to spam operations. Sometimes a person who legitimately has your e-mail is the victim of a computer hijacking. That lets all the people in their address book get bombarded with spam.
If your e-mail appears anywhere on the Internet, you are fair game. It's likely one of the reasons I get a few hundred spam e-mails every day.
Another way to get e-mails is through what the Federal Trade Commission has called a "dictionary attack." The spammer creates a list of letter and number strings in front of an "@" sign and common domain name. That generates millions of spam e-mails, some of which hit valid addresses.
SOURCE : http://www.news-press.com/article/20090525/COLUMNISTS40/905250359/1005/NEWS0103
Labels: 419 scam, 419 Scam fraud, email spam, Nigerian Scam, Nigerian Spam, scam, spam
Posted on Thursday, June 4, 2009
Verizon Continues SMS Spam Suits
Verizon filed suit against Pennsylvania-based Money Warehouse, Inc., known as All State Mortgage Lender, and other unnamed companies for allegedly sending 800,000 spam text messages to Verizon Wireless customers and employees beginning in February 2009.
Verizon filed suit in U.S. District Court in Trenton, N.J., accusing the companies of violating the Federal Telephone Consumer Protection Act, which bans the use of an auto-dialer to contact wireless customers.
"At a time when many Americans are concerned about making their mortgage payments, these types of unwanted text messages, from unknown senders, can be upsetting," Steven E. Zipperstein, vice president and general counsel at Verizon Wireless, said in a statement. "Our company will continue to work diligently to stop these people who break the law and harass our customers."
Late last month, Verizon reached a $50,000 settlement with St. Louis-based National Auto Warranty Services and Florida-based Explicit Media for making illegal telemarketing calls promoting car warranties.
SOURCE : https://www.pcmag.com/article2/0,2817,2346542,00.asp
Labels: 419 scam, 419 Scam fraud, email scam, lottery scam, Nigerian Scam, scam, spam, spam news
Posted on Wednesday, June 17, 2009