www.fgks.org   »   [go: up one dir, main page]

 Phishing

FDIC phishing emails use Patriot Act scare tactic

Angela Moscaritolo January 13, 2011

Fraudulent emails claiming to come from the Federal Deposit Insurance Corp. (FDIC) are attempting to trick users into handing over their sensitive personal information, the agency said in a warning issued Wednesday to clients and customers. The messages claim that the FDIC has withdrawn deposit insurance from the targeted user's account "due to account activity that violates the Patriot Act." Recipients are directed to follow a link included in the message that could lead to phishing sites or malware, the agency said. Financial institutions and consumers should not follow the link or provide any personal information. - AM
 

Cyberattacks increase 29 percent in 2010

James Hale January 11, 2011

The number of breaches affecting Canadian organizations grew last year, but the cost associated with these incidents decreased by more than $654,000 - or almost 80 percent - during the same period.
 

New Year's-themed bogus emails work of Storm or Waledac

Dan Kaplan January 03, 2011

Researchers at the nonprofit Shadowserver Foundation believe they have identified a new version of either the Storm or Waledac worm, thanks to a large-scale influx of New Year's-themed spam. The emails purport to be a New Year's greeting card but contain a link to a malicious domain, claiming to host a fake Flash Player that actually is an exploit. The evil domains use fast-flux techniques to hide the host server. "The whole point of this botnet is to install malware onto systems of unsuspected visitors," researcher Steven Adair wrote on the Shadowserver blog. Storm first appeared on the scene in 2007, capitalizing on current events and holidays, and was effectively replaced by Waledac in 2009. - DK
 

The time axis of evil: phishing's golden hour

Charles Jeter, ESET cybercrime investigator December 22, 2010

Five steps any size business can employ today to crush phishing risks.
 

Users should be wary of holiday malware, phishing

Angela Moscaritolo December 21, 2010

As the holiday season continues, users should be on high alert for scams such as malware-laden electronic greeting cards and screensavers, US-CERT has warned. In addition, phishing attacks may be disguised as requests for charitable donations, credit card applications and online shopping advertisements. US-CERT recommends that users avoid opening unexpected email attachments or following untrusted links. When donating to charities, individuals should verify the organization's authenticity with the Better Business Bureau. — AM
 

New Google service identifies hacked sites

Dan Kaplan December 17, 2010

Google has launched a new service that notifies web surfers in search results if a website they may visit has been compromised.
 

FBI warns of SMS and phone-based phishing scams

Angela Moscaritolo November 24, 2010

The FBI issued a warning on Wednesday about so-called "smishing" and "vishing" scams, which are likely to be prevalent this holiday season.
 

Google quickly shores up Gmail spam flaw

Angela Moscaritolo November 22, 2010

Google has fixed what is being described as a serious security flaw that allowed a hacker to harvest Gmail addresses and send spam from the search giant's servers.
 

New malicious email campaign targets Facebook users

Dan Kaplan November 19, 2010

A large wave of malicious emails claiming to come from Facebook began hitting inboxes this morning, according to researchers at messaging security firm AppRiver. The emails contain the subject line "Facebook Support" and purport to be from "Facebook office." Recipients are told their Facebook accounts have been blocked due to spam activity and they must use a new password, which is included in an attachment. However, the attachment actually contains a variant of the Oficla downloader, which has been known to install rogue anti-virus programs and the Zeus trojan. AppRiver has detected more than 100,000 of the messages. - DK
 

New phishing scam preys on military, families

Angela Moscaritolo November 02, 2010

A new phishing campaign attempts to steal money from members of USAA, a banking and insurance firm for U.S. military members and their families, researchers at email security firm AppRiver warned Tuesday. Researchers have noticed heavy traffic related to the spam run, whose messages include a link that directs users to a fake USAA login page, Troy Gill, security analyst at AppRiver, wrote in a blog post. The company has discovered more than 1,500 unique domains being used in the attack. — AM
 

Botnet sending Bredolab trojan dismantled; one arrested

Dan Kaplan October 26, 2010

Dutch authorities said Monday that a 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.
 

Murky FinCEN SAR reporting: Is malware responsible?

Charles Jeter, ESET cybercrime investigator October 22, 2010

In a direct 10-year comparison, the Delaware banking industry's overuse of the FinCEN SAR category of 'Other' mirrors the growth pattern of the malware industry year after year. Are these related?
 

Google releases security checklist

Dan Kaplan October 18, 2010

Google has created an 18-part checklist to help users better secure their computer, browser, Google account and Gmail settings. Among the tips Google suggests are that users choose unique passwords for their various online accounts, that they "periodically" change their passwords and that they never respond to messages or phone calls requesting their usernames or passwords. — DK
 

Zeus behind scenes of new phish

October 15, 2010

A growing spam attack warning recipients of a problem with their tax payments has been circulating. But it is more than a phishing ploy to attain recipients' confidential information, according to Solera Networks. Researchers at the network forensics company have evidence that this campaign is actually infecting machines using a new exploit to join a pre-existing Zeus botnet. — GM
 

Latest Zeus attack propagated via fake iTunes receipt

Angela Moscaritolo October 05, 2010

Attackers are sending out spam messages spoofing an iTunes store receipt in an attempt to lead users to the insidious data-stealing trojan Zeus.
 

LinkedIn spam run aims to foist Zeus on victim PCs

Dan Kaplan September 28, 2010

Users of LinkedIn are being targeted in a massive spam campaign designed to install the bank credential-stealing Zeus trojan on their machines. The emails, accounting for nearly a quarter of all spam at one point Monday, mimic LinkedIn invitations, according to Cisco. But when users click on the link contained in the message, they are delivered to a website that reads "PLEASE WAITING...4 SECONDS" and then are directed to Google. During that time, however, Zeus is installed on their machines if they are unpatched for certain browser vulnerabilities. This particular spam campaign and ensuing drive-by download attempts are notable because of the size and the apparent targets: business professionals with access to corporate bank accounts, Henry Stern, a Cisco senior security researcher, said in a blog post. — DK
 

Phish claims recipient's tax payment was rejected

Angela Moscaritolo September 16, 2010

A newly discovered phishing scam targeting users of the U.S. Department of the Treasury's Electronic Federal Tax Payment System (EFTPS), a free tax payment service, is making its way into inboxes, according to researchers at McAfee. The messages, which contain the subject line: "Your EFTPS Tax Payment ID has been rejected," claim that the recipient's tax payment did not go through because of an invalid ID number. The messages direct users to a fake website for additional information. Researchers discovered a set of spoofed websites used in the attack that were created on Sept. 12. Users should disregard such messages, researchers said. — AM
 

Adobe grapples with new Reader, Acrobat zero-day

Dan Kaplan September 08, 2010

Adobe on Wednesday confirmed a dangerous Reader and Acrobat vulnerability, which is being exploited in the wild.
 

Part two: Blacklists, clustering and The Matrix

Gunter Ollmann, vice president of research, Damballa August 19, 2010

Using the analogy of workers inspecting marbles of varying colors, the author explains how organizations can apply clustering to defend against evolving threats.
 

Facebook fixes bug that spammers could have used

Angela Moscaritolo August 12, 2010

Facebook this week fixed a privacy glitch on its website that could have been abused to obtain a user's full name and photo by entering an incorrect password, a researcher said Wednesday.
 

Cybercrime truth or fiction, Part 3: Banking trojans, the FBI and Gartner

Charles Jeter, ESET cybercrime investigator July 26, 2010

ESET's Charles Jeter continues his investigation into banking fraud.
 

Cybercrime truth or fiction: Part 2: Are business-centric states more targeted?

Charles Jeter, ESET cybercrime investigator July 26, 2010

ESET's Charles Jeter continues his investigation into banking fraud.
 

Cybercrime fact or fiction, Part 1: Banking trojans and FinCEN reporting

Charles Jeter, ESET cybercrime investigator July 26, 2010

The bleeding of American business to offshore criminal enterprises can be measured in the billions without the banking industry being held accountable.
 

Zeus now spoofing Visa, MasterCard programs

Angela Moscaritolo July 15, 2010

A new configuration of the Zeus trojan is targeting the customers of 15 leading U.S. banks by injecting a phishing page that seeks to steal sensitive information.
 

SMBs, individuals being targeted by telephone DoS

Dan Kaplan June 21, 2010

Online vandals increasingly are leveraging telephone-based denial-of-service (DoS) attacks to tie up phone lines as they simultaneously plunder victims' bank accounts, the FBI warned Monday.
 

Zeus is back with terrorism-themed spam run

Dan Kaplan June 18, 2010

Trojan-laden emails - claiming to offer U.S. government terrorism information - have been hitting inboxes, researchers at Sophos warned Friday.
 

World Cup lottery spam, targeted malware discovered

Angela Moscaritolo June 17, 2010

Cybercriminals are actively exploiting interest in the World Cup soccer tournament to spread malware and trick users into handing over sensitive information.
 

New fraud service serves as repository for stolen data

Dan Kaplan June 17, 2010

Microsoft has joined forces with the National Cyber Forensics Training Alliance (NCFTA) to launch a portal designed to immediately alert companies if credentials or credit card numbers belonging to their customers or employees have been discovered online.
 

World Cup spam tries to net malware victims

Dan Kaplan June 11, 2010

Malicious emails capitalizing on the World Cup soccer tournament, which began Friday, are hitting inboxes worldwide. Security firm Websense said Thursday in a blog post that it began tracking 80,000 spam messages armed with World Cup-related subjects that contain HTML attachments with embedded JavaScript. Users who click on the attachment are led to a malicious website, according to Websense. Internet surfers should also be mindful of poisoned results that may appear when they search on Google for information related to the tournament. — DK
 

New phishing technique exploits browser tab use

Angela Moscaritolo May 25, 2010

A Firefox developer has discovered a new phishing attack method dubbed "tabnabbing," which preys on browser tabs and the fact that users generally don't keep track of all the tabs they have open at one time.
 

Latest News

Popular Topics
Android Breaches & Exposures Cyber Attack Cyber War Cyberattack Cybercrime Cyberwarfare Data Breaches DDoS Education Email Security Finance Government Hackers Insider Threat Malware Mobile Devices Mobile Endpoint Security Patch Management Phishing Retail SCADA Social Media Spam Vulnerabilities & Flaws