tag
phish

Netflix phish, tech support scam, same phrying pan

Yet another innovative tech support scam, using Netflix phishing to get remote access to the victim’s system.

Tax Scams, Malware, Phishing and a 419

A roundup of scam information, including a tax scams article, email with a link to malware, a phish, and the worlds laziest 419.

The Less Thoughtful Phisher

Less innovative than the scam mails described in my previous articles (Phish to phry  and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is

The Thoughtful Phisher II

In the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some

SMSmishing (SMS Text Phishing) – how to spot and avoid scams

If the smartphones of ESET bloggers are any indication, scams executed via SMS text, known as smishing or SMS phishing, are on the rise. I don’t do a lot of texting, which makes a smish easy to spot on my phone, but I just read an amazing statistic from a Pew report: Users 18 to

Spring Brings Tax-related Scams, Spams, Phish, Malware, and the IRS

Spring is here and that means scam artists are thinking about income taxes and the IRS. Not that scam artists pay income taxes, they just know taxes and any mention of the IRS is a good way to get your attention, which explains a steady stream of deceptive emails targeting tax-paying Americans who now have

SEO poisoning, Londoning and Icelanding

I was asked whether I'd seen SEO (Search Engine Optimization) poisoning relating to the Icelandic eruption and the very widespread grounding of aircraft in Europe. Well, there were certainly attempts in March to exploit the earlier Eyjafjallajokull eruption in order to drive googlers interested in finding out more towards malicious web sites. So it would be naive

No Stone Left Unturned

We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities.  The poisoned search term du jour is "erin andrews death threat".  Apparently,

iPad scammers target the unwary

The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day.  With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait

The Return of Jacques Tits

It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a

The Blame Game

I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was

Bank Scammers: No Respecters of Age

There are some civilizations that revere their elders for their wisdom. Unfortunately, I don’t live in one of them.  In others, old people are quietly abandoned on icefloes or the sides of mountains when they start to take more from the community than they contribute towards it. I guess I’m reaching the age where I should

Chinese Whispers: Targeted Malware and E-Espionage

I’ve mentioned here before that targeted malware, often delivered by "spear phishing" carried by apparently "harmless" documents such as PDFs, .DOCs and spreadsheets rather than overt programs, can have much more impact than the raw numbers of such attacks suggest. In fact, some sources now use the term "whaling" rather than "spear phishing" to reflect the

The Strange World of Twitter

A number of people have found my Twitter account and asked to "follow" me (that is, receive my micro-blog messages). I have it set up so that no-one can follow me unless I approve the request first, and since the account was set up specifically for work purposes, I normally only approve co-workers. Most of the others,

PSST! It’s PFTS!

PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal? A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According

Phishing Persistence

Here’s something I haven’t noticed before (but then I don’t pay nearly as much attention to phishing messages as I used to, owing to the need to sleep occasionally). I’ve started to receive messages purporting to be from the Alliance and Leicester, in the UK. The messages are much the same, apart from the Subject

Fraud in (and out of) a Time of Recession

I’ve been asked several times in the past few months about links between the global recession and criminal activity, especially as related to fraud. There are, of course, those who claim that the economic situation is directly caused by "criminal" activity by politicians and banks, which is a little further than I’d care to go personally. What

Phish Phlags

Here’s a phish one of ESET’s partners drew our attention to: it’s aimed at users of Maybank (http://www.maybank2u.com), the largest financial services group in Malaysia. The scam is somewhat more elaborate than many we see, and it’s worth a little analysis to see what flags we can extract from it for spotting a phisher at work From: Maybank

Phishing the Web

A new advisory from the Anti-Phishing Working Group (APWG) offers advice to website owners on what actions to take when notified that their site or server has been compromised for use by phishers. At 18 pages, it’s a substantial high-level document, including: Some web site phishing attack and response scenarios Identifying an attack Reporting a

Facing Down Facebook

An IT/business magazine called Information Age, apparently aimed at executives with interest and responsibilities in IT, hit my letterbox this morning. That’s an actual magazine with real paper pages: remember those? Seeing as it’s Saturday, I took it back to bed with me to look through while I had the first coffee of the day, and

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

7 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.