Posted by peter on January 13, 2010 – 8:39 pm
US-CERT is aware of reports of tax season phishing scams. The U.S. Internal Revenue Service has issued a
news release on its website warning consumers about potential scams. These scams are circulating via fraudulent email or other online messages appearing to come from the IRS. They attempt to convince consumers to reveal personal and financial information that can be used to gain access to bank accounts, credit cards, and other financial institutions.
US-CERT encourages users to do the following to mitigate the risks:
Posted by peter on December 1, 2009 – 3:33 am
Filed under Security News
Tagged as ban, banking, director, FBI, internet, internet banking, online, online banking, phishing, scam, wife
Robert Mueller, the head of the Federal Bureau of Investigation, was partially taken in by a phishing scam that attempted to steal his online banking credentials. He was subsequently banned from using internet banking by his wife.
CNET's Elinor Mills says that phishing attacks frequently use the imprimatur of the very institutions that are supposed to prevent such fraud. Some of the most common phishing emails purport to be from the fraud prevention departments of PayPal or the FDIC, as well as Facebook administrators asking users to "verify" their information.
The New York Times writes that, although phishing scams are more prevalent than ever, zero liability guarantees are more or less standard for any financial services firm that allows web access. This means that any money lost to successful phishing attacks will be refunded by the bank.
Broad-spectrum phishing attacks are still in common use, though carefully targeted spear phishing campaigns have also been seen in recent months. Security professionals say that legitimate inquiries from financial institutions or any other online service will never ask for user information.
Posted by peter on November 24, 2009 – 2:38 am
Craigslist and other job-hunting sites are proving fertile hunting grounds for cyber criminals, as high unemployment rates and a down economy drive riskier online behavior.
Denver NBC affiliate 9News cites Sarah Johnson as a typical victim of one of the phishing scams. While searching for a job on Craigslist, the unemployed woman responded to an ad offering payment for various holiday-related tasks. However, after receiving a "professional" response to her initial inquiry, Johnson then got a request to cash a check and wire the balance of the funds to the UK. She then realized that the opportunity was a scam.
Experts say that this is an all-too-common type of online crime. The check eventually bounces, and the victim is then on the hook for the amount of the check, not the scam artist. It is nearly impossible for victims to regain their lost funds.
The holidays are a particularly fruitful time for online scammers, say analysts. Consumers must be particularly careful, and remember the time-honored rule: "If it sounds too good to be true, it probably is."
Posted by peter on August 26, 2009 – 8:18 pm
The number of spam emails consisting of phishing spam - which is designed to trick recipients into divulging their personal information - has dropped by at least half this year, in a sign that computer users are getting wise to the attacks.
According to the mid-year online threat report from IBM, phishing made up just 0.1 percent of all spam in the first six months of this year, down from 0.2 percent to 0.8 percent of spam during the first half of 2008.
Although phishing still results in identity theft and fraud on a discomforting scale - as many as 55,000 new victims each month, according to one report - Kris Lamb, director of the X-Force research team at IBM, said computer users are getting better at identifying fraudulent emails and websites, according to the Associated Press.
Anti-virus protection software and better web browsers, which use reputation-based software to block websites that may host malware or phishing pages - could also have led to the drop-off.
However, cybercriminals may just be moving on to other tactics, such as targeting users of web 2.0 sites like Facebook and Twitter.
A number of rogue applications were spotted last week on Facebook that send messages with links to a phishing website for stealing login credentials. The apps attempt to harvest users' Facebook login names and passwords in order to send out more phishing spam from their accounts.
Posted by peter on July 17, 2009 – 8:06 pm
Microsoft has filed suit against Funmobile, Ltd., a Hong-Kong-based company allegedly involved in sending thousands of spam instant messages with links to phishing websites to users of Windows Live Messenger since March 2009.
Defendants Christian and Henrick Heilesen allegedly targeted customers with spam IMs, or "spims," that appear to come from the email address of a known friend or acquaintance and invite the recipient to click on a link to a phishing site, where users are asked to sign in with their IM username and password, according to the complaint.
Funmobile allegedly used access to phished user accounts to harvest users' IM contacts in order to send out more bulk phishing spam messages. Microsoft said phishing is a violation of the Windows Live terms of service and a violation of its customers' privacy.
"This filing is an important step in maintaining and improving the safety of our 320 million active Windows Live Messenger users," Microsoft said on its Windows Live blog. "With today's action, Microsoft is sending a clear message that this kind of activity is not allowed and that we're taking proactive steps to protect our customers accordingly."
Tim Cranton, Microsoft associate general counsel, said on the Microsoft policy blog that the company "is vigilant about using both technology and the law to fight illegal activity online."
Posted by peter on July 13, 2009 – 8:11 pm
Spam email used to lure recipients into disclosing personal data such as credit card numbers - called phishing - rose by 21 percent in the month of June, according to web security firm Symantec. The United States remained the top hosting country of the attacks.
In the antivirus vendor's July State of Phishing report, Symantec said 38 percent of phishing websites in the month of June were generated using automated phishing toolkits.
Brands targeted by cyber-scammers were mainly in the financial sector (80 percent). Unique phishing websites accounted for 62 percent of all attacks, targeting 208 known brands. Unique sites rose 27 percent in June.
"The increase was likely a result of phishers evading the phishing mitigation tactics of several web hosting companies to their benefit" and an overall increase in the volume of phishing activity in June, the report said.
Symantec observed a spike in phishing websites using free web-hosting services, surging up 96 percent to account for 10 percent of all phishing sites.
Phishing emails were circulating last month that appeared to come from Microsoft and asked recipients to reconfigure their Outlook account by clicking on a link to a website where users are asked to fill in their account information.