Category: Phishing

(CNN) — A recent warning from the FBI about hackers targeting guests’ data when they log into hotel Wi-Fi overseas was a salient reminder to travelers of the risks to data security on the road.

The alert, from the FBI’s Internet Crime Complaint Center, was addressed to U.S. executives, government workers and academics but did not specify a particular country of threat.

It warned of a spate of incidents of travelers encountering bogus software update pop-ups when they used hotel internet connections overseas. When they clicked on the “update,” malicious software was installed on their computer.

Hotel Wi-Fi connections are particularly risky, said Sian John, UK security strategist at Symantec, because they are often set up without proper security settings. But they are merely one data-security threat among many facing business travelers.

Source: CNN

Users of social networking giant Facebook have been warned against falling for fake Facebook notifications that arrive via email. The emails claim the recipient has “notifications pending” – and links that look “convincing” but may lead to trouble.

“The link, of course, could go to anywhere. It could go to a phishing website, a webpage hosting a malicious download or something else unsavory. When I tested the link in the emails I saw, they took my computer (via some redirects) to a Canadian pharmacy website offering to sell me Viagra and Cialis to improve my perfomance between the sheets,” Security vendor, Sophos said in a blog post.

Facebook users should think twice before clicking on e-mail links, even if they look “pretty convincing.”

Source: GMA News Online

A security flaw in Internet Explorer is triggering messages in some users’ Gmail accounts that they may be the target of an attack from a nation-state.

The vulnerability in IE was revealed by Microsoft on “Patch Tuesday,” a day designated by the company every month to move fixes to its software programs.

“The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” Microsoft explained in an advisory.

In order for a hacker to exploit the vulnerability, an IE user needs to land on an infected webpage. To steer traffic to such pages, cybercriminals will typically use phishing e-mails or instant messages containing links to the infected locations.

Source: PCWorld

Scammers can easily use Google Docs to phish for passwords and sensitive information. Here are a few email campaigns spammed out, attempting to trick users into handing over their confidential data.

If you click on the link, it’s clearly an attempt to phish information from internet users. The page falsely claims that your email accountwill be shut down in three days and the only way it claims you can resolve the situation is by entering your username and password.

The email asks the recipient to confirm their email account details or risk having it shut down.

Failure to provide details correctly will result to immediate closure of your mailbox account from our database.

The link points to a page on Google Docs (docs.google.com). That gives the link a false aura of legitimacy. But what the link can’t do is tell you whether the Google account holder is legitimate or up to no good.

Before you know it, your email account will be compromised. And if that username/password combination is being used elsewhere on the web or if – as is the case with Google – your details unlock a variety of services, then the security breach is compounded.

Source: Sophos

Kids Next Scam Target Through Games (image: http://www.flickr.com/photos/radiofree/3602149122/)

Kids Next Scam Target Through Games (image: http://www.flickr.com/photos/radiofree/3602149122/)

A number of educational online games for pre-schoolers has been found having malicious trojans in them.

Catalin Cosoi, head of online-threats lab for BitDefender, spotted more than a half-dozen infected children’s games on Chinese websites.

The trojans are injected into the Flash-based games code. And with it it is possible for the Phishers to infect computers and personal information may be at risk.

Source: http://www.securitynewsdaily.com/

Facebook has initiated working with Online security firm Websense to protect users from Phishing by adding a phishing safety net.

Next week you will be met by this safety pop-up if you are heading for a potentially dangerous website:

Facebook is a likely target for scammers and often people click on links supposedly posted by friends. The target is to gain access to passwords.

Source: BBC News

Fight Back Against Phishing

Are you also tired of the endless amounts of trickery and online scams. Perhaps it’s time to fight back?

Here are some addresses you can forward such emails to. Also included are bank, and business addresses for reporting phishing and scam emails.

US CERT (US Computer Emergency Response Team) phishing-report@us-cert.gov
Federal Trade Commission spam@uce.gov
EarthLink Fraud fraud@abuse.earthlink.net
Anti-Phishing Working Group reportphishing@antiphishing.org
Fraud Watch International fraudwatch@fraudwatchinternational.com
Phish Tank phish@phishtank.com
Chase Bank abuse@chase.com
Zenith Bank ebusiness@zenithbank.com
Oceanic Bank customercare@oceanicbank.com
Abbey National Bank customerservices@abbey.com
Union Bank PLC customerservice@unionbankng.com
Lloyds TSB Banking emailscams@lloydstsb.co.uk
South Western Federal Credit Union contactus@swfcu.org
Federal Express abuse@fedex.com
DHL Express Fraud.alert@dhl.com
Wells Fargo reportphish@wellsfargo.com
Publishers Clearing House PCHabuse@pch.com
Capitol One abuse@capitalone.com
Pay Pal spoof@paypal.com
Bank of America abuse@bankofamerica.com
USAA Bank abuse@usaa.com
HSBC Bank usphishing@us.hsbc.com
NatWest Bank phishing@natwest.com

If you want to fight the sleezy scum of internet frauds you can join the phish-fighting community at  Phishtank, a site where anyone can submit, verify, track and share phishing data.  More at  www.phishtank.com.

Until next time 😉

Peter – Your Online Security Guide

Protection from the Phisherman

The entire objective of phishing is to steal your identity and thus get your money. Knowing this can save you from a lot of trouble and pain. Don’t click on links from strangers (don’t take candy either). These scams are called phishing because they “fish” for your dough and ID. There are precautions you can take, most importantly learn how to recognize a scam when you see one.

Con men say that “a sucker is born every minute”. On the Internet, it seems that a scam is born every minute while simultaneously recycling the old. I still get emails from Nigeria alerting me to the funds they have waiting for me.

The phishermen will attempt to alarm you. They will tell you the sky is falling and your account is about to be shut down. Don’t fall for it. Banks do not send emails to folks telling them their bank account is going to be closed. They just don’t operate that way.

The phishermen will promise you that you can go from rags to riches with very little effort on your part. Just sign on the dotted line…

The phishermen will present you with a deal that sounds too good to be true. And you know what – it is too good to be true. Don’t fall for that con.

The phishermen in times of trouble like a natural disaster will humbly request your donation to some charitable organization. Make sure they are really a valid charity before dispensing your hard-earned cash.

Alas the phishermen does not spell all that well and is guilty of some atrocious grammar. You don’t have to pull out your grammar text to recognize the tortured English you are reading.

The phishermen love scams like tech support, lotteries or sweepstakes. They often use famous names in their emails. Keep the delete button handy.

As we have discussed so many times, please watch out for the Rogue security software scams a favorite of the phisherman. Rogue security software, aka “scareware,” is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. These guys are most insidious so stay suspicious.

Sponsored by Vipre Antivirus AntiSpyware