At The Breach - Your source for online security news » Scams

Email Security

Editor — Tue, 27 Oct 2009 20:28:53 +0000

According to Websense (State of Internet Security Q1 & Q2 2009), 87.7 percent of email messages were spam during the first half of 2009. While I have seen the percentage by other vendors be higher, it does represent a 3 percent increase over the previous 6 months (again according to Websense).

85.6 percent of all unwanted emails in circulation during the first half of 2009 contained links to spam sites and/or malicious web sites.

Shopping remained the leading topic of spam (28 percent), followed closely by cosmetics (18.4%), medical (11.9%), and education (9.5%). Education themed spam has almost doubled over the previous 6 month period and some believe that is due to the recession. Often times these education themed emails seek to exploit people looking to gain new skills or obtain fake qualification to help their job prospects.

Credit Union Penetration Test Malware Scam

Editor — Fri, 28 Aug 2009 21:08:00 +0000

Here is a recent scam reported by the NCUA and others. It uses a shipped CD to financial institutions with instructions to load them. The CD’s and letter are supposidly from the NCUA, but are not. See the following article on it as posted.

Malware-Infected CD Mailing was Part of Pen Test
By Dennis Fisher
The malware-infected CDs that were mailed to some credit unions may have been part of a penetration test designed to gauge whether an employee would run the software. The SANS Internet Storm Center says it was notified by a representative from Microsolved that the mailing was part of an authorized pen test.
The alleged scam is elegant in its simplicity. The potential thieves are mailing letters that purport to come from the National Credit Union Administration, the federal agency that charters and insures credit unions, and including two CDs in the package. The letter is a fake fraud alert from the NCUA, instructing recipients to review the training materials contained on the discs. Of course, the CDs are loaded with malware rather than training programs.
The letter contains some of the classic misspellings and miserable grammar often found in phishing emails. An excerpt of the letter:
The NCUA has warned numerous times 1 about “phishing” scams in which crooks send e-mails claiming to be from legitimate financial institutions, companies or government agencies asking consumers to “re-submit” or “verify” confidential information such as bank accounts, Social Security Numbers, passwords, and personal identification numbers…
Please read the included document, as it contains important training and informational material regarding the risks of fraud…
The NCUA has published an advisory about the fake CDs, warning credit union employees not to run the discs.
A federally insured credit union has reported receiving a bogus Letter to Credit Unions, accompanied by two compact discs (CDs). The subject of the fraudulent letter itself is a purported NCUA FRAUD Alert. The letter advises credit unions to review training material (contained on the CDs). DOING SO COULD RESULT IN A POSSIBLE SECURITY BREACH TO YOUR COMPUTER SYSTEM, OR HAVE OTHER ADVERSE CONSEQUENCES.
This kind of attack has been suggested and kicked around in the security community for years, but this is perhaps the first time in recent memory that it has actually surfaced. An interesting point here is that the thieves are targeting credit unions, which tend to be smaller, community-based institutions, rather than larger, more sophisticated banks. Many credit unions have just a handful of branches and may not have the dedicated security staffs that national banks have.
In effect, this is simply an offline extension of the highly targeted spear-phishing attacks that have been plaguing smaller financial institutions for a couple of years. But it’s one that’s potentially effective and damaging.

New Classification / Type of Cyber Attack – Macking

Editor — Thu, 02 Jul 2009 19:51:30 +0000

Macking is the term coined by Kevin Prince, CTO at Perimeter eSecurity and Doug Howard, Chief Strategy Officer at Perimeter eSecurity and President of USA.Net (subsiderary of Perimeter). Kevin discusses it in his most recent blog post in conjuction with various scams currently happening using this attack method.

Scams using Social Networking Sites

Editor — Thu, 11 Jun 2009 18:34:43 +0000

There is a blog post that discusses a couple of scams using social networking sites Facebook and Twitter. Good to be aware.

Spear Phishing Scam

Editor — Mon, 08 Jun 2009 20:21:36 +0000

Kevin Prince of Perimeter eSecurity has an interesting post regarding the anatomy of a spear phishing or targeted phishing attack using the recent Aetna data breach as an illustration. You can see it here.

All of Kevin’s stuff is posted at security.perimeterusa.com

Would you like a Trojan with that pirated software?

Editor — Wed, 27 May 2009 20:18:29 +0000

Cyber criminals know that often times people want to get their hands on the latest and greatest software prior to its official release. As a result, these hackers have been known to modify this software and post it to the Internet for unsuspecting people to download. The modifications that they make include methods to subvert traditional AV systems, install Trojans and other malware that can offer full control to the bad guys anywhere in the world.

Microsofts Windwos 7 was the latest to have this happen, although this is far from the first time. Apple’s iWork ‘09 had something similar last year. My suggestion is to not download and use pirated software because the security implications can be huge. Remember, it isn’t just about that one system being infected. Once it is on the inside of your network, it can spread to other systems.

Article

Your Data for Ransom

Editor — Tue, 26 May 2009 13:49:51 +0000

This isn’t the first time I have heard about this type of thing, but it does appear to be a growing threat. According to Wikileaks.org, cyber attackers breached the Virginia Department of Health Professionals’ prescription monitoring website, downloaded a ton of data and are now demanding $10 million dollars in ransom for its return.

The site became unavailable after this happened on May 4, 2009. The ransom note said they had 7 days. At this time I have not been able to find out any additional information on this, and the 7 days has long past. I don’t know if Virginia is keeping a good wrap on this, or something else is going on. Perhaps due to the investigation, they can’t release any additional information.

I believe we will begin to see more and more of this type of thing.

http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html?wprss=securityfix

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=217201397&subSection=Cybercrime

Swine Flu Scams

Editor — Mon, 11 May 2009 14:07:50 +0000

Even with this first, passive wave of H1N1 swine flu diminishing, scams are on the rise. Websense reports a huge number of email scams based on news (usually false) around the H1N1 swine flu. End users being concerned about a possible pandemic are eager to learn the latest news and with sensationalized subject lines, it isn’t hard for them to click on a link, or open an attachment where they think they will learn more.

According to the Websense announcement: “The malicious Web site that is redirected is typical: it asks the user to install a missing codec to watch a video, and the download codec is a Trojan Downloader. Until now, these kinds of sites just used hot topics to attract users; we suspect that they will use more advanced SEO techniques to infect more users in the future.”

H1N1 Swine Flu Pandemic Scams

Editor — Sun, 26 Apr 2009 04:53:24 +0000

Beware! Anytime there is big news or things that concern people, there always seems to be an immediate barage of SPAM and phishing attacks using those subject lines. The latest big news that cyber criminals will hope you will want learn more and click a link or open an attachment? The Swine Flue (H1N1) potential pandemic. Mark my words, you will see phishing and scam emails soon. They will probably promise links to sites where medication can be ordered, or protective masks, or simply the latest news and updates.

http://health.yahoo.com/news/reuters/us_flu.html

Want to see what other people TXT? Don’t Fall For It.

Editor — Fri, 17 Apr 2009 12:13:01 +0000

Websense has recently detected a new scam aimed at infecting systems with malware. The scam includes an email that tells people that by clicking a link and installing and application, they can see other peoples SMS messages. So slooths and wood be snoops are in danger of infection if they aren’t careful.