Pages Tagged “phishing”
Blog Posts
- SubdoMailing
Interesting spam/phish technique: Look for subdomains with CNAMEs or SPF records that point to abandoned domains that you can then register…and effectively take control of the subdomain or SPF. They haven’t seen any cases where it’s been used to host a phishing site at, say, an msn.com subdomain, but they’ve seen thousands of cases where […]
- Phish Training
The year is 2006. I’m complaining on my blog about businesses training their customers to fall for phishing attacks. The year is 2011. I’m complaining on my blog about businesses training their customers to fall for phishing attacks. The year is 2022. I’m complaining on my blog about businesses training their customers to fall for […]
- Hi, We’re Your Bank! (Yeah, SURE you are.)
Phishers: Hi, we’re your bank, please click on this attachment for important information. Security experts: Never click on an unexpected attachment in an email even if you think you know who it’s from. It’s likely to be malware or a scam to steal your login credentials. Actual banks: Hi, we’re your bank, please click on […]
- Don’t Use Third-Party Links in Email – Object Lesson: Comic-Con Registration
A click tracker that couldn’t hold up to the strain of Comic-Con registration prevented thousands of potential attendees from getting into the system in time.
- If You Teach a Man to be Phished…
I’ve dealt with a couple of companies that try to plug the general lack of security in email by using a “secure email” service…that acts just like a phishing attack.
- EV SSL Buzzword Used for Phishing
One of the great ironies of phishing is that, these days, identity theft via the web tends to work by preying on people’s fear of identity theft. It doesn’t help that most people don’t really understand the technology. The typical phishing message looks something like this: Dear so-and-so. In order for us to protect your […]
- Flagging (Non)-Spoofed Mail
Following up on the PayPal anti-phishing discussion of a few weeks ago, I see that PayPal is promoting a service called Iconix. You install the program on your system, and it looks at your inbox for messages that claim to be from one of its customers. It tries to verify them “using industry-standard authentication technologies […]
- Nasty Ebay “About Me” Phish
Someone I know encountered a really sneaky eBay phish this weekend. It arrived through eBay’s official “Ask seller a question” system, and consisted of a simple request: Was his auction the same as the auction at the following About Me page? The URL was a normal eBay URL of the form http://members.ebay.com/aboutme/_____. Pasting the link […]
- Flash Fraud
Got an interesting phish today. Subject: Error in your billing information From: Keystone Savings Bank. Hmm, Keystone, eh? 😉
- Back to Basics: Phish by Phone
I just spotted a rather disturbing phishing message in (of all places) our abuse contact mailbox: Subject: Fraud Prevention Measures Dear customer! Due to high fraud activity we constantly increasing security level both for online banking and card transactions. In order to update our records you are required to call MBNA Card Service number at […]
- Spam is like machine gun fire
After my latest round of supposed anti-fraud notices claiming to be from banks with which I don’t have any accounts, it occurred to me that phishing, 419 scams, email spam, blog spam, etc. are all scattershot approaches. They seem so obvious to those of us who are used to seeing them. It seems unthinkable that […]
- Symantec Issues
Last week I received a message offering a 30% discount on Norton Internet Security 2006. It claimed to be from Symantec, but the email address was at digitalriver.com, and all the links—including the ones that claimed to be at symantec.com—went to bluehornet.com. Now 5 minutes of research turns up the facts that Symantec does work […]
- Low-Tech Phish
I found a flood of crude phishing attempts in our postmaster account this morning. How crude? The hook was, “Simply reply to this email with your online login and password.” No forms, no imitation websites, no swiped logos, no links of any sort at all. One of them even had multiple recipients visible on the […]
- 100% Distributed Web Hosting
Too bad it’s the bad guys. As reported on DailyDave and picked up at SANS, Email Battles and elsewhere, there are phishers out there using a botnet (a network of infected “zombie” computers) not just to send emails, but to host the websites and the DNS for their scam. Imagine what this technology could do […]
- Stealing pop-ups from your bank
Here’s an online security story to freak you out: Security firm Secunia has found a loophole [Edit: originally linked to Yahoo! News] in basic browser window handling that can let any site plug its code into a pop-up window generated by any other site. That’s not just ads, that includes pop-up help files, password dialogs, […]