The Phisher King is Back

I’m glad to report Australian phisher king Daniel McNamara has revived his Code Phish website which dissects phishing attacks and associated scams. He’s just taken a close peek at one ‘mule ad’ (as I call them) or job scam as he calls them: DHL Mail Job Scam.  These are efforts by the phishers to repatriate their illicit …

Continue reading ‘The Phisher King is Back’ »

Fame At Last, Or Under Attack?

Here’s an example of how social engineering can be more important than technical sophistication. It’s an email with a credible from address, credible header, credible subject line, credible contents: From: john@flexiprint.co.uk Subject: Photo Approval Needed Hello, Your photograph was forwarded to us as part of an article we are publishing for our May edition of …

Continue reading ‘Fame At Last, Or Under Attack?’ »

Putting Phishers In The Banking Frame

Phishers are smart, and banks are dumb. At least, it seems that way. Here’s another example of what’s called a cross site scripting vulnerability attack, which basically lures the victim to what seems, both in the phishing email and in the website it links to, to be a genuine website belonging to Charter One Bank. …

Continue reading ‘Putting Phishers In The Banking Frame’ »

Phishing Gets Proactive

Scaring the bejesus out of a lot of security folk this weekend is a new kind of phishing attack that doesn’t require the victim to do anything but visit the usual websites he might visit anyway. It works like this: The bad guy uses a weakness in web servers running  Internet Information Services 5.0 (IIS) and …

Continue reading ‘Phishing Gets Proactive’ »

Spam And Social Engineering

(Please see a subsequent post on this: Apologies for getting it wrong and thanks to everyone for writing in) Spam always surprises. This morning I got an HTML email from seemingly credible email address with just one line in it: http://drs.yahoo.com/jeremywagstaff.com/NEWS Hmmm, I thought, my name! I was almost going to click it, but then …

Continue reading ‘Spam And Social Engineering’ »

Phishers Raise The Bar

Phishers can now access banking websites that use an extra ‘keylog-proof’ security layer. For several months phishers — folk fooling you into giving up valuable passwords — have used keylogging software which will capture passwords and user names as you type them into banking and other financially-oriented sites. But these aren’t much use against websites …

Continue reading ‘Phishers Raise The Bar’ »

Beware the phisher’s revenge

Australian Daniel McNamara, who runs the hugely informative anti-phishing website Code Fish Spam Watch says he was today the victim of an attack on his website and his character, by a phishing email. The email, spammed all around, pretends to be from him and says,  Dear Online Banking User, You should be heard about such called …

Continue reading ‘Beware the phisher’s revenge’ »

The Maibach Mystery

Spam, scam, smear or did someone really buy earthenware and a bomb? You may have recently received a copy of what looks to be weird spam: You’ve just purchased set of Maibach brand earthenware on web site cvv2.ru Easy to use, Maibach kitchenware is also famous for its modern look. Our utensils, designed for easy …

Continue reading ‘The Maibach Mystery’ »

Visual Spoofing And The Art of The Sting

Here’s a potential scam that raises the bar — and alarum bells — for everyone. It’s already got a name: Visual Spoofing. It works like this (I think): Instead of ne’er-do-wells concealing addresses to make you think you’re at a legit website (say your bank, or PayPal) rather than at their sleazy password-grabbing site — …

Continue reading ‘Visual Spoofing And The Art of The Sting’ »

Phishing and Keylogging – The Missing Link?

Here’s evidence that ‘phishing’ – the art of conning users into handing over banking and other passwords by fake, but convincing-looking emails and website — may have branched out into viruses and worms. Symantec, McAfee and Sophos have published details of a new virus/trojan called Stawin (also known, because the anti virus people don’t seem …

Continue reading ‘Phishing and Keylogging – The Missing Link?’ »