Posts Categorized: social engineering


8 Tips for Filing Taxes Online Safely

by

By Mike Kronenberg Getting ready to file your taxes online — and doing it at the last minute? Well, cyber-scammers are ready for you. Thieves are schemers, and they’ve got a bag full of tricks to steal your identity. You might even be doing things to make their job easier. And if you use a PC at work to do your return,  identity theft could be as simple as a crook (or an unscrupulous coworker) digging around and finding sensitive files. One might send you an e-mail that offers a quick refund — or a warning about a problem with […]

Continue Reading »

’30 Rock’ Phrase ‘Circulus et Pruna’ Draws Fakealerts

by

Every search result on the first page (and most of the second page) of results for “circulus et pruna” leads to a Fakealert trap.

Continue Reading »

Social Nets Put Your Privacy at Risk

by

By Mike Kronenberg Attention Facebook and Twitter users: You’re still at risk. Last year, our survey found that lots of people using social networking sites were taking the risk of financial loss, identity theft, and malware infection. Have things gotten any better? Well, the answer is yes but, unfortunately, not better enough — and potentially a lot worse for some of you. The results of our 2010 survey reveals that more of you are adhering to some safe behaviors — like blocking profiles from being visible through public search engines. That’s a good thing, but the downside is over 25 […]

Continue Reading »

Weird New Koobface URLs Use Old Tricks

by

Pretty much since it arrived on the malware scene, Koobface has used the technique of sending messages with Web links — in your name, to your friends — as a method of propagating the infection to others. Using your name is a powerful social engineering trick, and the makers of the worm have tried innumerable ways to mask the danger behind those dangerous links: They’ve used “short link” services like Bit.ly to hide the destination; They build pages on sites normally considered safe, like Blogspot or Google Reader, that simply redirect users to a dangerous page; and they use stolen […]

Continue Reading »

Fakealert Accurately Mimics Windows Update

by

A new Windows Update-themed stupid malware trick that’s making the rounds appears to be trying to capitalize on the recent frequency of “out of band” Windows patches Microsoft has been releasing lately. The spy, which serves as nothing more than a vehicle for the fraudulent sale of a fake product called Antimalware Defender, so closely resembles a Windows Update installation dialog that some members of our threat research team who saw these files had to pause and look carefully at the dialog box before deciding it is, in fact, a big fat hoax. Even the Microsoft Knowledge Base article the […]

Continue Reading »

Twitter Phish Floods Network with Short URLs

by

All day, I’ve been getting reports from my Twitter-using friends and acquaintances that they’ve been receiving tweets of short URLs. I took a look and it looks like another phishing campaign aimed at users of the social network is underway. The short URLs, prefaced with the message “This you???” lead to a fake Twitter login page. The fake login page is hosted on a domain that points to a server in China. Other domains that are currently hosted on that same server’s IP address, including bzpharma.net, have previously been implicated in earlier Twitter spam campaigns. The same domain appears to […]

Continue Reading »

New Research: IT Pros Sound Off On 2010 Security Concerns

by

Research from the enterprise security experts at Webroot With the explosion of social networking sites like Twitter and Facebook in 2009, it’s no surprise cybercriminals have set their sights on these Web sites for new victims. Facebook now has over 400 million active users and Twitter has over six million — a sizeable pool of potential targets. These new threats are a cause of great concern for IT managers and businesses. Webroot recently surveyed over 800 IT professionals in the US, UK and Australia, at companies ranging from 100 to 500 people in size, to learn what are their biggest concerns for […]

Continue Reading »

Phishing Campaign Targets Frequent Fliers

by

A variation of a phishing scam aimed at members of American Airlines’ AAdvantage program is circulating again. With links to a phishing Web site embedded in a spam message, the scampaign promises (in characteristically broken English) that all participants in a survey will receive, depending on the campaign, either $100, or “$50 & 25,000 miles” credited to their account. The spam messages are appearing not only in email inboxes, but also as posts on what appear to be compromised blogs. The messages usually include the following text, signed by “American Airlines Reward Department,” obvious errors and all: We are proud […]

Continue Reading »

British Music Awards Draws Web Scams

by

Music fans may already be aware that next Tuesday the British music industry will honor the top acts of the year at a ceremony known simply as The BRITs. What they may not know is that common Internet criminals have begun to target people searching for information about the artists and the music connected with the awards for attack. This will be the 30th ceremony held in the 33 year history of the awards. As in previous years, the BRIT Trust (a charity run by BPI, the UK’s recording industry trade association) will donate profits from the ceremony, including the […]

Continue Reading »

Tax-Themed Phishing Scams Cross More National Borders

by

Sometimes, the early bird gets the worm — and not in a good way. People who file their tax returns early are being targeted by a phishing scam that comes with the promise of a big income tax refund. Unlike previous tax-themed scams, which have been based on the stick — fake warnings or penalties supposedly issued by the Internal Revenue Service and its UK counterpart the HMRC — these carrot Tax Refund Online Form frauds promising payouts appear to originate from different countries’ tax authorities, notably those of India and Canada. We’ve come across a number of identical pages […]

Continue Reading »