Posts Tagged: phishing


Research: proper screening could have prevented 67% of abusive domain registrations

by

On a daily basis, spammers register thousands of new domains across multiple domain registrars, and take advantage of WHOIS privacy services to ensure that security researchers and anti-spam fighters will have hard time taking them down. So what can we do about it? According to a newly released research by Knujon.com, proper screening could have prevented 67% of those abusive domain registrations. More details:

Continue Reading »

How phishers launch phishing attacks

by

Just like in every other industry, participants in the cybercrime ecosystem are no strangers to the concept of standardization. Standardization results in efficiencies, which on the other hand results in economies of scale. In this case, malicious economies of scale. Just how easy is it to launch a phishing attack nowadays? What tools, and tactics are at the disposal of phishers aiming to efficiently socially engineer hundreds of thousands of users? In this post, I will profile the Ninja V0.4 Social Engineering Phishing Framework – an advanced platform  for executing phishing attacks in a DIY (do-it-yourself) fashion.

Continue Reading »

Brazilian “Winehouse” Trojan Sends Hotmail, Bank Passwords to China

by

Late Monday, after news about the death of troubled pop singer Amy Winehouse had been circling the globe for a little more than 48 hours, we saw the first malware appear that used the singer’s name as a social engineering trick to entice victims to run the malicious file. Abusing celebrity names, news, or even deaths isn’t a new (or even particularly interesting) social engineering tactic, but there was one unique aspect to this particular malware’s behavior that raised some eyebrows around here: It appears that Brazilian phisher-Trojan writers seem to be working more closely with their Chinese counterparts, using […]

Continue Reading »

Phishers Cast Their Nets in the Social Media Pool

by

By Ian Moyse, EMEA Channel Director It can seem at times that the only people who like change are Internet attackers. And they don’t just like it—they need it. Technology’s rapid changes give cybercriminals new attack vectors to exploit, and new ways to turn a profit out of someone else’s misfortune. Take phishing, for example. The concept is simple: Send an email disguised as a message from a bank, PayPal, or UPS. Wait for the user to click a link in the message, and enter their private details into a phishing site, and presto! The attacker attains financial or personal […]

Continue Reading »

Thre@t Reply: “Online Shopping” | Part 2 of 2

by

In the second of a two-part series with Threat Research Analyst Grayson Milbourne, we answer a question about how to stay safe when shopping online. In the previous video, Grayson discussed how to identify a phishing page. In this episode, he continues his discussion by explaining how to tell whether the site you’re trying to purchase something from is operating safely and whether the site is able to protect your personal information when you click the “buy” button. [vimeo 23488027] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or […]

Continue Reading »

Webroot Answers Your Security Questions

by

I’m very pleased to present today the first in a series of videos we’ve produced. The videos have the lofty goal of addressing the most pressing questions relating to malware, cybercrime, and online fraud. We’ll take you behind the scenes at Webroot and introduce you to some of our Threat Research team in the process. In this first video, Webroot’s Director of Threat Research, Jeff Horne, answers a question submitted to us via Twitter direct message about the motives behind most cybercrime, and whether there are any examples of malware or other types of malicious online activity that have been […]

Continue Reading »

Fishing for Phishers is a Full-Time Job

by

By Ian Moyse, EMEA Channel Director We seem to take phishing attacks for granted these days, in much the same way that we’ve accepted spam as a natural, and inevitable, by-product of email. Some experts believe that one of the best solutions to thwart phishing attacks is end-user training, but I doubt training alone can be a viable solution. Can we really train every computer user to be sufficiently security literate, such that anyone can distinguish a phishing message from a genuine bank email? I doubt that it is possible, especially given how specific the details in spear phishing (phishing […]

Continue Reading »

Tips to Avoid Tax Season Scams

by

By Jeff Horne, Director, Threat Research As tax season rolls around again in the US and UK, it seems like a good time to revisit the perils taxpayers face seemingly every year at around this time. Phishing attacks against taxpayers are already in full swing — not that they haven’t been going continuously since last year. But this is high season for scams involving Web pages that look like the IRS or HMRC’s own Web site. Scam messages typically contain dire warnings or outrageously large promises for a refund. The messages often are presented as if they originate from a […]

Continue Reading »

WoW Expansion Beta Likely to Spawn Phishers, Scams

by

Blizzard’s announcement today that they will begin a closed beta-test for the latest expansion pack is likely to generate a lot of excitement among that particularly low breed of online criminals who steal the fruits of other people’s entertainment when they commandeer passwords for other players. While it’s hard to believe that most players of online games aren’t aware of the profusion of phishing sites attempting to steal logins, the problem clearly isn’t going away, so the warnings remain the same: Keep a close eye on your browser’s Address Bar, and make sure you’re really logging into Blizzard’s Web site, […]

Continue Reading »

Phisher Puts Antiphishing Tool in the Crosshairs

by

A small-time Trojan has decided to butt heads with a big-time anti-phishing tool, and ended up with dirt on its face. The malware looks like a fairly generic clone of Trojan-Phisher-SABanks, with an extra feature that sounds like it might be a good selling point for cheap cybercrooks intent on stealing a few bank passwords for fun and profit. The trojan attempts to disable or delete parts of Trusteer’s Rapport anti-phishing software. And fails, miserably. One version of the Trojan drops, then executes, a batch file that attempts to delete the main application. Another drops a batch which targets a […]

Continue Reading »