Posts Tagged: social engineering


Pharmaceutical scammers spamvertise YouTube themed emails, entice users into purchasing counterfeit drugs

by

Pharmaceutical scammers are currently spamvertising a YouTube themed email campaign, attempting to socially engineer users into clicking on the links found in the legitimately looking emails. Upon clicking on the fake YouTube personal message notification, users are redirected to a website reselling popular counterfeit drugs. The cybercriminals behind the campaign then earn revenue through an affiliate network. More details:

Continue Reading »

Spamvertised ‘Work at Home” scams impersonating CNBC spotted in the wild

by

Online scammers often promise you the moon in exchange for virtually nothing besides a modest financial investment. They are largely successful due to the high number of socially engineered customers. However, sometimes they tend to play by the rules in order to avoid legal responsibility for the business failure of those who purchased the “too good to be true” product. In this post, I’ll profile a currently circulating “Work At Home” scam that’s successfully and professionally impersonating CNBC in an attempt to add more legitimacy to its market proposition – the Home Business System. More details:

Continue Reading »

Fake ‘Citi Account Alert’ themed emails lead to Black Hole Exploit Kit

by

Cybercriminals are currently mass mailing hundreds of thousands of emails impersonating Citi, using two different professionally looking email templates. Upon clicking on any of the links found in the malicious emails, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. More details:

Continue Reading »

Fake Chase ‘Merchant Billing Statement’ themed emails lead to malware

by

Cybercriminals are currently mass mailing tens of thousands of emails, impersonating Chase in an attempt to trick its customers into executing the malicious attachment found in the fake email. Upon execution, the sample downloads additional malware on the affected hosts, and opens a backdoor allowing the cybercriminals behind the campaign complete access to the host. More details:

Continue Reading »

Malicious ‘Sendspace File Delivery Notifications’ lead to Black Hole Exploit Kit

by

Cybercriminals are currently attempting to trick hundreds of thousands of users into clicking on the malicious links found in the currently spamvertised bogus ‘Sendspace File Delivery Notifications‘. Upon clicking on any of the links found in the email, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. More details:

Continue Reading »

Fake ‘Flight Reservation Confirmations’ themed emails lead to Black Hole Exploit Kit

by

In the midst of the holidays season, cybercriminals are currently spamvertising tens of thousands of malicious “Flight Reservation Confirmations“, in an attempt to trick users into clicking on the link found in the fake emails. Once they click on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. More details:

Continue Reading »

Malicious ‘Security Update for Banking Accounts’ emails lead to Black Hole Exploit Kit

by

Cybercriminals have recently launched yet another massive spam campaign attempting to trick e-banking users into thinking that their ability to process ACH transactions has been temporarily disabled. Upon clicking on the link found in the malicious email, users are exposed to the client-side exploits served by the Black Hole Exploit Kit. More details

Continue Reading »

Bogus ‘Facebook Account Cancellation Request’ themed emails serve client-side exploits and malware

by

Facebook users, watch what you click on! Cybercriminals are currently mass mailing bogus “Facebook Account Cancellation Requests“, in an attempt to trick Facebook’s users into clicking on the malicious link found in the email. Upon clicking on the link, users are exposed to client-side exploits which ultimately drop malware on the affected host. More details:

Continue Reading »

Fake ‘FedEx Tracking Number’ themed emails lead to malware

by

At the end of October, a cybercriminal or group of cybercriminals launched three massive spam campaigns in an attempt to trick users into clicking on a deceptive link and downloading a malicious attachment. Upon execution, the malware phones back to the command and control servers operated by the party that launched it, allowing complete access to the infected PC. This time they didn’t try impersonating USPS, UPS or DHL, but FedEx. More details:

Continue Reading »

Bogus ‘End of August Invoices’ themed emails serve malware and client-side exploits

by

Cybercriminals have recently launched yet another massive spam campaign attempting to trick users into clicking on malicious links or executing malicious attachments found in the spamvertised emails. More details:

Continue Reading »