Fake ‘UPS Delivery Confirmation Failed’ themed emails lead to Black Hole Exploit Kit

Fake ‘UPS Delivery Confirmation Failed’ themed emails lead to Black Hole Exploit Kit

Continuing their well proven social engineering tactic of impersonating the market leading courier services, cybercriminals are currently mass mailing tens of thousands of emails impersonating UPS, in an attempt to trick users into clicking on the malicious links found in the legitimate-looking emails.

Once they click on the links, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit.

More details:

(more…)

Pharmaceutical scammers spamvertise YouTube themed emails, entice users into purchasing counterfeit drugs

Pharmaceutical scammers spamvertise YouTube themed emails, entice users into purchasing counterfeit drugs

Pharmaceutical scammers are currently spamvertising a YouTube themed email campaign, attempting to socially engineer users into clicking on the links found in the legitimately looking emails.

Upon clicking on the fake YouTube personal message notification, users are redirected to a website reselling popular counterfeit drugs. The cybercriminals behind the campaign then earn revenue through an affiliate network.

More details:

(more…)

Spamvertised ‘Work at Home” scams impersonating CNBC spotted in the wild

Spamvertised ‘Work at Home” scams impersonating CNBC spotted in the wild

Online scammers often promise you the moon in exchange for virtually nothing besides a modest financial investment. They are largely successful due to the high number of socially engineered customers. However, sometimes they tend to play by the rules in order to avoid legal responsibility for the business failure of those who purchased the “too good to be true” product.

In this post, I’ll profile a currently circulating “Work At Home” scam that’s successfully and professionally impersonating CNBC in an attempt to add more legitimacy to its market proposition – the Home Business System.

More details: (more…)

Cybercriminals entice potential cybercriminals into purchasing bogus credit cards data

Cybercriminals entice potential cybercriminals into purchasing bogus credit cards data

With the ever-decreasing entry barriers into the shady world of cybercrime, potential cybercriminals themselves may sometimes become the victims.

A recently intercepted fraudulent email sheds more light into the process of how cybercriminals attempt to scam novice cybercriminals, and also puts the spotlight on the QA (Quality Assurance) practices within the cybercrime ecosystem, each and every time a transaction or a transfer of fraudulently obtained assets is about to occur.

More details:

(more…)

Fake Chase ‘Merchant Billing Statement’ themed emails lead to malware

Fake Chase ‘Merchant Billing Statement’ themed emails lead to malware

Cybercriminals are currently mass mailing tens of thousands of emails, impersonating Chase in an attempt to trick its customers into executing the malicious attachment found in the fake email. Upon execution, the sample downloads additional malware on the affected hosts, and opens a backdoor allowing the cybercriminals behind the campaign complete access to the host.

More details:

(more…)

Malicious ‘Sendspace File Delivery Notifications’ lead to Black Hole Exploit Kit

Malicious ‘Sendspace File Delivery Notifications’ lead to Black Hole Exploit Kit

Cybercriminals are currently attempting to trick hundreds of thousands of users into clicking on the malicious links found in the currently spamvertised bogus ‘Sendspace File Delivery Notifications‘.

Upon clicking on any of the links found in the email, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

(more…)

Fake ‘Flight Reservation Confirmations’ themed emails lead to Black Hole Exploit Kit

Fake ‘Flight Reservation Confirmations’ themed emails lead to Black Hole Exploit Kit

In the midst of the holidays season, cybercriminals are currently spamvertising tens of thousands of malicious “Flight Reservation Confirmations“, in an attempt to trick users into clicking on the link found in the fake emails. Once they click on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

(more…)

A peek inside a boutique cybercrime-friendly E-shop – part five

A peek inside a boutique cybercrime-friendly E-shop – part five

Seeking financial liquidity for their fraudulently obtained assets, novice cybercriminals continue launching new DIY cybercrime-friendly e-shops offering access to compromised accountsharvested email databases, and accounts that have been purchased using stolen credit card data,  in an attempt to diversify their portfolio and, consequently, increase the probability of a successful purchase from their shops.

In this post, I’ll profile one of the most recently launched cybercrime-friendly e-shops, continuing the “A peek inside a boutique cybercrime-friendly E-shop” series.

More details:

(more…)