In an effort to clean up after a phishing attack on Twitter, Twitter is targeting some Twitter accounts as "possibly compromised", and proactively disabling the current password for the account, and sending a "Please change your twitter password" email, which asks you to "please create a new password by opening this link". While we give them a great deal of credit for being so proactive, the irony is that the email Twitter is sending looks just like the phishing efforts that lead to this problem in the first place! So, if you get a "Please change your twitter password" email, what should you do? Read on.
|
Articles on PhishingIn an effort to clean up after a phishing attack on Twitter, Twitter is targeting some Twitter accounts as "possibly compromised", and proactively disabling the current password for the account, and sending a "Please change your twitter password" email, which asks you to "please create a new password by opening this link". While we give them a great deal of credit for being so proactive, the irony is that the email Twitter is sending looks just like the phishing efforts that lead to this problem in the first place! So, if you get a "Please change your twitter password" email, what should you do? Read on. Not content with sending fake Amazon confirmation emails, the outfit sending out the Canadian pharmacy spam is now sending out fake Amazon.com order cancellation emails, too, claiming that your Amazon order has been cancelled. "Amazon.com - Your Cancellation (0046-68878-96071)" says the email's subject (although the "order number" may change) - but of course the link to check "ORDER INFORMATION" really takes you to a Canadian pharmacy spam site, hawking Viagra, Cialis and the like. In the example below, the fake cancellation contains links to http://www.dinnerinperu.com/quadratical, which redirects to http://weightbreezy.com, which is a Canadian pharmacy spam site. A spate of fake "Amazon.com - Your Confirmation" emails is making the rounds - they are phishing emails, with the supposed 'Amazon' links actually being hidden links going to such interesting places as http://drevmash.alfaspace.net/admiral.html, http://gofiberzone.com/upper.html, and meeknew.com. The subject (which so far appears to use the same "confirmation" number for everyone), is "Amazon.com - Your Confirmation (0113-567494-3518071)" and supposedly comes from the email address order-update@amazon.com. In reality, they are coming from IP address 124.217.216.112, and the emails are sent from (almost certainly spoofed) email addresses such as claude.simpson@ameritrade.com and lwjtvbwrqksz@young-world.com. As is so often the case, what appears to be an evil mastermind plot really turns out to be a petty criminal looking to support their drug habit. This is as true of phishers as it is of the armed muggers of yore. Interestingly, GE Capital helped to make the identity and financial account theft easy enough for even the most strung-out druggie to accomplish. A plague of rogue Facebook applications that are stealing user credentials - such as usernames and passwords - has been sweeping Facebook in the past week. The phishing Facebook apps work the same way that many other applications do - including sending an email to your Facebook friends, with links to click on, and when you type in your username and password, BAM! Your login credentials have been stolen. Not content with tricking victims into giving up private identity information via email, phishers are increasingly turning to text messaging to scam account numbers, credit card numbers, social security numbers, and more from their targets. How many times have you received email that purports to be from a friend, or from someone with whom you do business, only to find out that you nearly got taken in by a fake? We here at the Internet Patrol, and our parent company, the Institute for Social Internet Public Policy, are offering readers of the Internet Patrol an exciting opportunity to take part in the testing of a new browser add-on that will help to protect you against such spoofing. Stupid users are the worst problem on the Internet, according to this survey of more than 600 Internet users. Firefox and IE both have site blocking (or at least, site warning) built into their current iterations. Google also does site blocking now. All do site blocking based on some metric, known only to them, that tells them that a site is more likely than not to be a malicious site, such as a phishing site, or a site loaded with spyware. The problem with site blocking browsers and site blocking search engines such as Google is that sometimes they get it wrong. There has been a new rash of "Receipt for your payment to" eBay Paypal phishing spam which is intended to elicit a shock response causing the target to rush to log into their Paypal account to figure out why they are being charged hundreds to thousands of dollars for an eBay purchase which they know that they didn't actually make. Paypal has announced that they are going to block the Apple Safari web browser, along with a few other browsers. The online payment service, purchased by eBay for $1.5B back in 2002, in the good old days of rampant Internet mergers and acquisitions, has become a frequent target of phishers and hackers. Anxious to recapture their good name and to offer to sellers and buyers alike a more secure environment, PayPal plans to discontinue support for web browsers that do not include anti-phishing capabilities. If this plan goes through, PayPal will block Safari and older versions of Internet Explorer, Firefox, Opera, and Netscape. Paypal phish are as common as the cold. Here, the newest one claims that there have been foreign attempts to log into your Paypal account, and explains that if it wasn't you (which, of course, it wasn't) you should click on the link to verifiy your identity. Where does the link really go? Not to Paypal, that's for sure. In fact, it really goes to http://i-195-137-106-138.freedom2surf.net/login, which is a very convincing Paypal phishing site. Countless people have received email which appears to come from eBay, with the rather alarming message "eBay Unpaid Item Dispute for Item", adding to the urgency with "Response Required". If you get one of these and your first response is "Huh? I don't have any open items for sale at eBay" or even "Huh? I don't have an eBay account", you're not alone. Because this is the newest phishing attempt to spoof eBay. A new round of phishing spam, phishing for Gmail account information, along with your date of birth and citizenship, was unleashed on the Internet this week. "Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently," reads the subject. Amazingly real looking phishing emails supposedly from the Better Business Bureau (BBB), and also "from" the IRS, are making the rounds. In the case of the BBB email, it claims that someone has lodged a complaint with the BBB against your business. This latest batch is particularly sinister because when you click on the link to look at the "complaint", it downloads a particularly malicious keylogger on to your computer. Lots of people are receiving a purported "customer notice" from eBay. It starts out "Please note that this is a system generated email." And goes on to state that "eBay has sent you this message to remind you its time to update your account details. To ensure your account continues to function normally it is recommended you update your details." It looks very real, but it's actually a phish originating from Moldova. MySpace has announced that it has filed a lawsuit against the once (and future?) King of Spam, Sanford Wallace. MySpace says that Wallace "implemented a phishing scheme to falsely gain access to MySpace user profiles. Wondering why your address bar (the URL bar - where you type the web address you want to visit) has turned green? Why you're looking at a pop-up that says "Website Identification - VeriSign has identified this site as:" and "Should I trust this site?"? The latest round in McAfee Antivirus heartache has people complaining that perfectly legitimate and innocent websites are being called "phishing sites" by McAfee. In addition, McAfee is wreaking havoc with Lotus Notes, causing computers to freeze, and locking programs, sometimes requiring a complete reinstall. And if your McAfee antivirus program identifies any of usersid.exe, imjpinst.exe, ecenter.exe, ntfstype.exe, adobeupdatemanager.exe, gtb2k1033.exe, 43gcjvgahnu44.ths, excel.exe or graph.exe as malicious files, well, don't take its word for it, and don't delete them! Phishing - the act of someone trying to get information from people over the Internet - is a big problem. Spear phishing - the act of targeting a particular organization to try to get confidential information via the Internet is a newer, but equally big problem. The United States Coast Guard has mandated that all of its personnel who have access to the Coast Guard's network must be educated about phishing in general - and spear phishing in particular - immediately. A new report out by online security firm Symantec indicates that the fastest and largest growing sector of online security attacks are attacks against home users and their computers. Hometown Favorites is being used as phish bait, and it appears that someone has breached their customer list. The phish being sent out in their name warns customers that "We recently tried to charge your credit card for your HomeTownFavorites.com order, and it was rejected by the bank because it has no complete infomation." A brand new phishing attempt invokes both Starbucks and Paypal, and starts out by saying "This email confirms that you have a pending payment to Starbucks (sales@starbucks.com) $119.88 USD using PayPal. This credit card transaction will appear on your bill as "PAYPAL *StarbucksStore"." Don't fall for it! Of course, all the links which appear to go to PayPal really go to a newly registered site called qunxy.com. Don't go there! With tax season upon us, and tax day - April 15th - just around the corner, the phishers are in full swing, sending out phony phishing emails which look like they come from the IRS. People using Yahoo Messenger are receiving Yahoo instant message phishes which are realistic enough to reel in their victims. The phishy Yahoo messenger messages offer up a link to what appears to be a Yahoo Photos website, saying "click on this website." A fake email from the IRS telling you that you have a tax refund, and to go to the govbenefits.gov website isn't really from the IRS at all. It's a phish. Don't fall for it! Netcraft is giving away an iPod a month, and all you have to do to enter the contest is report phishing sites with the Netcraft Toolbar! There is a new PayPal phishing campaign going on. It warns you about a "New email address added to your PayPal account!" The DMA has announced that they are requiring all of their members to adopt an email authentication mechanism. According to them, "there are several interoperable, inexpensive and easy to implement solutions available on the market today." Identity theft protection in the form of a new phishing law has come to California. It not only outlaws phishing, but gives individuals who were scammed by phishers the right to sue. Iconix has announced a new anti-phishing device: Iconix eMail ID visual email identification. W32.Sinnaka.a is the hook which phishers are using to scare people into buying Spy Trooper, World AntiSpy, PS Guard and Raze Spyware, some of which are merely repackaged versions of other rogue spyware programs, such as SpyDemolisher, SpySheriff, and SpywareNo. They are doing it with fake Windows Security Center sites and bogus W32.Sinnaka.a virus alerts. Don't let it fool you. Hurricane Katrina email hoaxes are already starting to fly, to add insult to the horrible injury already suffered by the thousands of people in Katrina's path. This first Hurricane Katrina email hoax claims that the Red Cross will donate money for each email sent. Yesterday Microsoft announced its new free anti-phishing add-in for the MSN search toolbar, claiming it to be "the first such technology." Today Earthlink lobs a shot across Microsoft's bow, saying "not so." Phishers are thwarted and games are enjoyed with new anti-phishing and game add-ins, each offered free by Microsoft for their MSN search toolbar. Free download available at the MSN website. A new survey says that women have safer web surfing and Internet security habits than do men. Some question these findings, while others point out that neither is being particularly safe. Argentine authorites have arrested fifteen people in a multinational phishing scam, and, separately, the U.S. FBI has arrested 8 people in a global online piracy investigation, spokespersons for the agencies have said. In the phishing scam, which was truly international, police arrested suspects from ... A high school student has been identified as the mastermind behind a phishing scheme involving a fake banking website. According to authorities in Korea, the teenager, identified only by his surname 'Kim', managed to get personal and financial data from seventy-seven targets ... Cloudmark has released a report they commissioned on phishing and identity theft..the results are pretty interesting: SAN FRANCISCO, June 30 /PRNewswire/ -- Cloudmark Inc., the proven leader in secure messaging from the desktop to the gateway, has completed groundbreaking research ... In case you had any doubts about the global nature - the complex world-wide intricacies - of phishing networks, doubt no more. Case in point: Douglas Harvard and Lee Elwood were both sentenced in England this week to several years in jail ... A spam postcard posing as a friendly postcard which is really a Trojan postcard. (Shades of Sir Winston!) Security firm Sophos is warning of a "spam postcard", which appears to come from someone you know (as does so much spam ... REDWOOD CITY, Calif., June 30 -- Postini, the industry's leading provider of email security and management services, today announced that phishing attempts in June were once again on the rise and had increased sharply compared with the previous month. The number of phishing ... Microsoft has this week issued an advisory on a new trick which phishers are playing with users' web browsers, including Internet Explorer, although other web browsers can be manipulated as well. The trick involves the use of overlapping browser windows which ... It must be the week for cute web animations. First Consumer Union did their cute web animation lampooning drug ads, and now the Federal Trade Commission has released a web animation for Fathers' Day, featuring a father fish teaching his little fishies ... Just in time to make Memorial Day weekend really memorable, both AOL and Yahoo Instant Messengers are being targeted, the former by an Internet worm, the latter by a phishing scam. "hehe i found this funny movie", says your AOL AIM Instant Messenger ... Aunty's bank has this system in place. It's a pain in the neck, but a good way to be sure that you are actually at your bank's website. Of course, it requires you to remember what the extra image and phrase ... Groups and individuals being dubbed as Internet vigilantes are taking matters into their own hands when it comes to phishers and their phishy sites, and are using their hacking powers for good (they would argue) by hacking into phishing sites and defacing and ... [Spam Wars author Danny Goodman doesn't just write about spam wars - he's actively engaged in the trenches. Here, guest author Danny Goodman, fresh from the ordeal, tells us about taking aim at a phisher just last night.] May 10, 2005 Imagine That: Phishers ... A new, and oh-so-simple and deviously obvious scam has hit the Internet. According to a report in iAfrica, phishers are now purchasing ads on search engines such as Google, offering cheap airline tickets, and then sitting back and waiting for unsuspecting bargain ... Microsoft this week filed lawsuits against 117 phishers. Using trademark law, Microsoft is claiming trademark infringement by the phishers, based on the phishers creating copycat websites which mimicked Microsoft sites, and which were intended to trick users into believing that they were ... A particularly effective phishing scam has targeted Yahoo Messenger this week. The reason it is so successful is because the phishing scam involves the Yahoo Messenger user being sent an IM message which appears to come from someone on the user's ... From Across the Pond, written by Andrew Robinson over at Spamfo: Phishing operations have begun using DNS wildcards and URL encoding to create email links that display the URLs of legitimate banking sites, but send victims to spoof sites designed to steal their ... eBay is working frantically to fix a bug in their software which allows phishers to do their phishing dirty work using real eBay URLs in their phishing efforts. eBay is calling the phish-friendly problem a "software bug" which can be used ... Who says that the Electronic Frontier Foundation (EFF) doesn't have a sense of humour! Anybody who does will be handily proven wrong by a look at their new "Endangered Gizmos" list, over which anybody should get a chuckle (not to mention ... Aunty has a firm belief that anybody who has a vested interest in charging money for keeping you safe from harm is likely to have a vested interest in perpetuating the threat of that harm - otherwise they run the risk of ... Here's an interesting question: if you are the victim of phishing, and are unaware that you have been phished, and as a result of that phishing, the phisher gets enough information to drain your bank account, who - other than the phisher ... From Across the Pond, courtesy of Chris Hunter over at Spamfo: UK police have arrested a 21 year old man from Blackpool who is suspected to be behind an email phishing scam. The phishing attempts were aimed at UK online bank Smile who are part of ... The newest spam scam to hit eBay users is a spam which is infected with what is known as a "keylogger". When a user opens the infected email, which then has them log into their eBay account, it can record the keystrokes ... Have you ever seen a phishing mule? No, it's not a new act on Animal Planet. In this context "mule" is slang for a low-level operative in a criminal organization whose job it is to act as a courier for contraband - usually money or ... Timothy Leary would be proud. As a nation we are turning away from lurid sex displays in which women are debased and objectified, and turning towards drugs. At least in our spam. According AOL, and based on a recent analysis of their ... Many of you have heard Aunty pile accolades on anti-spam program Cloudmark for their unique and highly effective way of stopping spam for their users: they have a network of several dozens of thousands of "reporters", and when a certain number of ... Microsoft, AOL, Earthlink, and several other industry giants, along with the FBI, the FTC, the U.S. Secret Service, and the USPS announced today the formation of Digital PhishNet, a collaborative initiative designed to take phishers down by arresting and convicting them. "The key to ... Domain Keys is another flavour of email sender authentication, along with SPF and Microsoft Sender I.D., designed to help ensure that email which claims to be from Sender X is in fact from Sender X. Developed last year by Yahoo, and deployed ... |
||||||
About TIP About Anne
Search Categories
arsalan: i lost my samsung 3500 plz help me brother. read Chris: Wow, seriously? I'm just going to pirate my stuff from now on. Good job guys! read Becky: I'm having the same issues with my hotmail today.... can send e-mails, but not receiving any new ones. read C: Absolutely insane!!! read Ravi: down again for 4 hrs read Guy: Will you fucking faggots get the server up again? How hard can it possibly be? read Sue: Yep, same problem here, can send, but can't receive anything new - thought it was just me :) read Cathy: P.S. it's now 10:03 AM CDT so that's 3-1/2 hours -- I've reported the outage at downrightnow.com also. read
Search |
Chatroulette Exposed - Russian Roulette Video Chat Site with Pervs Instead of Bullets in the Chamber Top Ten Articles
Full List of Categories
Amazon
|
