Here is the full text of one of the newest Wells Fargo Phishing Spam, which started showing up this month (May, 2014). This one comes with an attached HTML file named “Wells Fargo Instruction Form.html”. Whatever you do, don’t download or open it!

A new batch of phishing emails, supposedly from TigerDirect.com, went out this week. Using social engineering to make you think that a costly order has been placed in your name, the email seeks to create a sense of urgency that will cause you to click on the links contained in the email, which of course go to the phishing site.

If you get an email saying that your password on Pinterest was successfully changed, and you know that you didn’t change your Pinterest password, don’t go running to Pinterest, and definitely don’t click any links, before reading this!

A couple of weeks back, the hacker group Rex Mundi blackmailed AmeriCash Advance, demanding that the payday lender give the group around $20,000. If AmeriCash Advance didn’t pay up, Rex Mundi would publish the thousands of loan-applicant records it stole from the payday lender. Now, a couple of weeks later, AmeriCash Advance hasn’t paid the extortion fee, so Rex Mundi did in fact publish all those loan-applicant records. This is a newsworthy story in its own right, but what really makes it important is that it reveals how utterly unsecured so much of our private information (Social Security numbers, credit card numbers, banking data, etc.) is. And our private information and other data are not just vulnerable to skilled hackers – it’s vulnerable in general because it is often so poorly protected.

Google is hard at work on a lot of things, including one of the most important and difficult things of all: improving Internet security. Five years ago, Google introduced Safe Browsing, an effort designed to protect Internet users – people who browse with Chrome, Firefox, or Safari, as well as anyone who searches the Web with Google – from malware and phishing. Through this effort, Google detects, among other things, 9,500 malicious sites every day. Allow us to repeat that: Google detects 9,500 malicious sites every day.

A rash of fake Verizon Wireless account notifications hit the Internet this week, showing outrageous charges that are, supposely, hitting your bill. They have the subject line of either “Thank You for your Verizon Wireless Payment” or “Your Bill Is Now Available”. Of course, the links take you to all sorts of spam and scam sites, so don’t be taken in. Here are some examples of the fake notices, with links to places such as https://www.theinternetpatrol.com/brick-wall/, https://www.theinternetpatrol.com/brick-wall/ and http://www.mayphe.com.br/DyXEBK63/index.html.

“TWITTER: Someone has a crush on you!” the subject of the email says as it announces that someone has a Tweetcrush on you. “You have been sent a Twitter Crush,” it goes on to say. Bologna. It’s a phishing scam, pure and simple. But, it’s a pretty compelling one, given how ‘authentic’ the site, which is hosted at ktwitteri.com, looks, where they steal your Twitter username and password.

Two massive spam runs were unleashed on the Internet today, and odds are very good that you will receive at least one of the two. Either you will be offered the opportunity to “Buy Cheap Watches (Rado,Rolex) and other products!”, or you will be told that you have received an “Electronic Federal Tax Payment System Notification number” (with some number appended at the end). Or, perhaps you’ll be extra-popular and receive both spams.

Did you get an email from Amazon telling you about an order that you don’t remember ordering? That’s probably because you didn’t – it’s a phishing scam! Don’t fall for it! The “Your Amazon.com Order” email, which purportedly comes from “digital-no-reply@amazon.com” actually is an effort to get you to point your web browser to BookSalon.kr (the actual phishing URL is https://www.theinternetpatrol.com/brick-wall/.

In an effort to clean up after a phishing attack on Twitter, Twitter is targeting some Twitter accounts as “possibly compromised”, and proactively disabling the current password for the account, and sending a “Please change your twitter password” email, which asks you to “please create a new password by opening this link”. While we give them a great deal of credit for being so proactive, the irony is that the email Twitter is sending looks just like the phishing efforts that lead to this problem in the first place! So, if you get a “Please change your twitter password” email, what should you do? Read on.

Not content with sending fake Amazon confirmation emails, the outfit sending out the Canadian pharmacy spam is now sending out fake Amazon.com order cancellation emails, too, claiming that your Amazon order has been cancelled. “Amazon.com – Your Cancellation (0046-68878-96071)” says the email’s subject (although the “order number” may change) – but of course the link to check “ORDER INFORMATION” really takes you to a Canadian pharmacy spam site, hawking Viagra, Cialis and the like. In the example below, the fake cancellation contains links to https://www.theinternetpatrol.com/brick-wall/, which redirects to https://web.archive.org/web/20211230152715/http://weightbreezy.com/, which is a Canadian pharmacy spam site.

A spate of fake “Amazon.com – Your Confirmation” emails is making the rounds – they are phishing emails, with the supposed ‘Amazon’ links actually being hidden links going to such interesting places as http://drevmash.alfaspace.net/admiral.html, https://www.theinternetpatrol.com/brick-wall/, and meeknew.com. The subject (which so far appears to use the same “confirmation” number for everyone), is “Amazon.com – Your Confirmation (0113-567494-3518071)” and supposedly comes from the email address order-update@amazon.com. In reality, they are coming from IP address 124.217.216.112, and the emails are sent from (almost certainly spoofed) email addresses such as claude.simpson@ameritrade.com and lwjtvbwrqksz@young-world.com.

As is so often the case, what appears to be an evil mastermind plot really turns out to be a petty criminal looking to support their drug habit. This is as true of phishers as it is of the armed muggers of yore. Interestingly, GE Capital helped to make the identity and financial account theft easy enough for even the most strung-out druggie to accomplish.

A plague of rogue Facebook applications that are stealing user credentials – such as usernames and passwords – has been sweeping Facebook in the past week. The phishing Facebook apps work the same way that many other applications do – including sending an email to your Facebook friends, with links to click on, and when you type in your username and password, BAM! Your login credentials have been stolen.

Not content with tricking victims into giving up private identity information via email, phishers are increasingly turning to text messaging to scam account numbers, credit card numbers, social security numbers, and more from their targets.