Tag Archives: Phishing

Horrible blog going around about you? Or a Twitter phishing attack?

Malicious Twitter

You may not realise it, but your Twitter account is worth money.

Cybercriminals are keen to compromise your Twitter account, so they can spam out messages (either as public tweets, or less obvious direct messages to your online friends) in the hope that some recipients will click on the links.

What lies at the end of the links can vary. It might be a webpage offering you a new wonder diet, or a pornographic website, or a link to a download designed to infect your computer.

But first they need to commandeer your Twitter account, and the simplest way for them to do this is just to ask you for your Twitter username and password.

Here’s an example of the latest attack that has been seen on Twitter. The message arrives in the form of a direct message (DM), and has a pretty enticing reason for you to click on the link: more

UK student loans targeted by phishers in latest spam campaign

[Featured] CHFI & Digital Forensics Tutorial [Part 1] – Basics & FTK IMAGER Lab

With British students about to start another year at university, the last thing they probably want to hear is that there is a problem with a student loan.

But that’s precisely the camouflage that online scammers are using to steal personal information today.

An email, claiming to come from Directgov UK, tells students that there is a problem with the online account for their student loan, and they need to update their account urgently.

Here’s a typical spammed-out message we’ve seen in our traps:

Student loan phishing attack


Student Loan Update.

Message body:

Dear Student Finance Customer.

We at HM Government noticed your Student loan online log in details is incorrect and need to be updated.


Inline Verification. Directgov UK.

Attached file:

Student Loan Update.html

Clicking on the HTML attachment is not a good idea, however, as it will urge you to enter your details which are then sent via a website to the phishers.

Student loan phishing attack

Sophos products block the message as spam, and block the webpage that the HTML form is attempting to post the personal information.

Remember to always be suspicious of unsolicited attachments. Also, I would hope that a good student would have noticed the grammatical mistake in the phisher’s email..


Pictures of Osama Bin Laden phishing attack hits Twitter users

Phishers are once again on the prowl for unsuspecting Twitter users, tempting their prey with the promise of pictures of Osama Bin Laden.

Pictures of Osama Bin Laden

Pictures of Osama Bin Laden [LINK]

Some of the accounts had earlier posted a similar message (complete with some rather sloppy spelling):

Pics of Osama Bin Laden Are Finally Released! [LINK] ::wanring very gorry::

Clicking on the links takes you to what appears to be the normal Twitter login page.

Fake Twitter login page

Would you enter your username and password at this point?

Take a close look at the URL before you make that decision.

Pictures of Osama Bin Laden phishing url

Hopefully you notice that it’s not the real Twitter URL – it’s a phishing site set up to steal your username and password.

If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers.

Worst of all, if you’re one of those people who uses the same password as you use elsewhere on the internet – you’ve now told the cybercriminals how to access, for example, your Gmail, Hotmail or PayPal accounts as well.

If you found your Twitter account was one of those sending out the phishing messages, or if you made the mistake of entering your username and password, then you must change your password as soon as possible.

Not just on Twitter, but also make sure you’re not using the same password anywhere else on the net. You have to consider that password is now compromised.

There’s some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in “Account Settings”, and revoke access for any third-party application that you don’t recognise.

Phishing and YouTube marijuana videos send man to jail for 13 years

FBI logo

A Los Angeles man has been sentenced to a total of 13 years in jail after being found guilty of leading an international phishing operation, and growing marijuana on an industrial scale in his house.

27-year-old Kenneth Joseph Lucas II was sentenced after judges found the Los Angeles man guilty of leading the US branch of an international phishing operation that stole banking login details through spam email and bogus websites.

In addition, Lucas found himself on the wrong side of the law for growing more than 100 marijuana plants in his home, in a set-up which included an irrigation system, fans, indoor lighting and ventilation. He was clearly proud of his industrial scale marijuana operation as he posted videos on YouTube showing off his set-up.

What a plonker.

A fish, a frying pan, a marijuana leafLucas was the lead defendant in part of a multinational investigation known as “Operation Phish Phry”. The operation, which spanned the United States and Egypt, led to charges against 100 individuals in total – the largest number of defendants ever charged in a cybercrime case according to an FBI press release

As a result of Operation Phish Phry, 47 people have been convicted in federal court in Los Angeles.

Here’s how Operation Phish Phry worked.

Egyptian scammers would spam out emails that claimed to be from online banks. Victims would receive the emails, click on the links, and be directed to fake websites that pretended to be the online banks and enter their passwords, account numbers and other personal identifiable information.

The victims’ real bank accounts would be broken into, using the stolen information, and scammers in Egypt would transfer funds from the compromised accounts into other accounts.

Meanwhile, the US part of the phishing ring run by Lucas and two others recruited runners to set-up and use bank accounts which received the stolen funds.

The ring leaders would alert the runners through various methods (SMS, internet chat, and phone calls) to withdraw the cash and send it to them via Western Union. A portion of the money stolen was then transferred via wire services to the Egyptian gang members.

The total amount of money stolen in this way was estimated to be more than $1 million.

So, don’t doubt that the threat is real – and significant amounts of money have been stolen through phishing. Banks and consumers alike need to take security seriously and make it harder for criminals to break into accounts and steal our hard-earned cash.

Sophos has published some best practice guidelines to help you avoid being phished.



Beware shortcuts for getting more followers on Twitter

There are various different ways of getting more followers on Twitter.

The easiest method is to be a celebrity. It doesn’t matter if you tweet anything interesting, you’ll probably find a fair number of people will follow you regardless.

Alternatively, you could try to tweet something that people find useful or amusing or informative on a regular basis. If you put in the hours, write great tweets and be yourself then you may find others are happy to follow you and engage with you online.

But if both of those options sound far too tricky, you might be tempted to try the Twitter equivalent to a “get rich quick” scheme in your hunt for more followers.

Take these messages which are currently appearing on Twitter, for instance:

Get more followers tweets


If you are tempted to click on the link, you will be taken to a webpage which offers you a service that promises hundreds or thousands of new followers. Many different websites exist like this, here’s just two of the sites we have seen being used in the current campaign.

Get more followers webpages

Although the graphics differ, the basic template of the site remains the same – including options to either pay for a VIP plan or try out a free service that promises hundreds of new followers.

I must admit I smelt a rat, and so I created a brand new Twitter account to see what would happen if I tried out the “free trial”.

Get more followers username and password request

Hello hello.. what’s this? The pages ask you to enter your Twitter username and password. That should instantly have you running for the hills – why should a third-party webpage require your Twitter credentials? What are the owners of these webpages planning to do with your username and password? Can they be trusted?

In the bottom right hand corner, they admit that they are not endorsed or affiliated with Twitter.

Now obviously I wasn’t going to handle over the password for my @gcluleyTwitter account, so I entered the login details for the test account I had just created instead.

Before I knew it, I was presented with a familiar Twitter dialog box asking me if I really wanted to grant an application access to my Twitter account.

Get more followers authorise app

Common sense would hopefully tell you to step back at this point, and not allow the app’s authorisation. But if you’re hungry for new followers maybe you would continue, oblivious to the risks.

But sadly, some people are too keen for new followers. And they pay the price in the form of a message promoting the followers service is posted to their feed. In this way, the links can spread rapidly between Twitter users.

Get more followers tweets

What surprised me the most however is that I started to get many more followers on my test Twitter account. Other, seemingly random, Twitter user began to follow my test account in huge swathes and my account began to follow seemingly random people in return.

Although this may seem like a good thing, it isn’t. After all, the rogue app has now made your account follow scores of seemingly random Twitter users – if you have no interest in what they have to say, you’re going to find that pretty irritating.

Blue birdFurthermore, if you’re just playing a numbers game on Twitter you’re fooling no-one but yourself. It doesn’t actually matter how many people in total follow you on Twitter – what’s much more important is how many people arelistening to what you’re saying on Twitter.

It’s no good, for instance, if you have five million Twitter followers but there aren’t actual people sitting behind them, reading what you have to say.

In other words, these “get more followers fast” apps are a waste of time. You’re not interested in what random people are saying on Twitter, so why should random people care about what you have to say?

Furthermore, whose to say that some of these new people who you are following are not cybercriminals, planning to tweet out malicious links or spam messages in your direction?

So, what should you do?

Well, if you fell for the trap and granted the rogue application access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Applications and revoking the offending app’s rights.

Revoke Twitter application

But don’t forget that you entered your username and password on the third-party website too! That means you should consider your password to now be compromised, and you should change it as soon as possible.

Remember – the fact that you gave them your username and password means they could in theory log into your account and read any of the information you store up there – including your email address and your private direct messages.

If you take no action against attacks like this, don’t be surprised if the unknown parties who now have control over your Twitter account use it to commit crimes or cause a nuisance.SRC

Government officials, activists targeted in Gmail attack

FILED UNDER: PrivacyData lossFeatured

Gmail logoGoogle has posted to their blog information about a targeted attack against the personal Gmail accounts of US government officials, political activists, military personnel and journalists.

Mila from contagioblog provides much more detailed information about the attacks. The messages appear to be handcrafted and spoofed to seem to be from governmental colleagues of many of the victims.

Gmail view/download linksNormally attachments in Gmail appear with a paper clip and links to view or download the item. The attackers created HTML that used fake attachment links that actually lead to a phishing page designed to look identical to the Gmail login page.

Mila wrote about these attacks in February, but the big news is Google sharing this information publicly. Most organizations prefer to keep security problems to themselves and maintain the illusion that their services are perfectly secure.

While this attack is not specifically a problem with Gmail, it is a widespread security weakness in many cloud services. Google sharing information with the public about how these attacks are executed helps all of us learn from these situations and build better systems.

Google gives some good advice in their post, although it seems strange that they feel the need to push Google Chrome as a solution to all security problems…

Gmail sign inHow should we respond to this news? We should take a moment to remind our users about best practices when using web-enabled technologies.

If you are ever presented with a login screen in your browser and you didn’t type in the address of the site you are trying to visit, close the window. Only enter your password into pages where you entered in the URL.

Contact me at : contactme.bijay@gmail.com




How to avoid falling for scams, phishing and bot masters

Denial of service attack illustration

One botnet can send up to 30 billion emails a day


We recently saw the destruction of a ‘botnet’, a collection of computers around the world that are, without the knowledge of their owners, dedicated to sending out spam messages – unsolicited offers for dodgy deals.

After it was taken down the volume of spam messages being sent each day dropped an enormous amount, according to security researchers.

We are going to investigate what a botnet is, why it’s important to keep your computer secure to avoid becoming part of one, and the link between botnets and organised crime.

Phishing and spam
It used to be the case that computer viruses were written by people with nothing more malicious on their minds than vandalism, at worst. But nowadays most viruses and other forms of malicious software are created by or for criminals who use them to extract or extort money from unsuspecting internet users.

One example most of us will have come across is the ‘phishing’ email, which arrives in a user’s inbox and suggests that their account at some bank or other, or Ebay or Paypal, has been breached, or is up for renewal or otherwise needs to be validated. By clicking on the link in the email, the user is taken to the criminal’s own website instead of the genuine login page.

The user then enters their username and password and this is then used by the criminal to break into the user’s account either to directly steal money, or for other uses – if it’s an Ebay account, it may be used to set up fake auctions or to place fake bids on the criminal seller’s own auctions, for instance. Similarly, conventional spam emails usually offer dubious health treatments, super-cheap watches and get-rich quick schemes.

What these have in common is that both sets of emails are being distributed by botnets, collections of computers (known as ‘bots’, short for robots) under the control of a criminal.

The old way to send spam
Before the days of botnets, spammers would send email from their own computers, or using services that would send out millions of emails at a time for them. But anti-spam techniques improved and could detect and filter all the emails coming from a single PC.

Spam and phishing are volume businesses – they depend on sending out millions (or even billions) of messages in the hope that a tiny percentage of recipients will click on them. If you are sending enough emails, even that tiny percentage is worth big money.

What spammers needed was a way to distribute very large numbers of emails that were impossible to trace to a single source. The solution was provided by unscrupulous programmers, hired by organised criminals to create viruses.

Instead of creating a virus that steals information, the new type of virus installs a piece of code that instructs an infected computer to churn out thousands of emails. Because the computers are distributed across the world, the resulting emails are harder to identify as a single spam attack.

How does it work?
To begin with, the operator (the ‘bot master’ or ‘herder’) will send out emails containing viruses to a large group of people – this itself may be done by a botnet.

Users who open the email attachments and run them will have their computers taken over, but there may not be any signs that this has happened.

Unlike with other malicious software, there may be no reason to think that your computer is being used for malicious acts, other than a slowing down of internet speed, or general computer speed. However, both of those are common even on uninfected computers so it’s not easy to judge.

Once the computer is infected with the ‘bot’, it will connect to the bot master’s computer somewhere on the internet. When a spammer or criminal wants to use the botnet they will pay to hire it for a set period.

For as long as the spammer continues to pay, the botmaster will instruct all the computers in the botnet to continue sending out spam. The authorities are on the case, as are technology and security companies.

Microsoft-coordinated raids by US Marshals in March saw the end of the Rustock botnet, which controlled up to two million computers and was sending up to 30 billion emails a day. At its most potent in 2010 it was responsible for nearly two thirds of all spam sent.

Our verdict
The way to stay safe online is the same as ever: first, treat email attachments with suspicion, even if they appear to come from friends, and don’t click on links in email unless you know for sure that they are legitimate.

Ensure your security or anti-virus program is up-to-date, working properly and running regular scans.

Use the latest release version of your web browser and make sure Windows (or whatever operating system you are using) has all the latest updates installed.


Read more: http://www.computeractive.co.uk/ca/news/2041872/avoid-falling-scams-phishing-bot-masters#ixzz1O0qugCxW
Software, gadgets, magazines and more in our webstore. Click here to see our latest offers.

Contact me at : contactme.bijay@gmail.com