Posts Tagged ‘Phishing’

Social Engineering

Social Engineering

Social engineering is perhaps one of the oldest tricks in the book and one of the easiest ways to undermine security, yet it often requires little in the way of technical knowledge.

It is practically a confidence scam used to gain information that can be used in an attack or security breach. Like all cons, it takes many shapes and forms.

Common Forms of Social Engineering

Phishing is one of the most common ways of tricking users into providing information, and it usually involves emails designed to target specific businesses and look legitimate in the process. Phishers often go to great lengths to make their emails look and feel legit, making them difficult to detect. (more…)

APWG ReportAccording to a report for the I quarter of 2013, presented Anti-Phishing Working Group (APWG), there is a pronounced downward trend in the number of phishing sites. However, phishing attacks are becoming more targeted and no longer resemble “a shotgun.”

In general, reducing the number of phishing attacks from January to March 2013 was 20%. As a result, the volume of phishing indicators are the lowest in all the time since October 2011. According to experts, this can be explained by the reduced number of virtual servers, which are carried out with a phishing attack. It is estimated Co Anti-Phishing Working Group Rasmunsena Rod (Rod Rasmussen), the number of phishing sites hosted on these servers, decreased over the period from October 2012 to February 2013 from 14,400 to 1,653. “Such a drastic reduction in their number could mean that hackers have begun using the servers is not for phishing attacks, and to spread malware, or DoS-attacks,” explains Rasmunsen. (more…)

Banking trojan for Android

Banking trojan for Android

The new banking trojan for Android spread via SMS-phishing.

The company’s specialists McAfee Labs discovered a new Trojan for the bank’s mobile operating system Android, identified by McAfee experts as Android / FakeBankDropper.A and Android / FakeBank.A.

A malicious program that operates mainly in South Korea, the program replaces the legitimate mobile banking provides its customers with local banks.

According to experts, the malware spreads via SMS-phishing. Typically, the mobile device of the victim comes fake an SMS-message, the sender is supposedly the Financial Services Commission. The message contains a request to install a new application on a device to protect against malware.


Spam and phishingSpam has become so commonplace for all that many on it almost stopped paying attention.

However, this is not a reason to be vigilant, as there are two types of fraud with spam, known as “phishing” and “spoofing” (from the English. Fishing and spoofing, respectively). Both of these methods involve the use of fake e-mail messages in which the “from:” field contains a forged sender information.

What is phishing?

Phishing e-mails are used to lure the user’s personal data, as well as information about his account. Also they can be used to force a user to download malicious software. Often in such reports suggest some that require immediate attention to problems with the account of the recipient. The letter will contain a link that leads to a fake website where you are asked to provide personal information, account information, or download a program, which is usually masked by the virus. (more…)

Microsoft Security EssentialsAdditional protection is designed to prevent conduct phishing attacks against users of the service.

According to the developers of Microsoft, the next time was in supports standard DMARC (domain-based message authentication, reporting & conformance), is a technology improve security authentication protocols in the email.

Support is currently DMARC implemented in such popular resources as Facebook, Paypal and LinkedIn. In this case, in order to implement this standard on these services is to improve the protection of users from phishing and spam.

“Our implementation DMARC help protect you, visually highlighting messages from legitimate sources – the experts explain. – If the sender supports DMARC, we will place the radio button next to the message that indicates the security letters. ” (more…)

NSS LabsIndependent research firm NSS Labs has implemented testing four popular browsers (Apple Safari 5, Google Chrome 21, Microsoft Internet Explorer 10 and Mozilla Firefox 15) for resistance to phishing attacks and published a report of the test results.

The experts noted that significant progress in the results, compared to the same test conducted in 2009. For the past three years, the average detection of threats has increased from 46% to 92%, and the average blocking malicious links decreased from 16.43 hours to 4.87 hours.

Testing was conducted over 10 days in the real phishing URLs to which appeared on the Internet. Tests are run every 6 hours, each time updating of malicious links. A total of 37 test runs.

All four tested browser showed excellent results, but Chrome 21 could barely ahead of the competition, although the difference is in the area of ​​statistical error, which is 2 percentage points. (more…)

Symantec CorpAccording to Symantec, in the past month, the flow of spam advertising, phishing and malicious messages increased slightly. The level of spam in email traffic was 75.0%, 2.7 points higher than in August.

More junk email from other suffering people of Saudi Arabia (84.9%), and the division by sectors of economic activity – educators (77.9%) and entertainment (77.6%). Among the countries that spammers are leading India (17.4% of spam traffic) and Saudi Arabia (11.7%). The top five for this indicator also includes the United States (6.1%), Turkey (5.1%) and Canada (4.9%).

The most common theme is illegitimate messages advertising pornographic and dating sites, which share in August increased to 47.93%. Flows have also increased advertising replica designer goods, offers employment and casino spam (12.49, 7.83 and 2.26% respectively). Farmaspama share in total garbage posts decreased by 5 points, but still significant (27.64%). (more…)

FIFA World CupFraudsters offer users to enter personal information to participate in the prize draw.

Symantec discovered several phishing sites that are presented to users in the guise of web-sites popular Brazilian financial services company that provides credit and debit cards. Web-sites are filled with images of popular Brazilian soccer players, as well as the logo of the World Cup.

Users to phishing pages offer some prizes, for participate you must register. After completing the form, the user is notified of successful registration, and all data sent to the attacker’s server.

The registration form is provided to define a name, social security number, date of birth, email address and password, and credit card information, including card number and PIN-code.

Notify Symantec can be found here.

What is “Phishing”

Posted: September 11, 2012 in Glossary
Tags: ,

PhishingPhishing – a type of the Internet fraud, which purpose — to obtain identification data of users. This includes stealing passwords, credit card numbers, bank account numbers and other confidential

Phishing is a fraudulent e-mail came to the notice from the banks, service providers, payment systems, and other organizations that, for whatever reason, the recipient urgently need to transfer / update your personal information. The reasons may be called different. This may be a loss of data, damage to the system and so on.

Criminal creates almost exact copy of the site selected bank. Next, using spam techniques to send the letter, drawn up in such a way as to be as similar to a real letter from the selected bank. Bank logos, names of real bank managers. (more…)

Computer VirusesBrute force attacks – the so-called attack by the “brute force”. Typically, users use simple passwords, such as “123”, “admin”, etc. These and enjoy computer hackers, who with the help of special calculates the Trojans to penetrate the network password brute – based embedded in the program password dictionary or generate a random sequence of characters.

Keyloggers – kind of Trojans, whose main function is to capture user input via the keyboard. The objects of the abduction are personal and network passwords, logins, credit card details and other personal information.

Backdoors – programs that provide input into the system or receiving the privileged function (mode), bypassing the existing system of authority. Often used to circumvent existing security system. Hatches do not infect files, but registers itself in the registry, thus modifying the registry keys. (more…)