Source: US DOJ (brought to my attention by F-Secure)
A federal grand jury in Washington, D.C. has indicted E‑Gold Ltd; Gold & Silver Reserve, Inc. and their owners on charges of money laundering, conspiracy, and operating an unlicensed money transmitting busines.
Monday, 30 April 2007
Thursday, 26 April 2007
Phishers add call forwarding to their arsenal
Source: The Register
Part of a recent phishing scam has instructed potential victims to dial a particular code on their phone which would activate "call forwarding" to a different number. Presumably this is to aid the phishers in impersonating the customer.
Part of a recent phishing scam has instructed potential victims to dial a particular code on their phone which would activate "call forwarding" to a different number. Presumably this is to aid the phishers in impersonating the customer.
Malware vector: abandoned USB sticks
Source: The Register
Malware purveyors deliberately left USB sticks loaded with a Trojan in a London car park in a bid to trick users into getting infected. The attack was designed to propagate Trojan banking software that swiped users' login credentials from compromised machines.
Malware purveyors deliberately left USB sticks loaded with a Trojan in a London car park in a bid to trick users into getting infected. The attack was designed to propagate Trojan banking software that swiped users' login credentials from compromised machines.
Drug dealers move into online fraud
Source: vnunet.com
According to a source at the FBI, drug cartels are increasingly abandoning or scaling down their narcotics operations and using their existing network of workers to commit large-scale credit card fraud. The risks are lower, and the profits are about the same.
According to a source at the FBI, drug cartels are increasingly abandoning or scaling down their narcotics operations and using their existing network of workers to commit large-scale credit card fraud. The risks are lower, and the profits are about the same.
Thursday, 19 April 2007
SMS phishing in SE Asia
Source: F-Secure
F-Secure reports a plague of SMS-based lottery winning notifications. They contact the phisher by phone and string him along to see where the scam goes. It's not entirely clear at this stage how the attack works.
F-Secure reports a plague of SMS-based lottery winning notifications. They contact the phisher by phone and string him along to see where the scam goes. It's not entirely clear at this stage how the attack works.
Phishing attack circumvents two-factor authentication
Source: OUT-LAW.com
This is the first time I've seen a real, live, successful phishing attack targeted at an institution with two-factor authentication. The attack is a "man in the middle" attack, of course, and the institution in question is the Dutch bank ABN Amro.
This is the first time I've seen a real, live, successful phishing attack targeted at an institution with two-factor authentication. The attack is a "man in the middle" attack, of course, and the institution in question is the Dutch bank ABN Amro.
Top 10 Internet Crimes of 2006
Source: Bad Guys
A highly US-centric look at complaints relating to crime on the Internet. The article is a summary of a US govt report. By far the number one issue is "auction fraud", then "non-delivery". Is the latter category the result of buying what spam is selling? A distant third is "check fraud", which may well cover a lot of the money mule scams directed at the USA.
A highly US-centric look at complaints relating to crime on the Internet. The article is a summary of a US govt report. By far the number one issue is "auction fraud", then "non-delivery". Is the latter category the result of buying what spam is selling? A distant third is "check fraud", which may well cover a lot of the money mule scams directed at the USA.
Wednesday, 18 April 2007
Details of a Spear Phishing attack
Source: The Register
Phishing is usually a game of large numbers: send enough email, and some of it is bound to hit the mark. An alternative approach, "spear phishing", involves obtaining information about your targets up front and sending carefully targeted email. This short article gives information on how a compromised university computer was used as a source of information to target members of that university's credit union in a spear phishing attack.
Phishing is usually a game of large numbers: send enough email, and some of it is bound to hit the mark. An alternative approach, "spear phishing", involves obtaining information about your targets up front and sending carefully targeted email. This short article gives information on how a compromised university computer was used as a source of information to target members of that university's credit union in a spear phishing attack.
Friday, 13 April 2007
Man-in-the-middle attack against "personal seal" protection
Source: slight paranoia
Presenting a customised image to the user during the login process is not effective against phishing for two reasons: first, most users are unobservant easy victims; second, a man in the middle attack, such as the one demonstrated in this article, can subvert the system.
Presenting a customised image to the user during the login process is not effective against phishing for two reasons: first, most users are unobservant easy victims; second, a man in the middle attack, such as the one demonstrated in this article, can subvert the system.
Thursday, 12 April 2007
Money Mules in Singapore
Source: Sophos
Under the guise of an "aid agency", mules have been forwarding cash from Australia to Singapore and thence to Russia and Latvia. Transactions were around 5,000 Singapore dollars.
Under the guise of an "aid agency", mules have been forwarding cash from Australia to Singapore and thence to Russia and Latvia. Transactions were around 5,000 Singapore dollars.
Wednesday, 11 April 2007
WoW accounts more valuable than CC details
Source: The Register
Keyloggers targeting World of Warcraft account login details are alive and well. According to Symantec, WoW account logins are worth about $10, more than the going rate of $6 for verification details on credit cards.
Keyloggers targeting World of Warcraft account login details are alive and well. According to Symantec, WoW account logins are worth about $10, more than the going rate of $6 for verification details on credit cards.
Subscribe to:
Posts (Atom)
