Archive for the ‘Phishing’ Category

‘Patriot Act’ Phishing E-mails Resurface, FDIC Warns

January 13, 2011

‘Patriot Act’ Phishing E-mails Resurface, FDIC Warns: “Scammers are trying to steal banking information using fake e-mails that look like they’ve come from the U.S. Federal Deposit Insurance Corporation, the FDIC…

(Via PC World Latest Technology News.)


Texting scam hits Kirksville

February 6, 2010

Texting scam hits Kirksville | HostExploit News: “”

Many people across the country have received text messages notifying them that their bank accounts have been frozen, causing alarm and panic. Although their tricks are well-known, phishers have gone on the offensive in the past few months, targeting both individuals and financial institutions.

Phishers used documentation belonging to the American Bankers Association and demanded payment for an “unauthorized transaction” they claimed had been made from the Jefferson City-based association’s account.

This came in the wake of another phishing scam in which some U.S. Bank clients in Kirksville and other Missouri cities received text messages notifying them that their bank accounts had been frozen.

“We were hit [Jan. 27],” said Bill Ratliff, executive vice president of the Missouri Bankers Association. “The phishers sent us an e-mail saying we owed $700 to the American Bankers Association for a meeting that we never had. They are trying for individuals, corporate and financial institutions. This is a new one for us.”

Ratliff said the scam e-mails had been sent to all 50 bankers’ associations nationwide, and that the American Bankers Association had since contacted all of its affiliates notifying them that the e-mail was a fraud.

The Missouri State Highway Patrol’s Department of Public Safety warned the public last week about an ongoing phishing scam in which fraudsters disguising themselves as bank administrators send text messages notifying bank clients that their accounts have been frozen and asking them to call a certain number to reactivate their accounts.

U.S. Bank clients received a text message reading “Customer issue, U.S. Bank service frozen.” The message then provided a number to call, which traces to Newfane, Vt., and gives an automated request for account information.

U.S. Bank has blocked its customers from returning calls from numbers associated with phishing fraud. These are numbers identified as having originated or redistributed the phishing messages after several clients called in with complaints about the messages last week.

Sgt. Brent Bernhardt, communications officer of MSHP’s Troop B, warned the public against responding to any of these messages, saying financial institutions do not conduct this type of business over the telephone, in e-mail or via text messages.

“We have not been made aware of any more messages since Jan. 15, but identity theft is a growing crime in our country,” Bernhardt said. “These kinds of scams not only target banks but also people who have money in banks and credit cards.”

Although figures for phishing cases in Missouri were not readily available, Bernhardt said more than eight million people had fallen victim to identity theft between 2008 and 2009.

“[Bank clients] are asked to provide their personal banking information,” Bernhardt said. “Once banking information is provided, it is suspected that an unauthorized individual has access to the victim’s account. We are doing everything we can to be proactive and eliminate such scams.”

U.S. Bank spokesman Steve Dell said that although no U.S. Bank clients had fallen prey to the fraudsters, the recent phishing scam is not an isolated incident and has targeted clients from banks across the country.

“Numerous attempts like these are made daily, and we make efforts to notify our clients that we would never ask them to place their confidential information at risk by sending it to us,” Dell said. “We are constantly updating and increasing security for our clients. Security is of utmost importance. Anytime someone sees any activity that is out of the ordinary they should contact a trusted number or location. These phishers are not just targeting U.S. Bank, but every other bank.”

(Via .)

Phishing: not just for attacking banks

December 30, 2009

Phishing: not just for attacking banks: “

I’m interrupting my scheduled series on reputation to bring you a public service message. This week on Security Levity, a reminder to beware of all kinds of phishing attack: not just bad guys pretending to be your bank…

read more

(Via Amir Lev’s blog.)

PayPal mistakes own email for phishing attack

December 4, 2009

PayPal mistakes own email for phishing attack: “

‘You’re right, it does look suspicious’

Banks and financial institutions are fond of lecturing customers about the perils of phishing emails, the bogus messages that attempt to trick marks into handing over their login credentials to fraudulent sites. Yet many undo this good work by sending out emails themselves that invite users to click on a link and log into their account rather than going a safer route and telling users to use bookmarked versions of their site.…

(Via The Register – Security.)

Zeus: Same Criminal, New Spam Infrastructure

November 30, 2009

CyberCrime & Doing Time: Zeus: Same Criminal, New Spam Infrastructure: ”
CyberCrime & Doing Time
A Blog about Cyber Crime and related Justice issues
Zeus: Same Criminal, New Spam Infrastructure
Last week, one of the most long-lived malware spam delivery systems, which the anti-phishing community knew as ‘Avalanche’ went off-line. After sending spam almost non-stop for many months, no spam at all has been received from the ‘Avalanche’ group, which has been used since June to deliver a variety of Zeus or Zbot infectors, including scams pretending to be MySpace, Facebook, the FDIC, the IRS, NACHA, a Microsoft Outlook Update, and other scams.

Last night a new spam campaign began using a new scam to spread malware. A sample of the email looks like this:
We recorded a payment request from ‘Amy’s Kitchen’ to enable the charge of $94.71 on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown o”

(Via .)

SecuriTeam Blogs » Is it phish, or is it Amex?

November 19, 2009

SecuriTeam Blogs » Is it phish, or is it Amex?: ” SecuriTeam Home

Is it phish, or is it Amex?
November 4th, 2009 by p1, Filed under: Commentary, Privacy, Spam, Culture, Phishing, Corporate Security
I am a bit freaked.
Last month I received an email message from American Express.  I very nearly deleted it unread: it was obviously phish, right?  (I was teaching in Toronto that week, so I had even more reason to turf it unread rather than look at it.)
However, since I do have an Amex card, I decided to at least have a look at it, and possibly try and find some way to send it to them.  So I looked at it.
And promptly freaked out.
The phishers had my card number.  (Or, at least, the last five digits of it.)  They knew the due date of my statement.  The knew the balance amount of my last statement.
(The fact that this was all happening while I am aware from home wasn’t making me feel any more comfortable with it …)
So I had a look at the headers.  And couldn’t find a single thing indicating that this wasn’t from American Express.
(I “

(Via .)

Palestinian suspected of phishing Israeli bank accounts

November 16, 2009

GeoCities Closure sees Surge in Phishing

October 27, 2009

GeoCities Closure sees Surge in Phishing: “Free hosting services have always been attractive to fraudsters, and the speculation over the profitably of GeoCities may not have be the only reason for today’s closure — nearly all of the phishing attacks hosted on this month were actually targeted against its owner, Yahoo!.

Related Netcraft Service: Phishing, Identity Theft and Bank Fraud Detection

(Via Netcraft.)

Apple iPhone OS 3.1 Phishing Protection Falling Short, Researchers Say

October 3, 2009

Apple iPhone OS 3.1 Phishing Protection Falling Short, Researchers Say: ”

Network Security & Hardware – eWeek

Phishing Attacks on the Wane

September 30, 2009

Phishing Attacks on the Wane: “Phishing attacks have fallen out of favor among cyber crooks who make a living stealing personal and financial information, according to a report released this week by IBM. Instead, attackers increasingly are using malicious Web links and password-stealing Trojan horse programs to filch information from victims, the company found. The analysis from X-Force, IBM’s security research and development division, notes that Trojan horse programs are taking the place of phishing attacks aimed at financial targets. The company found that throughout 2008, phishing volume was, on average, 0.5 percent of overall spam volume. In the first half of 2009, however, phishing attacks fell to an average of 0.1 percent of spam volume. The targets of phishing attacks also changed, IBM says: In the first half of 2009, 66 percent of phishing schemes targeted the financial industry, down from 90 percent in 2008. I looked at the number of phishing sites tagged

(Via Washington Post Security Blog.)