Posts tagged Email Phishing Attack

hotmailmessagetryitfree.jpg

Alert: Hiya:) Email – Just another attempt to get you to click on a link that you REALLY SHOULD NOT!

Nov 4th

Posted by anovelo in Phishing Attacks

4 comments

     I’m not sure how many times I have said “Be careful with messages (Instant Message, Email, Facebook, etc) don’t trust them even if they say they are from someone you know”. The following email is supposed to be from a family member** of mine.  I talked to them about the email and they didnt realize that when they received the email from someone they knew and clicked on the link in the email that the email had automatically forwarded itself, even making it look like the family member was the one sending it. (**I did ask for permission from this relative prior to using his email) hotmail message try it free (http://www NULL.rj-diamond NULL.com/alex/wp-content/uploads/2009/11/hotmailmessagetryitfree NULL.jpg)

     Malware writers have been using these social engineering tricks for years in an attempt to get people to drop there guard and click on email links or download attachments.  In real life, we hear news stories of bad guys dressing up as city employee’s or law enforcement and then tricking home owners into letting them in, where the bad guys then proceed to steal from the home owner (Here is a release by the Chicago Police Department concerning crooks who use fake uniforms for access http://www.chicagopolice.org/MailingList/PressAttachment/YourCastle.pdf (http://www NULL.chicagopolice NULL.org/MailingList/PressAttachment/YourCastle NULL.pdf)). This email (and those like like it) can be considered the cyber equivalent of the fake cop or fake city worker. 

     In real life we understand that if you aren’t expecting the gas company or phone company and someone shows up at your door asking to check something in your home, that you question them, check there uniform, ID, see if they have a company vehicle, and even call the business that they are claiming to be from to make sure that the person at your door is actually from where they say they are.  In cyber space, it seems because no one really understand how things work (TGM is working hard to change that), that most people just assume if it has someone’s name on it that they know that “it must be from them”.  Well Nope and lets go over a few things in this email that clearly show it wasn’t from my relative –

  • “To:” – Its not addressed to me, since To: is blank even though it is supposed to be an email from someone I know to me.
  • “Was bored so planned to write you” – I know my relative and there are 2 points here.
      • 1 – He knows English and knows how to write in complete sentences
      • 2 – He would not say something like “Was bored so planned to write you”.
  • i’m pretty sure your gonna smile after checking it…….:) ” – I know my family member, if they were going to send me a link or attachment would say something about it and try and explain what it is they are sending me, not just tell me hey check this out.
  • “It’s easy, secure and free / Try it now” – Again what am I trying.  Would you go to a store and my a food product without a label to tell you what it is, simply on the idea that its a food product in a store, so it must be good?  I dont think you would (would you?)
  • “Yours Truly” – This is supposed to be a family member, that a little formal dont you think?

     Ok with that being said, again as always, in cyberspace act the same as you would if you were somewhere outside of your home in real life, pay attention to your surrounding, and for pete-sake if you run into someone on a street corner selling you Jack’s Magic Beans, dont buy them.

,
microsoft.jpg

Alert: Another attempt to trick you into installing Fake/Rogue Anti-Virus software

Oct 22nd

Posted by anovelo in Phishing Attacks

No comments

microsoft (http://www NULL.rj-diamond NULL.com/alex/wp-content/uploads/2009/10/microsoft2 NULL.jpg) The bad guys are at it again, attempting to trick users to install another version of fake/rogue Anti-virus software.  This time they are going back to a classic format, email.  Emails are now circulating that claim to be from the “Microsoft Windows Computer Safety Team” and look very legitimate, I have seen a couple in my own email.  The emails (example below) claim that Conflicker is back and is infecting pc’s and that Microsoft received a notification from your internet provider and is sending you a “fix” to clean your machine.  The “fix” is actually Antivirus Pro 2010, one of the many scareware files that Tech Geek and More has talked about in the past (http://techgeekandmore.wordpress.com/category/spyware/ (http://techgeekandmore NULL.wordpress NULL.com/category/spyware/)). 

     Please be aware that Microsoft (or any other software company) does not just randomly send out emails asking you to install things or asking for your information.  Microsoft uses its many software pages like Bing.com or MSN.com (http://www NULL.msn NULL.com/) or Microsoft.com if it wanted to pass along an official notice, and it uses Windows update service (http://windowsupdate NULL.microsoft NULL.com) (Windows Update.Microsoft.com (http://windowsupdate NULL.microsoft NULL.com) for users of XP or earlier, built into Windows for Vista and Win7 users) for its downloads.  It would never just randomly send you a file to install.  

*******Example of Letter not from Microsoft************

“Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your  prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

**********************************************

     I have highlighted (In Bold) some of the clues in the email that should tell you that this is a fake
Date: 18/10/2009 – This is not U.S. Standard

Microsoft has been advised by your Internet provider that your network is infected – When Microsoft is advised by its partners or even by technology geeks in the general public who find ways that a Microsoft Product can be exploited, they issue press releases thru the media or thru there own web pages (as noted above) and all fixes are issues there Microsoft sites for all users of the affected Microsoft Product.

We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus. – Again Microsoft would never do this as this would be the most counter productive measure, most people have more than 1 email address and many don’t use the email provided by the internet provider (How many of you use @Comcast or @Fios email versus @Hotmail or @Gmail), how do you think Microsoft would actually know what emails to use.

Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division – At least in my email conversations with Microsoft, the name of the person sending me the email appears in the signature.  Additionally, if you do a search online for the “Microsoft Windows Computer Safety Division”, you will find that Microsoft does not have a division by that name. 

        (Soapbox) The bottom line, is that its up to you the user to USE YOUR BRAIN when your online.  When you go out, you make sure you lock your door, set your home alarm, set your car alarm, pay attention to your surroundings when you go to a public place, you don’t just leave your wallet or purse on a table or counter in a restaurant or store (or at least I hope you don’t).  In cyberspace just because you are not physically there, doesn’t mean that you don’t need to take the same precautions than what you do in real life. (End of Soapbox)

, , , ,
microsoft.jpg

Alert: “See Who Blocked You on MSN” Phishing Attacks

Oct 5th

Posted by anovelo in Phishing Attacks

No comments

  microsoft (http://www NULL.rj-diamond NULL.com/alex/wp-content/uploads/2009/10/microsoft1 NULL.jpg)  This specific story came out a couple of weeks ago on the TrendMicro blog.  This involves an email that says “(Name of someone you know) has invited you to check who has deleted you or blocked from their contact list on MSN Messenger.

    In the past couple of days I’ve actually had 2 customers who have received this email and fortunately for them, they asked me about it before clicking on the email.  With that said, here is the post from the TrendMicro website concerning this current Phishing Attack.

******************************************************

From http://blog.trendmicro.com/see-who-blocked-you-on-msn-phishing-attacks/ (http://blog NULL.trendmicro NULL.com/see-who-blocked-you-on-msn-phishing-attacks/)
11:22 am (UTC-7)   |    by Merianne Polintan (Anti-spam Research Engineer)

We have received samples of a new phishing mail targeting users of MSN Messenger inviting them to see who deleted or blocked them from their contact list. Users would be interested to know who among their friends have deleted them from their lists.

Phishing Email
Figure 1. Phishing email

Clicking on the link displays the following fake login page asking the user to input his or her password:

Phishing Website
Figure 2. Phishing website

It is obvious that the intention of the cybercriminals is to harvest the user’s MSN Messenger login credentials. Afterwards, they can then continuously sends spam messages to the account or, worse, they can use the account for their malicious intent.

Getting in touch with friends is now much easier than before. Because of the growth of social networking sites, we can stay connected with our old friends, or even find new ones. This may include reading the profile pages of other members, sending and receiving invitations to fun games, videos and other applications. However, users must be on guard when interacting within online social networks. Spammers are now abusing these in their phishing attacks.

Always be mindful in accepting “invitations”, especially when it concerns your personal information. This particular spam message, and the associated website, are already blocked by Trend Micro products via the Smart Protection Network.

*********************************************************

    Now lets go over what the Trendmicro blog said – By Phishing – The bad guys try and get your information so that they can then get access to your account.  Once on your account they can use your “legit” account to help spread the malware in addition to possibly get account information to banking or other financial information, considering these days its very common for people to keep emails or other notes that may have account information.

    In a related note, another news story posted today (10/5) by Neowin.net concerning the fact that over 10,000 Windows Live User Names/Passwords were posted online in the past few days most likely means that the bad guys got that information via a phishing scheme like the one explained by Trendmicro.  The compromised accounts affect Hotmail, Windows Live Messenger, Zune, Xbox accounts to name a few as most people share the same sign in throughout the various Microsoft online sites and offerings.  the complete store on the password posting can be seen at  http://www.neowin.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online (http://www NULL.neowin NULL.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online)

     Some of the most important things to keep in mind when using email or instant messaging or twitter or any social networking site or basically anything on the internet.

1) Regularly change your passwords. I know this one drives most people nuts, but changing your passwords can prevent someone else who knows your password access to your account. (If you currently use any Microsoft online passwords like Hotmail, Messenger, Xbox, Zune, etc it is highly recommended that you change your password and your secret access code immediately due to that breach)

2) Do not use the word “password” or admin or bank or “your name” or anything that anyone over the age of 5 can guess.  Passwords should be what is called alpha-numeric including caps and symbols which means that it should look something like this Pa55w0rd@ (which is the word password with a capital P followed by the number 5 twice instead of the letter s and a zero instead of the letter o and the @ symbol at the end).

3) If you receive an email from “a friend or relative or your bank or the IRS or anyone at all” asking you to click on a link or enter any private information, before doing it, check with them and ask if they sent it and confirm why they are asking.  Those few minutes lost verifying if this is legit will say you a ton of head-aches and save you from paying me a ton of money (Not that I don’t want you to pay me a ton of money but I’m here to help you so this is your warning – No matter how much you really really want to don’t do it, or at least verify that your bank account has enough money to pay me when i have to go out and clean up your mess).

, , , ,