Shipping Related Spam Increase for the Holidays
We’ve noticed lately that the recent wave of “Shipping-related” spam has been increasing.
Posts filed under 'Phishing'
How a LinkedIn notice could empty your bank account
A new fake “LinkedIn Notice” campaign can empty your bank account if you’re not careful. CudaMail protects against this one, but a lot of people can be harmed if they’re not aware.
US-Cert Reports Gmail Phishing Attack
US-Cert recently published an article about a new phishing attack, which is aimed as specific targets in the US Government.
The Story:
US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials’ Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that leads to a fake Gmail login page. The login information is then sent to an attacker. Google has indicated that this phishing campaign has been disrupted and that affected parties have been notified.
- US-CERT encourages users and administrators to do the following to help mitigate the risks:
- Review the Google blog entry Ensuring your information is safe online.
- Do not follow unsolicited web links or attachments in email messages.
- Use caution when providing personal information online.
- Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
- Refer to the Using Caution with Email Attachments document for more information on safely handling email attachments.
Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.html
http://www.us-cert.gov/reading_room/emailscams_0905.pdf
http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
http://www.us-cert.gov/cas/tips/ST04-010.html
Original Article: http://www.us-cert.gov/current/index.html#gmail_phishing_attack
Ongoing Phishing Attack targeting PayPal, Bank of America, Lloyds and TSB
This new story by US-CERT shows they have become aware of reports on a new phishing attack. Apparently it’s bypassing some of the new phishing protection built-in to many browsers.
Japan EarthQuake and Tsunami Email Scams
US-CERT warns of impending Japan EarthQuake and Tsunami Email Scams
Project Honey Pot Statistics – 1 Billionth Spam Message
On Wednesday, December 9, 2009 at 06:20 (GMT), Project Honey Pot achieved a
milestone: receiving its 1 billionth spam message.
Swine Flu Phishing Attacks and Email Scams
US-CERT is aware of public reports of email scams circulating related to the Swine Flu. The attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code.
Stimulus packages, stock brokers and Trojans, Oh My!
Malware called Tigger/Syzor which is a safe mode rootkit password stealing Trojan that targets day traders.
IRS stimulus Phishing scam
US-CERT Current Activity
IRS Stimulus Package Phishing Scam
Original release date: February 6, 2009 at 10:03 am Last revised: February 6, 2009 at 10:03 am
US-CERT is aware of public reports indicating that phishing scams are circulating via fraudulent U.S. Internal Revenue Service emails offering users stimulus package payments. These emails include text that attempts to convince users to follow a link to a website or to complete an attached document. The website and document request that the user provide personal information.
US-CERT encourages users to do the following to help mitigate the risks:
* Do not follow unsolicited web links received in email messages.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
(pdf) document for more information on social engineering attacks.
Relevant Url(s):
====
This entry is available at: http://www.us-cert.gov/current/index.html#irs_stimulus_package_phishing_scam
