The Spam Cryer » Phishing

Shipping Related Spam Increase for the Holidays

Shaun — Tue, 15 Nov 2011 16:55:02 +0000

At CudaMail, we’ve noticed lately that the recent wave of “Shipping-related” spam has been increasing.

You know the ones – “Package Tracking Details”, “Fedex Shipment Details” or “Express Tracking Notification”.

If you regularly deal with these companies it may not come as a surprise, but if you’re not expecting a shipment, you may be thinking of clicking on the links to check this “shipment”.

As usual, it’s a good idea to not click the links! Try logging into your account on their actual website, or call them to check.

With the coming Holidays, it’s only natural to expect some shipments – and the spammers are taking advantage of this, and even dropping names like “Amazon” or major store names to try and lure you to click on their links and load their malware on your computer.

- Take care when reading these emails, and be careful what you click on.

How a LinkedIn notice could empty your bank account

Shaun — Tue, 30 Aug 2011 17:14:58 +0000

How a LinkedIn notice could empty your bank account

An interesting article from BarracudaLabs. We’ve all seen notices from “LinkedIn, FaceBook, Bank of America” etc. trying to come into people’s email inboxes.

Like any email, we always suggest you make sure you know what you’re clicking on before you click on it!

Some people have been learning the hard way with the latest “Linked In” malware delivery email campaigns.

Those behind the CudaMail system are protected from these types of campaigns.

Here’s the Original Story:

By Dave Michmerhuizen & Luis Chapetti

US-Cert Reports Gmail Phishing Attack

Shaun — Thu, 02 Jun 2011 22:40:29 +0000

US-Cert recently published an article about a new phishing attack, which is aimed as specific targets in the US Government.

The Story:

US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials’ Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that leads to a fake Gmail login page. The login information is then sent to an attacker. Google has indicated that this phishing campaign has been disrupted and that affected parties have been notified.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

Review the Google blog entry Ensuring your information is safe online.

Do not follow unsolicited web links or attachments in email messages.

Use caution when providing personal information online.

Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.

Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.

Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Refer to the Using Caution with Email Attachments document for more information on safely handling email attachments.

Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html

http://www.us-cert.gov/cas/tips/ST04-010.html

Original Article: http://www.us-cert.gov/current/index.html#gmail_phishing_attack

Ongoing Phishing Attack targeting PayPal, Bank of America, Lloyds and TSB

Shaun — Fri, 18 Mar 2011 15:24:15 +0000

This new story by US-CERT shows they have become aware of reports on a new phishing attack. Apparently it’s bypassing some of the new phishing protection built-in to many browsers. The team at CudaMail have also noted the new campaign (fortunately with a global network of 100,000 spam firewalls feeding “zero hour” threat information to the reputation database, it begins thwarting such campaigns very early), and have been successfully blocking it.

The US-CERT Story:

US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment.

This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL. Many browsers utilize anti-phishing filters to help protect users against phishing attacks, this method of attack is able to bypass this security mechanism.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing attacks:

Do not follow unsolicited web links or attachments in email messages.

Use caution when providing personal information online.

Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.

Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

http://www.us-cert.gov/cas/tips/ST04-010.html

Link to the original story.

Japan EarthQuake and Tsunami Email Scams

Shaun — Tue, 15 Mar 2011 16:35:12 +0000

We at CudaMail, and others in the anti-spam community see it all the time. Spammers and malware writers try to exploit all kinds of traumas and disasters. The recent earthquake and tsunami disasters in Japan are no exception – so the anti-spam community should be prepared for the onslaught.

US-CERT recently posted a warning about impending Phishing and Malware email scams regarding Japan’s recent earthquake and the resulting tsunami disaster:

- original story below:

US-CERT Current Activity

Japan Earthquake and Tsunami Disaster Email Scams, Fake Anitvirus and Phishing Attack Warning

Original release date: March 11, 2011 at 10:14 am Last revised: March 11, 2011 at 10:14 am

US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

Do not follow unsolicited web links or attachments in email messages.

Maintain up-to-date antivirus software.

Review the Federal Trade Commission’s Charity Checklist.

Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.

You can find the original story here.

Millions Continue to Click on Spam

Shaun — Fri, 26 Mar 2010 23:26:35 +0000

This is an interesting article from MAAWG that talks about the fact that consumers are still clicking on spam, and conducting riskyk behaviour, despite knowing the danger of malware, spam and botnets. We here at CudaMail we haven’t seen any reduction in the volume of spam – in fact, it’s been increasing!

The Article:

Consumers Don

Project Honey Pot Statistics – 1 Billionth Spam Message

Shaun — Tue, 15 Dec 2009 18:00:26 +0000

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. You can learn more about them at http://www.ProjectHoneyPot.org.

On Wednesday, December 9, 2009 at 06:20 (GMT), Project Honey Pot achieved a milestone:

It received its 1 billionth spam message. That message was a phishing scam regarding the United States Internal Revenue Service.

It was sent to an email address that had been harvested more than two years ago. More than just a single spam email, the billionth message represents the collective work of you and tens of thousands of other web and email administrators.

To celebrate that milestone, they have gone through 5 years of data to learn more about spammers and what they do. Below are some of their more interesting findings. You can also see the Full Report here.

Some Preliminary Statistics

Monday is the busiest day of the week for email spam, Saturday is the quietest

12:00 (GMT) is the busiest hour of the day for spam, 23:00 (GMT) is the quietest

Malicious bots have increased at a compound annual growth rate (CAGR) of 378% since Project Honey Pot started

Over the last five years, you’d have been 9 times more likely to get a phishing message for Chase Bank than Bank of America, however Facebook is rapidly becoming the most phished organization online

Finland has some of the best computer security in the world, China some of the worst

It takes the average spammer 2 and a half weeks from when they first harvest your email address to when they send you your first spam message, but that’s twice as fast as they were five years ago

Every time your email address is harvested from a website, you can expect to receive more than 850 spam messages

Spammers take holidays too: spam volumes drop nearly 21% on Christmas Day and 32% on New Year’s Day

Swine Flu Phishing Attacks and Email Scams

Shaun — Mon, 27 Apr 2009 21:37:22 +0000

US-CERT is aware of public reports of email scams circulating related to the Swine Flu. The attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code.

US-CERT encourages users to take the following measures to protect themselves:

Do not follow unsolicited web links or attachments in email messages.

Maintain up-to-date antivirus software.

Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.

Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Maintaining up-to-date anti-virus is vital. Some appliances, like the Barracuda Spam & Virus Firewalls that are used by CudaMail.com to filter mail are updated on a constant basis.

US-CERT will provide additional details as they become available.

Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.avertlabs.com/research/blog/index.php/2009/04/27/swine-flue-spam/

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Stimulus packages, stock brokers and Trojans, Oh My!

Shaun — Tue, 03 Mar 2009 18:06:16 +0000

IRS stimulus Phishing scam

Shaun — Sat, 07 Feb 2009 00:09:08 +0000

US-CERT Current Activity

IRS Stimulus Package Phishing Scam

Original release date: February 6, 2009 at 10:03 am Last revised: February 6, 2009 at 10:03 am

US-CERT is aware of public reports indicating that phishing scams are circulating via fraudulent U.S. Internal Revenue Service emails offering users stimulus package payments. These emails include text that attempts to convince users to follow a link to a website or to complete an attached document. The website and document request that the user provide personal information.

US-CERT encourages users to do the following to help mitigate the risks:

* Do not follow unsolicited web links received in email messages.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
(pdf) document for more information on social engineering attacks.

Relevant Url(s):

====

This entry is available at: http://www.us-cert.gov/current/index.html#irs_stimulus_package_phishing_scam