Apple Phishing Scam Alert

CNET is warning about a phishing scam in which the bad guys are sending emails that are fake billing error notices from Apple. CNET reports that unlike other Apple phishing scams, in this scam the bad guys have created a reasonably convincing fake.  The grammar and spelling are correct and the message is formatted to look like a real Apple message.  The email address that is displayed looks like it could be from Apple -- "appleid@id.apple.com."  However, it isn't real. Following the links will land at a fake Apple website that also looks pretty convincing. The fake Apple website requests your [...]

2017-01-07T17:35:24-05:00December 29th, 2011|Consumers and Email, Iconix Truemark Service, Phishing|

2012 Cyberattacks Predicted by IID

IID has released its predictions of the big cyberattacks for 2012.  Of the 5 predicted cyberthreats, 4 depend upon phishing scams for their evil success. Here's the IID predictions: 1) Phishing - London Summer Olympics cyber attacks — Cybercriminals will try to capitalize on the Olympics by tricking people into installing malware with phishing scams impersonating the Summer Olympics official website and/or official Summer Olympics vendors.  Once malware is on a victim's computer, the miscreants can monitor or control both personal and business computer activity — enabling them to steal data, send spam, and commit fraud. 2) Phishing - Elections altered — [...]

2017-01-09T15:34:20-05:00December 23rd, 2011|Consumers and Email, Phishing, spear phishing|

Spearphishers Compromise U.S Chamber of Commerce

The Wall Street Journal is reporting that Chinese hackers accessed data of the U.S. Chamber from November of 2009 until May of 2010. Using a network of over 300 IP addresses, the hackers gained access to everything stored on its systems, including information about its three million members and lobbying efforts of the Chamber. The attack probably started with a spearphishing email. In a stark demonstration of how hard it is to detect malicious activity, The Wall Street Journal reported: It is possible the hackers had access to the network for more than a year before the breach was uncovered, according [...]

2017-01-07T17:35:24-05:00December 21st, 2011|SP Guard, spear phishing|

Spearphishers’ New Tool — Facebook Timeline

Timeline, the new feature just announced by Facebook, will make it even easier for bad guys to mine the Facebook social network for personal information they can use to launch malicious attacks. As this blog has noted many times, the most important element of an effective spearphishing attack is the persuasiveness of the fake email. Social networks are an ideal source of personal information that can be used to craft a spearphishing attack. Networkworld quotes Sophos security expert Chet Wisniewski: "Timeline makes it a heck of a lot easier [for attackers] to collect information on people.  It's not that the [...]

2017-01-07T17:35:24-05:00December 20th, 2011|SP Guard, spear phishing|

How To Infiltrate A Network Using Spearphishing

backtosecurity.com has written a step by step description of how it used social networking data that it discovered on Facebook to craft a spearphishing attack on an Australian advertising agency.  This was a whitehat hack. The posting describes how the hacker used information from the target's website to learn about the management structure and key names.  The hacker then correlated the employee names with Facebook profiles to locate a likely person to exploit.   The hacker targeted an executive's assistant for the attack.   The hacker was able to easily determine which executives of the firm did not have Facebook accounts.  The [...]

2017-01-07T17:35:24-05:00December 15th, 2011|SP Guard, spear phishing|

Iconix Issued Fifth U.S. Patent for Email

Today the United States Patent and Trademark Office issued Iconix its fifth patent titled "USER INTERFACE FOR EMAIL INBOX TO CALL ATTENTION DIFFERENTLY TO DIFFERENT CLASSES OF EMAIL." The abstract for U.S. Patent 8,073,910, dated December 6, 2011, states: "A user interface for email users which calls attention to one or more categories of emails in different ways."  Iconix filed the patent application on March 3, 2005. Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which protects enterprises from spear-phishing attacks. [...]

2017-01-07T17:35:24-05:00December 6th, 2011|Iconix Truemark Service, SP Guard|

FBI Denver Cyber Squad Warns of New Phishing Campaign

The FBI Denver Cyber Squad issued the following warning on November 23, 2011: With the holiday shopping season upon us, the FBI Denver Cyber Squad would like to advise citizens of a new spear phishing campaign involving personal and business bank accounts, financial institutions, money mules, and jewelry stores. The campaign involves a variant of the “Zeus” malware called “Gameover.” The spam campaign is pretending to be legitimate e-mails from the National Automated Clearing House Association (NACHA), advising the user there was problem with the ACH transaction at their bank and it was not processed. Once they click on the [...]

2017-01-07T17:35:24-05:00December 2nd, 2011|Consumers and Email, Phishing|