Phishing scams’s users relief sites

The US Computer Emergency Readiness Team (US-Cert) and security firm
Sans issued warnings about a rise in the registration of domains
connected to relief efforts for the storm.

Researchers say the registration pattern follows previous instances in
which domains were strategically registered in the aftermath of a
disaster and then used to host phishing and fraud operations disguised
as relief efforts.

The use of fake phishing sites came to a head almost two years ago,
when scammers set up numerous fake donation sites to take advantage of
those seeking to donate to victims of Hurricane Katrina.

“This time around it looks like the people who like to register domain
names in anticipation of a storm’s arrival have already started
registering them for Gustav and Hanna,” wrote Sans researcher Marcus
Sachs.

“I’m not suggesting that they are up to no good, but simply pointing
out that the rush has started and we need to make sure our users are
aware of the potential for scam sites appearing online in the next few
days.”

US-Cert said in a recent posting that users should follow current best
practices against phishing, such as avoiding links in unsolicited
e-mails.

The group is also recommending that users screen all hurricane relief
charities against a special Federal Trade Commission checklist.

Users can also safely donate to relief efforts through known national
charities such as the American Red Cross.

© Incisive Media Ltd. 2008 Incisive Media Limited, Haymarket
House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in
the United Kingdom with company registration number 04038503

Information home city in phishing scams

Springfield, Ohio — At the end of July, Home City Federal
Savings Bank compliance officer and auditor Patti Ark started
receiving some rather disturbing phone calls. The odd part was, most
of them were from people who were not her customers.

“People were receiving e-mail messages stating customer accounts had
been frozen and calls needed to be placed to correct the situation,”
she said. If people responded, they were then asked for credit card
information, she said.

The e-mails were not sent by Home City, and many recipients had no
accounts with the bank, quickly leading Ark to discover her
institution was the victim of an Internet phishing scam.

The cyclical attacks started as e-mails, then shifted to text
messages, cell phone calls and land line calls. Once the initial cycle
was completed, things were quiet for a few days, then it started
again.

The Springfield bank, at 2454 N. Limestone St. and 63 W. Main St.,
experienced almost three weeks of attacks.

Phishing, according to microsoft.com, “is a type of deception designed
to steal your valuable personal data, such as credit card numbers,
passwords, account data, or other information.”

Scammers send millions of fraudulent e-mail messages requesting
personal information that look like they are from reliable Web sites
such as banks and credit card companies. When recipients respond, they
are most often redirected to “spoofed,” or fraudulent Web sites, where
personal information can then be stolen, the Web site continued.

Home City, like most legitimate businesses, does not initiate contact
with customers over the Internet and never asks for any personal
information to be sent via e-mail, Ark said.

After conversations with the Federal Bureau of Investigations, she
learned these types of scams are common with larger institutions and
target a wide audience of customers and noncustomers, looking for any
response, any opportunity to gain personal information.

The criminals who are pursuing these ventures, Ark said, are looking
for quick access to information and immediate responses caused by
worry or fear.

“They just need a tiny window of opportunity to create a new debit
card or try to run transactions,” she added.

Government and consumer protection organizations take phishing
seriously and are working diligently with businesses like Home City to
lessen the impact on consumers.

The Federal Trade Commission asks anyone who receives phishing spam
e-mails to forward those messages to spam@uce.gov and to the company,
bank, or organization represented in the phony e-mail.

If individuals know or believe they have been scammed, the FTC asks
they file a complaint at ftc.gov.

The Federal Deposit Insurance Corporation has become involved as a
watchdog for the banking industry and works with the FBI.

The FDIC suggests people also report scams to ic3.gov, the Internet
Crime Complaint Center. The ICC is a partnership between the FBI and
the National White Collar Crime Center.

Since these types of e-mail attacks are external and can not be
halted, she said it becomes essential to understand the best ways for
businesses to prevent harm.

To do that, Home City posted alerts on its Web site and provided
fliers and other information at its two locations for customers.

The bank worked closely with its Internet Service Provider to shut
down the offending Web sites as quickly as possible.

“No losses were experienced by our customers, and Home City was able
to protect our customers and their information,” she said.

She received a call from a man in Georgia who got the Home City e-mail
and had been a victim of another scam a few years ago. He called to
alert her organization because he had no affiliation to Home City or
Springfield and was concerned it was a scam, she said.

Many other people called the bank and forwarded the scam e-mails to
watchdog agencies or government offices investigating scams.

Now, Ark views this as a learning experience that will allow Home City
to be better-prepared for any future incidences of Internet scamming.

“We are more alert to things that may come at us, and we have the
technology we need to keep our customers protected.”

Theft identity security in phishing scams

While the majority of businesses have become familiar with phishing
scams looking to commit identity theft and fraud by obtaining
sensitive details from unwitting employees, they also need to look out
for vishing.Such is the claim of Blanco County News, which has
explained that vishing – Voice over IP phishing – usually begins with
an email asking people to call a telephone number or a direct phone
call from the scammers.Using an automated system masquerading as a
bank or other organisation, the fraudsters urge accountholders to
enter details using the keypad or voice recognition.In recent weeks, a
number of banks in Texas have been impersonated and have warned
customers not to call the numbers in order to prevent identity theft
and fraud.The FBI has warned that it is often difficult to track down
the criminals behind the scams because they are able to hide their
caller ID using VoIP.

Identity theft ‘main purpose of phishing’ – 8.27.2008Identity theft
and fraud are among the main driving forces behind phishing attacks,
it has been suggested.

Consumers urged to protect online identity – 8.20.2008Three crucial
points for protecting oneself from online identity theft have been
identified by Identity Theft Daily website.

San Fran case highlights network security risks – 8.11.2008The risks
of entrusting network security to a single person have been
highlighted by a recent case which took place in San Francisco,
reports the Washington Post.

DNS flaw also affects email – 8.7.2008A network security vulnerability
recently identified in the domain name system (DNS) which could allow
hackers to hijack websites also affects email servers, the researcher
who discovered the problem has said.

Analysts critical of Google security – 8.7.2008Google is more
interested in tracking traffic than it is in web and email security,
analysts have suggested.

The phishing scams birckelbaw students e-mails

The “foreign dignitary” contacting students via e-mail may not be who
he says he is, and probably does not have millions of dollars to give
away. College campuses are prime targets for phishing e-mails, and
Illinois State is no exception.Carla Birckelbaw, director of Computer
Infrastructure and Support Services at Illinois State, explained that
many e-mails have been sent out claiming to be from “The ILSTU Team.”
These phishing e-mails ask students to supply their password in order
to verify their account, letting the hackers into the system.”These
attacks are directed at all of ISU, anyone who has an e-mail account,”
Birckelbaw explained. “They are smart and they demonstrate that they
know about the university in order to gain your trust.” Though she did
not know the exact number of students who had succumbed to these
predatory schemes, Birckelbaw commented that enough students were
sending in their passwords to warrant a serious response from the
school.”Preventing problems like this is a major focus of [Computer
Infrastructure and Support Services] security and education,”
Birckelbaw said. “In fact, this is our number one priority right now.”
Erin Shaw, a sophomore graphic design major, is glad that there are
people on-campus working to prevent “phishers” from being
successful.”I hate getting those e-mails because they look so
convincing,” Shaw said. “I’m glad that someone at ISU cares to inform
us about them so that we don’t give in.” Birckelbaw offered a few
suggestions to help students recognize when they are being scammed.”On
the iCampus home page is an alert feed that will notify students of
any recent suspicious activity. The latest information is posted
immediately,” Birckelbaw said. “If you do receive something
suspicious, report it immediately. We can detect these
scammers.””Never give out your password, not even to large
corporations like eBay or PayPal,” Birckelbaw said. “They will never
ask for your password. Legitimate companies cannot ask for that
information.”

Phishing scams’s site web safe

SEATTLE – In these tough times, everyone is trying to keep their money
safe. It should be no surprise there are people out there trying to
play off those insecurities and get to your cash.

“Scammers take advantage of the headline they read the newspaper just
like anyone else does,” said Chuck Harwood of the Federal Trade
Commission.

Thieves are ready to kick battered investors while the banking sector
is down by using consumers panic to their advantage.

“What scammers will do is they will construct schemes that take
advantage of that anxiousness or nervousness,” said Harwood.

“A lot of stories right now about banks facing difficulties, most of
the time, your money is going to be safer in a bank account than it
ever is going to be in an investment scheme,” said Harwood.

On the feds radar is another e-mail “phishing” scheme, which comes in
the form of an apparent e-mail from your bank: “We need to verify that
your bank is safe, just give us your financial information and we’ll
confirm that it’s actually safe and sound.” If you get an e-mail like
that, delete it.

KING5.com: 2008 EPpy Award winner, Best Overall Local TV/Cable-
Affiliated Web Site 2007 for best broadcast Web site; regional winner
2005, 2007 2007 Regional Society of Professional Journalists award for
best Web site and site design© 2008 KING-TV

E-mail phishing page in phishing

Poor MobileMe users. As if dealing with, well, MobileMe wasn’t bad
enough, they’re now constantly being targeted by phishing scammers. A
new MobileMe-themed phishing e-mail has begun to make the rounds with
the same line as we’ve seen in the past. The e-mail claims that there
has been a problem with billing, and if users want to correct it, to
click a shady link and re-enter their credit card information.

As pointed out by , following the link in the e-mail takes you to a
page at the domain natwestbgroups.com. The three-week-old domain was
registered in Hong Kong, and the DNS registration points to Pakistan.
Apparently the fake Apple credit card page was designed in Microsoft’s
FrontPage, too. You stay classy, phishing scammers.

As always, be very careful of links you click in e-mail, even if the
message looks completely legit. If you’re ever in doubt, type in the
domain manually and log into the actual page without going there from
e-mail first. If there’s a real billing error, Apple will ask you
about it once you log in.

Net Applications’ latest “market share” data reveals that Macs, and
even iPhones, are slowly but surely gaining ground at the expense of
other operating systems on the web. September was a good month

Information students phishing in phishing

Penn State students have entered their usernames and passwords on fake
WebAccess login pages that capture the information.

To avoid falling for a phishing scam: Visit its.psu.edu/takecontrol
to learn about phishing scams and how to protect computers Check Web
site URLs Don’t respond to e-mails asking for personal
information Check the ITS Alerts System regularly

Several students who acted on an e-mail from “PSU.edu Admin” asking
them to log into their accounts are likely victims of a new phishing
scam, according to a press release issued this week.

Unlike most scams seeking student information, the scammers don’t ask
students to reply to the e-mail with their account information.
Instead, students are directed to a fake WebAccess login page that
looks the same as Penn State’s official login page, according to the
press release.

“It’s insidious because we have been telling the Penn State community,
‘Do not give out any personal information,’ ” said Robin Anderson,
information technology services (ITS) director of customer
communications, adding she didn’t know how many students were scammed.

Scammers typically use the accounts to gain access to other personal
information such as Social Security numbers and banking information,
Anderson said.

The people behind the scams are not affiliated with the university and
likely live outside of the United States, Anderson said.

One way to recognize phishing scams is to look at the Web site’s URL,
Justin Burdett (senior-information, sciences and technology) said.

“If [the e-mail is from] a university office, my suggestion is don’t
answer the e-mail but call that office and find out if they actually
want that information,” Anderson said. “[University officials] know
how to find you other than e-mail.”

Internet access to the fake WebAccess Web site was blocked on Monday,
but the scam may be repeated using a different Internet address,
according to the release.

“It just kind of depends on how tech savvy and aware you are,” Burdett
said. “The more you know and the more cautious you are, the less
likely you are to fall for it. … Usually the phishing people are
pretty tricky.”

“It’s a shame it has to be so scary, but it’s kind of the world we’re
living in right now,” Anderson said. “It’s better to be cautious.”

The phishing people site phishing

Well it seems like these scam artists will just not go away! Here at
TiPb we like to keep you, our loyal readers, safe by alerting you of
every scam out there. A while back we reported about them.

Just like those phishing scams, these latest scammers are looking to
obtain your credit card information. According to :

Yesterday, and over night a wave of phishing attacks hit the servers
targeting Apple Mobile Me users, and others who might not know the
specifics of the phish. There were several, all from different
“senders” but leading to the same address. READ THIS
ALERT. DO NOT CLICK ON ANY LINK IN THIS PHISHING ATTEMPT. Not only
could it extract information from your computer, the site, or
clickthrough pages could contain malware or spyware intended
specifically for Mac users. If you can avoid opening it, you will
avoid pinging the botnet of a live address.

In addition to all of that, is reporting that “the originating
server DNS addresses have been masked by Joker.com, a site suspected
of sympathizing with online criminals”. Really nice isn’t
it? Be careful out there people!

Says:
I don’t think smart people would get to be scammed, but
that’s bad, but well, for those who want 13,000 free iPhone
wallpapers here you go,

Says:
That’s the problem, there are people out there, who I will not
say are stupid but they just don’t know better and will fall for
scams like this. Sad but true.

The iPhone Blog merged with the Phone different site in May of 2008.
Both sites were founded on a premise that comes one from one of
Apple’s old slogans: The iPhone Blog: for people who dare to phone
different.

Credit union hub in phishing

Internet crooks are trying to burn Hub consumers with fake
“phishing” e-mails that claim to come from the Boston
Firefighters Credit Union.

“The Boston Firefighters Credit Union Bank Online department
kindly asks you to take part in our quick and easy five-question
survey. In return we will credit $99.99 to your account – Just for
your time!” scammers wrote in an e-mail sent yesterday to random
Hub consumers, not just credit-union members.

All coverage within BostonHerald.com from the last 7 days remains free
of charge. Articles do not always include original photos, charts or
graphics.

The phishing google site it’s

While phishing is a problem, giving one company the power to block any
site that it wishes at the browser level never seemed like a good idea

Actually, giving a single company this kind of authority is usually
not a bad idea. Spamhaus and email, for example.

The issue is about trust. Even with this goofup, I trust google (
although their response to this could change that ). Hell, I trust MS
here too, to a limited extent.

Yeah. While I reflexively rankle at the idea of blocking a whole
swathe of domains like that, it’s unfortunately clear that services
like dyndns and mine.nu are going to be overrun with phishers and
scammers because they’re just as convenient to them as they are to
non-malicious Internet users.

We need to educate users to check the URL before entering anything.
Any time you rely on a technological solution to a social problem you
end up with woes.

It’s just not going to happen. We like to think that “everyone” is
capable of understanding what is going on when they browse the web,
but that’s wishful thinking.

It will be a LONG time until you can ever hope that the general public
is as smart as the malicious few out there. Until then technology
solutions will continue to be needed, desired and our best bet in
combating this. Hell, they always will.

I don’t know anything about the FWT site; it may be fine. However, do
remember that just because a site is trustworthy over time doesn’t
mean it is trustworthy today, on this visit. I just had that driven
home for me the other day. In my off time, I am a youth soccer coach.
The website for our league has been fine for several years. Last week
I visited it and got the malware warning from FireFox. I checked with
the webmaster and sure enough, they had gotten hit with a SQL
injection attack and had indeed gotten malware of some sort hosted on
the site. So, FWT may be a false positive – but it is at leat possible
that they also got successfully attacked. We really don’t have a good
system to evaluate trust on the fly due to the dynamic nature of
internet content. A page that was fine 20 minutes ago may attack you
now.

Granted, I can see there are opportunities for abuse here, but if the
owners of dynamic dns domains don’t properly police their “customers”
and spammers and/or other malicious websites start using it, then
Google has every right to blacklist the entire domain. Of course, it’s
arguable exactly how much can be done to prevent it, but if you’re
really concerned about not getting your site blocked, go ahead and
blow the $7 a year on your own domain, or use a smaller ddns service
that can actually pay attention to the nature of the hosts it’s
serving.

As far as having any one third party responsible for maintaining a
blacklist, exactly how else do you intend to do it? You can always
create your own blacklist, but that would first require you to “enjoy”
the sites you would prefer get blocked automatically. You’ll just have
to trust someone to make that reasonable decision for you. Sure, there
will be some mistakes, but that’s the price you pay for protection.

Granted, I can see there are opportunities for abuse here, but if the
owners of dynamic dns domains don’t properly police their “customers”
and spammers and/or other malicious websites start using it, then
Google has every right to blacklist the entire domain.

Countries have been banned from sites, email, IRC channels and so on
with this argument. Just so you know, some ISPs have defacto
monopolies in their countries, and everyone there get the same domain.
Any idiot that say ‘let ban *.il, or *.es, because I got 10 spam
messages from there’ should be fired on the spot. In fact, if he works
at google whoever hired him should be fired, too.

I don’t get why you are getting annoyed that I (and probably many
others) do things like this?

In my mind giving this power to Google is the most objectionable thing
related to the company. I know somebody who has had his legitimate
business ruined because Google mistakenly added his site to this list.
Why? Because it was hosted on the same physical server as a truly
objectionable web site.

People need to stop childishly sneering at Windows users and take
their focus away from Microsoft. The terrible Goliath is clearly
Google now. Even when it’s not being evil it causes trouble just by
being *clumsy*.

The terrible Goliath is clearly Google now. Even when it’s not being
evil it causes trouble just by being *clumsy*.

No, Google doesn’t filter by IP address. But because the site was
hosted on the same server as a bad site it added a URL block for the
innocent too. Do you see?

Secondly, the issue isn’t about me using Firefox/Google. It’s about
customers who did and were told that the site they had browsed to was
malicious. The business lost a valuable customer this way and folded.

No, Google doesn’t filter by IP address. But because the site was
hosted on the same server as a bad site it added a URL block for the
innocent too. Do you see?

Doesn’t sound like a very professional business if it was using the
same domain that the bad site was on. Considering one can get a.com
for 6USD a year, there really is no excuse.

It’s about customers who did and were told that the site they had
browsed to was malicious. The business lost a valuable customer this
way and folded.

This company obviously wasn’t doing very well to begin with, or did
things properly to begin with either – This is not surprising.

You are not going to convince me that they couldn’t of done anything
to change the outcome, even when they became aware of the situation.

What I do find interesting is the fact you claim Google did this, when
the anti-phishing filter in the most popular browser, IE is ran by
Microsoft. The most popular search engine is Yahoo! – which does not
using any phishing data from Google.

I would assume the original AC is lying because Google’s practices on
filtering bad sites were disclosed long ago on [stopbadware.org]

This is the first time we’ve heard about Google (or any others) making
a bad block. As long as Google fixes this expediently, I’d say that
it’s an acceptable margin of error and the amount of phishing sites
blocked is by far worth it. Now, if wikileaks suddenly gets blocked
for ‘phishing’, something is definitely awry.

Any maintained blacklist of any reasonable size is going to end up
with false positives. It’s one of those things you just have to
accept. People notice and report it, the entry gets removed, and we
move on.

Putting anti-phishing filters into browsers just shifts the
responsibility of good security practices from the user to some
blacklisting company. What incentive is there to be weary about
suspicious sites if you can count on the almighty Google to hold your
hand while you browse the Web? This makes about as much sense as
someone installing parental controls in their machine and declaring
that their Internet connection is now “kid-friendly.”

I’ve never had these filters turned on, and I’ve never exposed my
financial data to others by accident. Usually this has something to do
with me hovering the mouse over links and checking the URL in the
status bar.

If you’re serious about blocking phishing sites, you have to accept
some collateral damage. Blocking by URL stopped working last year;
most attacks have unique URLs now. Many have unique subdomains. So you
have to block at the second-level domain level to be effective.

We publish a [ebay.com] Click on that URL. It says “ebay.com”, right?
It looks like eBay, right? It’s not.

On the other hand, “tinyurl.com”, which used to be popular with
phishers, has been able to get off the blacklist by cracking down on
misuse of their service. It’s possible to do redirection competently.

When we started our list last year, it had about 175 exploited
domains. After some serious nagging and an article in The Register,
we’re down to 46. And only 11 have been on the list for more than
three months; the others come and go as exploits are reported and
holes plugged. So this is a problem that can be solved.

I’m glad to see Google taking a hard line on this. It’s necessary that
sites that do redirection feel the pain when they accept redirects to
hostile sites. Google can apply much more pain that we can. Few sites
will want to be on Google’s blacklist for long.

This is something that strikes me as the first time Firefox really
pushed something out by default that shouldn’t be. Just for one
example, people who are on LTSP networks, say, 200 users, will ALL
download anti-phishing, anti-malware blacklists from Google, each in
their own home directory. There’s no way that I know of, anyway, to
share this data – SQLite seems to make it impossible. That’s the first
mistake in creating a compatible, light web browser.

The second mistake is enabling website blocking based on 3rd party
blacklists by default. This is basically Microsoft UI thinking – “You
*need* this because you don’t know any better.” Screw that. I mean,
make it a checkbox on setup – “Use Google-provided anti-malware
blacklists” Simple as that. I spent weeks trying to find out why,
after just a few Firefox instances were launched on an LTSP server,
none more would load – part of this was because every user logging in
was trying to download the anti-malware stuff from Google, saturating
the line, and preventing Firefox from loading for the first time.

I hope the Firefox devs will take all scenarios into account when
making changes. It seems lame that every user needs all of the stuff
in places.sqlite. And even if you argue with that, at the LEAST make
it cross-DB compatible, so you can put everyone’s in a nice big
central MySQL database.

The corollary of this is, of course, that you should still be wary of
single points of failure, even if you do not believe they will fail
you on purpose.

Shit happens. Yes, it sucks, but it happens. Now, should we try to
blow up the googleplex? No. Google are not blocking based on a secret
agenda here, and you can bypass it or turn off the feature. OK, it’d
be nice if you could choose who provides the service, but overall,
it’s not that big a deal.

Of the 4329 pages we tested on the site over the past 90 days, 0
page(s) resulted in malicious software being downloaded and installed
without user consent. The last time Google visited this site was on
09/21/2008, and suspicious content was never found on this site within
the past 90 days.

Malicious software includes 7523 scripting exploit(s), 2911 trojan(s).
Successful infection resulted in an average of 0 new processes on the
target machine.

Over the past 90 days, mine.nu/ appeared to function as an
intermediary for the infection of 183 site(s) including
culportal.info, mipt.ru, baikal-discovery.ru.

Yes, this site has hosted malicious software over the past 90 days. It
infected 932 domain(s), including bernard-becker.com, mipt.ru,
dhammasara.com.

In some cases, third parties can add malicious code to legitimate
sites, which would cause us to show the warning message.

* Return to the previous page. * If you are the owner of this web
site, you can request a review of your site using Google Webmaster
Tools. More information about the review process is available in
Google’s Webmaster Help Center.

Presumably if Google thinks some subdomains are malicious, they
actually know which ones are in fact malicious? Owing to the fact that
they found them in the first place? I’m wondering if the reason they
just blocked the entire domain was because some attackers are just
registering lots of subdomains as a fast-flux method.

Um, no. The list is supplied by Google. When Firefox blocks a site,
press the ‘Why was this site blocked?’ button to see Google’s warning
about it ( [google.com] in this case).