How the FBI director nearly fell for a phishing attack
By Asavin Wattanajantra in Editorial
Posted in FBI, cybercrime, phishing on
It was a big day for the FBI as it announced that it had charged 100 people over what FBI director Robert S. Mueller has called the ‘the largest international phishing case ever conducted’.
The criminal gang was successful in getting hundreds, if not thousands of people to give up the personal information to be used in a million dollar banking fraud.
Yet in a speech in San Francisco yesterday, FBI director Robert S. Mueller revealed that he was almost a victim of a phishing attack.
He said: “Not long ago, the head of one of our nation’s domestic agencies received an email purporting to be from his bank.
“It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, and then realised that this might not be a good idea.
“It turned out that he was just a few clicks away from falling into a classic internet ‘phishing’ scam - phishing with a PH. This is someone who spends a good deal of his professional life warning about the perils of cyber crime. Yet he barely caught himself in time.
“He should definitely have known better. I can say this with certainty, because it was me.”
Not yet rated
Loading ...
Microsoft sues firm for instant messaging spam
By Asavin Wattanajantra in Editorial
Posted in instant messaging, passwords, phishing, Microsoft on
Many people who use Windows Messenger are familiar with those instant messages that prompt you to click on a link to spam, or someone taking control of their account to spam everybody on their friend’s list.
Given the name “SPIM”, Microsoft is now making efforts to deal with this, taking legal action which alleges a company called Funmobile conduced a campaign to spim Microsoft customer contacts, and undermine their privacy.
Microsoft is asking the court to grant an injunction to stop the activity as well as get monetary damages - hoping to send a message that this isn’t tolerated.
Microsoft alleged that the Hong-Kong based company came up with a scheme targeting customers that appeared to come from the email address of a known friend, and invite the recipient to click.
Customers who clicked on the link were then ‘phished’ - asked for their IM username and password to login, and redirected to a porn site or a social networking community.
Microsoft then allege that Funmobile collected the usernames and passwords to access Microsoft’s systems and customer accounts. Scraping or harvesting the contacts from each of the users, they sent unsolicited bulk emails.
The enterprise view
Michael Remond, chief executive of IM firm ProcessOne, said that Microsoft was right to raise the fight against SPIM, and that it highlighted the dangers of businesses using IM platforms.
He said: “As enterprises increasingly use IM and chat applications for internal and customer communications, security is more important than ever.
“Microsoft and other public IM platforms have a long way to go to be suitable and safe for the enterprise.”
Not yet rated
Loading ...
Twitter hit by ANOTHER attack - but this ain’t no worm
By Asavin Wattanajantra in Editorial
Posted in worm, social engineering, phishing, Twitter, Security on
If you’ve followed IT PRO for any length of time, you’ll probably know that Twitter has been suffering security wise all year.
The latest attack that became public on the weekend was first believed to be a cross-scripting worm, similar to the worm that a 17-year old managed to unleash on the Easter weekend.
However on closer inspection this isn’t all there is to it, according a post on Kapsersky’s Viruslist blog.
When clicking the link to tweets reading ‘best video’, a connection is quietly made to another server resulting in a malicious PDF being downloaded, which contains several exploits.
However, instead of a worm being downloaded with a successful exploit, a fake program will be downloaded, advertising fake anti-virus software.
The researcher couldn’t find any worm-like component, although the alert made it look like there was worm activity.
An explanation for this could simply be that the criminals behind the attack were using the stolen credentials of accounts which had been phished a week ago.
The blog said : “The attack is very significant. It would seem that at least one criminal group is now exploring the distribution of for-profit on Twitter.
“If the trends we’ve seen on other social platforms are any indicator for Twitter then we can only expect an increase in attacks.”
Twitter seems to be regularly hit with some sort of security scare, ever since January when a teenage hacker managed to take over high-profile accounts, while even celebrity twitterer Stephen Fry fell victim to a phishing attack.
We’ve also seen how a security researcher has said that Twitter’s API, used to make third party applications, is inherently flawed.
IT PRO has constantly tried to get in touch with Twitter simply to have some kind of statement, but has so far just come across a brick wall.
So what’s Biz and co gonna do? You can’t make money on something which is inherently unsafe (or can you?).
Not yet rated
Loading ...
Tvviter - Beware of fake Twitter phishing website
By Asavin Wattanajantra in Editorial
Posted in Jonathan Ross, phishing, Twitter on
Security vendors have warned about a fake phishing website targeting users of Twitter, designed to convince users to type in their personal details and directing users to ‘Adult Dating Services’ by adding followers to the compromised accounts.
According to Rik Ferguson at Trend Micro, anybody fooled into giving away their account credentials will find at least six new followers appearing on their account.
Links to these profiles will be to redirect users to adult dating site, which would make the scammers money through a pay-per-click affliate scheme.
Sophos have posted up a video of the attack on YouTube.
It’s not the first security issue highlighted on Twitter this week - Chat show host Jonathan Ross managed to accidently post his email address to 260,000 followers.
That’s bad enough, but security researcher Graham Cluley said that his accidental tweet is never really deleted, and that he managed to find the email address in a matter of seconds.
He asked why Twitter doesn’t ‘really’ delete messages when you wanted to, and said it was a serious security problem that searching could find messages you thought were no longer accessible.
Rated: 60% (2 votes)
Loading ...
Tag cloud
Most commented posts
- Ten reasons why people are leaving MySpace
52 comments
- My Michael Jackson blog post
- Ten reasons why World of Warcraft is better than Second Life
- Facebook user arrested for poking somebody
- What should the staff writer have as his smartphone?
- Beware of hacked Facebook applications
- Ten funny sightings on Google Street View
- Twitter didn't actually get hacked - Google did
- Microsoft sues firm for instant messaging spam
- Joining the sheep - I'm getting an iPhone
Highest Rated Blog Posts
- Ten tips to avoid your satnav driving you over a cliff (100%)
- Does unfiltered internet 'disturb children'? (100%)
- The brain-controlled laptop computer (100%)
- Why Twitter is a better news tool than Digg (100%)
- Apple and its obsession with secrecy (100%)
- Twitter isn't for teenagers? It's common sense. (100%)
- Farming and becoming a Godfather with Facebook (100%)
- Orange and the iPhone - competition is a good thing (100%)
- Bendy phones straight out of the future (93.4%)
- How Pirate Bay sticks two fingers up at the industry (80%)
