phishing

Microsoft has issued a warning against phishing scam practiced by perpetrators over the company’s Xbox Live network. Meantime, Sony is struggling the consequences of a massive security breach reported this week.

The warning posted on the Xbox Live support page says that the phishing scam appears to be directed at those people playing "Call of Duty: Modern Warfare 2" online:

Money obtained through phishing in the United States go to China, says the statement from the Federal Bureau of Investigation.

Hackers who obtain money from compromised business computers wire them afterwards to Chinese companies located near the Russian border. The FBI says that while various attacks are used, the notice identifies ZeuS, Backdoor.bot and Spybot as the fraudsters’ favorite malware.

Intermediary accounts in New York are typically used as staging points for the final transfer.

According to a research conducted by a security group Firefox and Chrome browsers cannot detect new phishing attacks that targeted recently customers of Bank of America and PayPal. The phishing scam manages to bypass fraud protections built in to the Mozilla Firefox and Google Chrome by attaching an HTML file to the spam email.

According to separate studies a great number of users still remain infected with PC malware even though their machines have security protections such as anti-virus software.

One study by European Union statistics agency EUROSTAT shows that 31% of PC users had malicious software in spite of the fact that 84% of users were running security apps including anti-virus, anti-spam and firewall. Besides, 3% of respondents also reported financial losses because of farming or phishing attacks, while a further 4 per cent reported privacy violations involving data sent online.

OpenDNS, a provider of DNS-based security and infrastructure services, has recently published a new report that revealed that social media websites like Facebook, MySpace, and YouTube were treated reversely by corporations and people responsible for networks. These websites appeared both in "top blacklisted" and "top whitelisted" lists compiled for 2010.

Phishing is thriving on the ignorance of the Internet users as half of the victims respond to the fraudulent emails within an hour of the receipt of scam messages, according to a study by transaction security firm Trusteer. Going further, the statistics shows that within 5 hours 80% of victims have responded with the figure raising up to 90% within the first 10 hours of an attack.

The statistics stresses the urgency for the fight against fraudulent websites that attempt to hoodwink the unwary into handing over online banking credentials or similar sensitive information.

Talking at the opening of the Information Security Summit 2010, Agnes Mak, executive director of the Hong Kong Productivity Council, said that organizations in Hong Kong need more consolidated efforts and collaboration to wrestle security threats. Last week the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) reported that the number of hacking and phishing cases were up 34 percent year-on-year in the first 10 months of the year.

 It became known about new scam targeting tax-payers. Recently the users started receiving messages allegedly sent by the Electronic Federal Tax Payment System. The scammers say that all the tax payments made by the customer through EFTPS were rejected. 

A new report from the Anti-Phishing Working Group (APWG) says that phishing criminals have increased their attacks on brands, social networks, online classifieds and online gaming. It shows that while attacks focusing on brands in online retail, auction and financial services categories decreased, the same on payment services rose by over 10% in the first quarter of 2010. Other sectors including social networking, online classifieds and online gaming industries saw an 18% growth from 13% in the fourth quarter 2009 which is over 37% increase on a quarter over quarter basis.

Last weekend scammers reached a huge audience on Twitter by sending numerous phishing messages from a compromised account of British TV presenter Kirstie Allsopp. Allsopp fronts Channel 4 property programmes Location, Location and Kirstie's Homemade Home. She was advised about the hack by her followers after the account spewed a series of out-of-character tweets.

Crooks have introduced a new phishing scam on Facebook. Now the members are offered to participate in a survey that poses as a curmudgeonly response to the social network's 'Like' button. The technique used in the scam is similar to previous lures like including "Justin Bieber trying to flirt" and (unrelated, you mucky minded lot)) "the biggest and scariest snake" (aka 'Anaconda coughs up a hippo') scam.

Experts found a new bug in Facebook login system that allowed attackers to match random email addresses with users’ first and last names in spite of members’ actions taken to protect their privacy. Such a bug could have been exploited by social-engineering scammers, phishers, or anyone who has ever been curious about the person behind an anonymous email message. If the address belongs to any one of the 500 million active users on Facebook, the social-networking site will return the full name and picture associated with the account.

 When you read about Stuxnet and that it used stolen digital certificates from Realtek and JMicron to sign the worm, you may have wondered what the significance of that is or why they did that. There are actually a couple of factors to consider.

When you try to install certain types of software on Windows Vista or Windows 7 it needs to be digitally signed with a trusted certificate. On Vista there is a warning dialog if the software is not digitally signed or has an untrusted certificate. On Windows 7 the file MUST be properly signed with a trusted certificate.

About 300,000 Facebook users have signed up for the dubious application circulating on the social networking website. The security experts believe the application could be used for spreading spam and malware.

Facebook users were attracted by the “I will NEVER text again” app that offers a video but when someone clicks on a link advertising the application, the application asks for permission to access their basic information and post to their Wall, as reported by Graham Cluley, senior technology consultant for security vendor Sophos.

According to a new report from Anti-Phishing Working Group (APWG), Avalanche phishing gang, that use advanced malware, appeared to be responsible for 66% of all phishing attacks faced in the second half of 2009.

The gang thus targeted some 40 banks and online service providers, and domain name registrars and registries.