You are currently browsing the category archive for the 'Phishing Scams' category.
iPhone – Phishing Vulnerabilities
I am not going to rush to the store to get the iPhone. My Nokia E62 is not even close to have the same coolness factor, but at least it does email pretty well . . . except of course, if a message has a link, the Nokia browser will not kick in if I click on the embedded link. I used to get annoyed, but consider the same functionality on the iPhone.
John Leyden writes for TheRegister.com on the shortcomings of the iPhone in terms of vulnerabilities in phishing attacks:
• The iPhone’s email client only displays the first few characters of a weblink, which makes it easier to hide a fraudulent URL at the end of a link without arousing suspicion.
• The mechanism the iPhone uses to link between web browser and telephone functions also makes it easier to embed scam telephone numbers within sites, which a user may be prompted to dial.
Other researchers found a number of additional vulnerabilities which could uncover passwords hiding in Apple software.
“In early June, the RSA Anti Fraud Command Center (AFCC) discovered a new type of phishing kit. The kit is actually a single file which creates an entire phishing site on a compromised server when “double-clicked” on, similar to “.exe” installation files. The kit was discovered through phishing forensics work by the AFCC forensics lab.
The “kit” is a single PHP code file, which is run on the compromised server once, and automatically creates the relevant directories and installs all of the files which are associated with the specific phishing site. Within seconds after running the file, a complete phishing site is “live”. During testing of the kit in the RSA phishing lab, a phishing site was installed within approximately two seconds.”
For further information: RSA June 2007 Report.
I just got an email which tries to phish Bank of America’s customers who use the SiteKey (PassMark) technology. The message tries to get people to disclose their credentials by masking the real website address (which only works under IE, and not under Firefox, which I am using in this situation).
Take a look at these images – screenshots:
(a) This is a screenshot of the original phishing email.
(b) The “verification” link in the email takes you to the file below (click on the image to see the complete representation)
(c) If you click on “Continue”, it takes you to another page where you’ll notice that under Internet Explorer, the script tries to cover the original address bar to show the “bankofamerica.com” url. Obviously not working under Firefox on a Mac.
d) And here is the larger text
e) Some of the images appear to come directly from the BofA original site.
A new phishing scam is targeting iPhone fans by telling them that they won a free iPhone. By clicking on the link in the phishing email, the browser opens a “site loaded with more than 10 pieces of malicious code, each targeting a potential browser vulnerability. In addition, users that attempt to visit the site more than once are redirected to another, “safe” Web site.”
“Google has removed paid links that advertised seemingly legitimate Web sites but actually tried to install nefarious programs on PCs.
The links were displayed as “sponsored links” after visitors entered specific queries into Google’s search service. Clicking the links would ultimately go to a legitimate site, but by way of another site that attempted a “drive-by installation” of password-stealing software. Miscreants placed the links using Google’s AdWords service for advertisers.”
Phishers stated to use an new technique – routing a person’s incoming phone calls to a number controlled by the attackers (full article here).
“Victims are told to confirm their phone number with their bank by dialing *72 followed by a series of numbers. In the US, the sequence will cause most phones to forward all incoming calls. Once completed, the victim hears a message saying the confirmation has been successful.
The call-forwarding ruse is included in a more traditional phishing email that attempts to dupe victims into divulging credit card information and personal identification details. Successful phishing attempts allow the attackers to use the victim’s credit card, then provide the victim’s identification credentials in the event a banking representative calls to confirm the transaction.”
ABN Amro was just hit with a phishing attack similar to the one at Citibank in July of 2006. The Register (full article here) reports:
“Hackers sent the customers emails falsely claiming to be from ABN Amro. If recipients opened an attachment, software was installed on their machines without their knowledge. When customers visited their banking site, the software redirected them to a hacker-controlled mock site that requested their security details.
As soon as the hackers received these details they were able to log into a customer’s account at the real ABN Amro site, before the expiry of the fob-generated number. They could then transfer the customer’s money.
Security experts have warned that such “man in the middle” attacks cannot be prevented by security tokens.”
The players of Word of Warcraft now have to fear a different kind of threats – still in the virtual world, yet one that has real-word consequences. Hackers are exploiting the cursor flaw (how Windows handles animated cursors) in order to gain login credentials for WoW player accounts. “Malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group.”
In terms of real cash value of these hijacked accounts: “Research … suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data. One card can be sold for up to $6 (£3), but a WoW account will be worth at least $10. An account that has several high level characters associated with it could be worth far more as the gold and rare items can be sold for real cash.
Here is another type of phishing messages. The email offers you to download the latest version of Internet Explorer. What you end up downloading is an “am.exe” file which in fact is a trojan virus.
