Latest news
Dhanjani: I clearly remember how we stumbled upon this information. We happened to be studying a simple server side script from a phishing kit. The script was part of a ready made site for a popular bank. All the script did was to take the information submitted by the victim an email it to the phisher at a particular email address. We noticed that the script put some static text in the subject line of the outgoing email in order to help the phisher identify the emails. We decided to Google for that particular string. The results completely stunned us. Social Security numbers, bank account numbers, dates of birth, ATM PINs, addresses, credentials to online banking accounts, all out in the open, a lot of which was collected from victims only a few hours ago. A simple Google search led us to a whole new world where phishers were trading this information in different languages around the world. This sort of exposure can ruin people's lives - yet it was right there, out in the open. It was quite unnerving.
Rios: Even phishers need to communicate! Many think that phishers are lone individuals who are anti-social sitting in a dark basement in some dark corner of the world. The reality is there are entire social networks dedicated to helping phishers communicate details on new scams, phishing kits, and to buy and sell identities. Many of these conversations occur on publicly accessible forums and websites, but the difficult part is knowing where to find these forums and sites. As everyone knows, search engines are great at crawling the most obscure sites on the Internet. Once we had an opportunity to see the source code of a few kits, we could key off of some key signatures, which resulted in our favorite searching engine leading us to forums where phishing scams were being discussed and web sites where identities were being bought and sold. Once we had access to these forums, we now have another set of key signatures (phisher aliases, handlers, more phishing kits, jargon, etc) to find even more forums and sites, which basically lead us into what seems like a never ending spiral of phishing and ID theft forums and sites.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
