Latest news
In the first half of 2006, PandaLabs registered a 50 percent increase in identity theft and online fraud related activity. What’s more, it detected new tricks that used phishing techniques but with different methods than those traditionally used.
An example emerged in June with the use of MySpace, the wide social networking website. In this case, the attack came in the form of a link included in a message received via instant messaging. This link accessed a website that spoofed MySpace and requested the username and password. As the website was a phony, these details were stored, and the authors of the scam gained access to the user’s personal profile. Once they had discovered user’s personal details, they used them to steal the user’s identity and commit fraud, as if they were another person.
PandaLabs also recently detected a phishing scam that announced that the National Bank of Australia had gone bankrupt. It was sent via email and contained a link that accessed an official-looking page, which explained that the bank had gone bankrupt and that people were starting to panic, and advised clients to access their account to check that it was still active and in credit.
This link accessed a website that spoofed the identity of the bank and contained an exploit that ran the Haxdoor Trojan. This Trojan captured the user details for accessing the account, and from then on, the author was free to carry out transactions and similar operations.
After stealing users’ money, the phishers looked for victims to launder the money. They did this using false employment offers that promised significant income in a very short time. In most cases, these employment offers involved large amount of money being paid into victims’ bank accounts, which they then had to transfer to accounts in other countries.
By doing this, without realizing, the victim contributed to closing the cycle that the phisher had started when the first email was sent to obtain users’ personal details or banking details.
On other occasions, the data is sold on the “black market” so that others use them to commit fraud, generating a double income: the first from selling the data and the second from the money stolen from these accounts.
Source: Panda Software.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
