According to a report from the Kaspersky Lab, a new phishing attack on Facebook has been discovered that primarily attempts to steal account information of Facebook users and compromise the account. The attackers then attempt to gather the financial information including credit card data and other sensitive information from the victim.

According to Kaspersky Lab’s David Jacoby, the attackers are not just tricking users to visit a phishing site, but are trying to scare them by sending them warning messages by using a fake “Facebook Security” account. The compromised accounts will be used to steal available personal information and then change both the profile picture and name to try the trick on other Facebook users.

The profile picture will be changed to the Facebook logo and the name will be changed to “Facebook Security” with special ASCII characters replacing the letters such as “a” “k” “S” and “t”. Here is a screen shot of the message sent from a fake account -

The message – “Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: [LINK] Thank you. The Facebook Team,” is used as a warning message sent to users via Facebook Messages and Facebook Chat.

The link used in the message leads users to a phishing site. When we tried opening the page using Google Chrome, the following warning message was displayed – “Phishing sites trick users into disclosing personal or financial information, often by pretending to represent trusted institutions, such as banks.”

The site, however, is designed to look like a Facebook page and prompts the victim to enter the name, email address, password, security question, email account password, country, and date of birth. After having provided with all the information, the victim will be redirected to another page with the heading “Payment Verification” that asks for the first six digits of the victim’s credit card. Accordingly, in the following pages, the user is asked to enter the full credit card number along with the expiry date, CVV code (Security code), and the billing address.

If you’re an active Facebook user, then the most important thing that you must know is that Facebook never asks its users to enter their password(s), or credit card details. Check the URL of the site that you’re visiting and make sure it is genuine. Most of the sites that require users to enter any financial information, have a secured HTTPS connection, which are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems, which was not true in this case.

Also Read: Google Chrome Now Blocks Insecure Scripts on HTTPS

If you’ve been warned with such a message on Facebook, then ignore it. Alternatively, you can contact the Facebook Security team here and check if they sent the message or not. We have reported a similar Facebook Security Network Phishing Attack back in August 2011.

“These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social medias,” Jacoby wrote. “It is also recommend[ed] that you contact your security vendor and the social media vendor if you encounter these sites.”

According to a recent report from Internet security company Kaspersky Labs, India has become the top source of spam emails for the third quarter of 2011.

During this period, about 79.8% of total emails sent were spam and out of this, 14.8% originated in India. The second and third positions are also held by developing nations Indonesia with 10.6% and Brazil with 9.7%. All of the top ten sources are Asian, South American or Eastern European countries.

With limited or no laws at all to tackle the issue of spam, these countries have become the safe haven for criminals looking to exploit the internet community by spamming.

India’s huge internet user base (which is currently the third largest behind China and US) and lack of awareness among the general public about general security practices could have been the reason for India’s rise as the world’s spam capital.

Some of the other important details from the Kaspersky Spam Report are -

· In Q3 of 2011, the share of spam in mail traffic was down 2.7 percentage points compared to the previous quarter, averaging 79.8%.

· The percentage of fraudulent emails in spam traffic increased twenty times, reaching 2%.

· Asia and Latin America remain the most prominent sources of spam.

· The share of partner program spam went up 5.7 times, accounting for 29% of all spam.

· The percentage of emails with malicious attachments grew by 1.17 percentage points and averaged 5.03%.

· The share of phishing emails averaged 0.03%. Three social networks were among the Top 5 organizations targeted by phishers.

You can read the entire report here.

In spite of spirited efforts from email providers, browser developers, and security firms, phishing continues to be a major nuisance. There are already repositories like Phishtank that rely on crowdsourcing to identify phishing campaigns. However, crowdsourcing is not nearly nimble enough to tackle phishing scams that often require just a few hours to cause the intended damage.

Now, a new Cisco spinoff called Agari is trying to tackle the problem by combining multiple sophisticated approaches including authentication of the sender, message analysis, and end-to-end email channel visibility. Google, Microsoft, Yahoo, and AOL, who are amongst the biggest email providers, have joined hands to provide metadata about emails passing through their networks to Agari, which uses its cloud infrastructure to analyze more than 1.5 billion messages every day. It doesn’t receive the actual messages, but might receive suspicious links contained in the message along with miscellaneous metadata. Agari, which is launching today, has Facebook and some of the largest financial institutions, social networks, and ecommerce companies as its customers. Besides the aforementioned four email giants, file sharing website YouSendIt, social network LinkedIn, and Cisco are also part of its trust fabric network.

“Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo,” for instance, Daniel Raskin, vice president of marketing for Agari, explained to CNET. “They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don’t deliver it, reject it.”

Agari, which had been operating in stealth mode for the past couple of years, protects 50 percent of U.S. consumer e-mail traffic and more than one billion individual mailboxes. During its stealth phase, it rejected more than one billion messages across its email partners. Agari believes that by having end-to-end visibility over most messages it can rapidly react and stop phishing campaigns in their tracks.

Twitter users are being hit by a new phishing attack where affected users are sending DMs to their friends, which contain links to fake website that looks exactly like the Twitter login page.

If you receive a direct message on Twitter that says, “haha the look on your face in this pix is priceless! [LINK], DO NOT click on it. Clicking on the link will take you to a fake Twitter login page, where you will be asked to re-enter your username and password.

After clicking the link, notice the URL in the address bar of your browser. If a user provides the log-in credentials, the credential will be sent to the attackers, after which they will full control over the user’s account and can retweet the phishing message from that account.

There are a dozen of scams and phishing attacks that occur on Facebook and Twitter every day. We constantly report attacks like this, so that it helps users stay cautioned about it. Recently, another fake message that was spreading on Twitter stated Pics of Osama Bin Laden Are Finally Released

I suggest you to avoid clicking on the link and alert your followers about the attack. If you have accidently clicked on the link  and entered your login details, then change the password of your Twitter and all other accounts immediately. Also, contact your followers to avoid the message and ask them to change their account password as well.

To learn how you can avoid falling victim to a phishing scam and keeping your Twitter account secure, please read Twitter’s official guide to Keeping Your Account Secure. Here are some tips that will help you protect your Twitter account -

• Use a strong password.
• Watch out for suspicious links, and always make sure you’re on Twitter.com before you enter your login information.
• Use HTTPS for improved security.
• Don’t give your username and password out to untrusted third-parties, especially those promising to get you followers or make you money.
• Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software.

Sophos’ Graham Cluley explains a simple way of creating a complex hard-to-guess password – and how you should never use the same password on different sensitive websites.

Since the death of the most wanted criminal, terrorist leader Osama Bin Laden, there have been several scams and phishing attacks spreading on Facebook and Twitter, which claimed to show a leaked death videoof the terrorist.

For a while, scams and phishing attacks related to Osama Bin Laden had stopped, but now phishers are once again on the look for naive Twitter users, promising and tricking them to show leaked pictures of Osama Bin Laden.

Users on Twitter are tweeting (RT) a message that states – “Pics of Osama Bin Laden Are Finally Released! [LINK] ::wanring very gorry::”. The same message is spreading with simplified content – “Pictures of Osama Bin Laden [LINK] that leads to a page”

Clicking on the short URL will lead to a site which is a clone of Twitter home page. You are asked to login to Twitter by providing your username and password. Before you enter your login details, take a look at the URL in your browser’s address bar. You can see that it’s a fake URL and it is simply an attack to steal your login details.

If you enter your login credentials and click on Sign in button, your account details, including the password will be sent to the phisher via email. The phisher will then have complete control over your Twitter account, who can use your Twitter account by further spreading the scam message to your followers by tweeting and sending them private messages.

If you happen to use the same password in multiple places like Facebook and Gmail, it is likely that your other accounts might be compromised as well. This way, the phisher can steal more information for financial gain.

I suggest you to avoid clicking on the link and alert your followers about the attack. If you have mistakenly clicked on the link and entered your login details, then change the password of your Twitter and all other accounts immediately. Also, contact your followers to stop re-tweeting the message and ask them to change their account password as well.

Twitter has been a victim of  several  scams  in the  past, most of which were sent through direct messages (DM), however, the DM scams have come down considerably after Twitter employed a brilliant spam protection for DM messages. However, it looks like spammers have begun using the plain old email scams to trick users again.

Please feel free to retweet this post so that your friends and followers will be aware about the issue.

While surfing through Reddit this morning, I stumbled across an interesting submission from a Redditor going by the username “Tomble”. Apparently, Tomble received a standard PayPal phishing mail demanding personal information for “verification purposes”. However, unlike most of us, who would simply report it as a phishing attempt and be done with it, Tomble decided to do some snooping around.

Tomble noticed that the domain name had a structure similar to “http://www.example.net/~joe”, which indicated that the username for that domain’s control panel as well as ftp account was probably ‘joe’. He then decided to try his luck by assuming that the ftp address will be similar to the domain name. His guess turned out to be correct. He still didn’t know the ftp password. However, the domain indicated that this particular webspace was provided by an ISP. Hoping against hope that the webmaster hadn’t changed the default password, which is often just ‘password’, he entered ‘password’ as the ftp password. Amazingly, it worked, and Tomble managed to break into the server.

The website actually belonged to some clueless gentleman who probably had nothing to do with the scammer. The scammer probably managed to break into the server in the same way Tomble did, and planted a few PHP scripts to collect PayPal authentication information.

Tomble found all of this information stored in a single text file. So far, three gullible PayPal users had fallen for this scam. He immediately notified the concerned ISP. However, he didn’t receive any immediate response. On the other hand, two more users had fallen victim within the next thirty minutes.

Tomble now decided to intervene. He made a few modifications to the phishing website (see screenshot below). All of the victims, with the exception of one guy from Thailand, had left their phone numbers for verification purposes. Tomble emailed the Thai guy, and called up the other four with the following helpful suggestion.

Hi, my name’s Tomble, this might sound weird but I received a scam email pretending to be from PayPal this morning. I was able to follow it back and discovered your contact information there. You should contact your bank and let them know your credit card has been compromised, so they can protect you from fraudulent charges.

While one of the victims was initially suspicious, all of them eventually realized that Tomble was one of the good guys. In one case, he had to leave a message with the wife of the victim, who will probably find himself in some minor domestic trouble due to his gullibility.

It’s unfortunate that even today people are falling for phishing scams and Nigerian scams. Significantly, all of the victims were between the ages 39 and 60. While the younger ‘cyber-generation’ is by and large aware of the threats they face online, many from the older generations still need to be educated. Do you bit today, and educate your parents and grandparents about online security. As our fine Australian friend, Tomble, has shown, a little effort can go a long way.

The U.S. Government seems to be leaking a lot these days. After the WikiLeaks scandal, and the leak of the plan to stop leaks, we’ve heard about another leak. Two days before Christmas, an unknown number of government employees opened a greeting email that looked like it was from the White House. Normally, that’s no big deal, but this email contained a surprise gift.

Here’s what it said:

As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we’re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.

Greeting card:

hxxp://xtremedefenceforce.com/[omitted]
hxxp://elvis.com.au/[omitted]

Merry Christmas!
___________________________________________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500

People clicking on the links in this phishing email, downloaded a trojan called ZeuS. If they installed it, their computers proceeded to send out all of the Word and Excel documents to a hacker’s website. It appears that this hacker only wanted information that he could later sell.

Here’s what the greeting card website looked like.

(image from KrebsOnSecurity)

I don’t think I should have to tell everyone this, but you should never have to download a greeting card. If you are asked to do this, exit the web page immediately.

Someone should have told the government employees about stuff like this. Very sensitive documents were stolen because the employees didn’t know about the high-risk practice of downloading from unknown websites.

Some of the documents were identified as coming from such places as the National Science Foundation, the Massachusetts State Police, the Financial Action Task Force, the Millennium Challenge Corporation, and many other .gov sites.

The US Government is now proposing that people use an Internet ID card to protect their privacy. Would you trust them to know how to guard   your private information?

[via krebsonsecurity]

Gmail has been revamping its contact manager and UI, however, in another part of the world, China to be specific, Gmail users are being scammed by hackers into giving away their usernames and passwords.

According to reports from Fast Company, for the past few weeks, several Gmail users are being redirected to a phishing site as seen in the screenshot above (courtesy FC) when they access Gmail.com. This also happens when they access Gmail through the Google toolbar.

This is not the first time that Google has had a problem in China, earlier this year, some high profile Gmail accounts were hacked, leading Google to stop their search service in China and threaten a complete pullout from China. However, Google did not pullout of China and renewed their operating license last month.

The current redirection of the Gmail domain to a phishing site definitely looks like a DNS hack which might not have propagated fully, which is why only few users are being redirected to the phishing website. However, Google might have definitely rectified the issue by now, but this goes on to show that Google definitely is on receiving end in China.

Update: A Google Spokesperson Jay Nancarrow reached out to us to clarify about the issue Gmail users are facing in China, the statement is embedded below.

This phishing attempt is not unique to Gmail and should not be misconstrued. As always, users should be careful about where they share their personal information, and should avoid clicking through warnings about suspicious sites. We encourage Gmail users to visit https://mail.google.com directly

He also adds that this is on background and not for attribution, but the same IP address hosting the fake Gmail URL has hosted phishing pages for other popular online services in the past. Screenshots indicate that this URL was being flagged by our Safe Browsing tool as a suspicious site, which would have warned users before viewing the page.

A new Twitter Phishing email is being sent out to users saying that their accounts will be deleted unless they click on a link. The link in question leads to a scam website and may compromise your accounts.

Though I do not have any such email samples with me right now, a tweet was officially tweeted by the @safety account on Twitter, the tweet reads:

Heads-up: if you receive an email saying that your account will be deleted unless you click on a link, it’s not from us.

Twitter has been a victim of several scams in the past, most of which were sent through direct messages (DM), however, the DM scams have come down considerably after Twitter employed a brilliant spam protection for DM messages. However, it looks like spammers have begun using the plain old email scams to trick users again.

It was not clearly mentioned on how user’s email address was compromised, but make sure to delete any emails which tell you that your Twitter account will be deleted.

The Finnish police are investigation into a huge case of theft in the virtual world where furniture worth £840 is reported to have been stolen. The total number of cases amount to 400 and the thefts, all of them, have  occurred  at the Habbo Hotel. This is the second attack on the hotel, the first one being in 2007 when a Dutch teenager stole furniture from the hotel.

The thefts are occurring as a result of phishing scams where users are tempted to give in their usernames and passwords in the virtual world. Mikko Hypponen, chief research officer at internet security firm F-Secure says,

Habbo as a virtual world is targeted by thieves from all over the world.  We see malicious attacks and trojans stealing accounts for all the games you can imagine, including World of Warcraft, Farmville and so on.  Poker games for example are susceptible to trojans which share your cards with other players around the table.  When the TV stars play poker online, we’re talking potential losses of hundreds of thousands of euros.

It is funny as to how a theft in the virtual world is triggering investigations in the real world though on the other hand, it is good to see that the Finnish police are taking up these cases in display some immense online awareness.

(Source)