Back to Old Facebook Profile – Phishing Attack

While there have been a number of phishing attacks reported earlier, cyber criminals aren’t giving up their luck, and are continuing to post phishing attacks on Facebook in an attempt to compromise user account and steal sensitive information. A new phishing  attack is underway on Facebook, which is trying to jester users by asking them to revoke to the old Facebook design.

Although users are annoyed with the recent changes that Facebook has made, cyber criminals are taking advantage of it by creating pages like Need Old Profile back, which has already attracted over 59,000 people to likeit. This is an attempt by cyber criminals to hack your Facebook account, so DO NOT likeor share the page with your friends.

Need Old Facebook Back - Phishing Attack

The Facebook  page has links that will lead to the following website –

Bring Back Old Facebook Profile - Phishing Attack

In the above webpage you are asked to follow a few steps which include likingtwo Facebook pages. Once done, you are then asked to click on the Click here to enterlink button, which will take you to a form hosted on Google Spreadsheets.

The form is titled – Facebook Converterin which you are asked to enter your Facebook  username and password. You really don’t have to do this. Since this is a phishing attack, your username and password will be sent to the scammer, who will have full control over your Facebook account.

Facebook Profile Converter - Phishing Attack

UPDATE: Google has deleted the form.

If you have accidently clicked on the link and completed the form, I advise you to immediately change the password of all your accounts. Please understand that there is no way to get back to the older version of Facebook. Facebook does not provide an option to its users to revert back to any of the previous versions. If you come across any applications or pages that claim to change your Facebook account to the older version, then please ignore or delete it. You can report such apps or pages to the Facebook Security  team.

However, there are browser  extensions  that will help your get back to the older versions of Facebook. Keith has written an article on How yo can change the new Facebook layout to the older one.

Avoiding such scams is not an easy task, but you can always follow caution. Check out the following post on to how you can  use a security application for protecting you from Facebook scams.

As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on  removing apps from Facebook. We have compiled a list of  Most Actively Spreading Scams on Facebook  that you might want to have a look at.

(via)

Pics of Osama Bin Laden Are Finally Released – Twitter Phishing Attack

Since the death of the most wanted criminal, terrorist leader Osama Bin Laden, there have been several scams and phishing attacks spreading on Facebook and Twitter, which claimed to show a leaked death videoof the terrorist.

For a while, scams and phishing attacks related to Osama Bin Laden had stopped, but now phishers are once again on the look for naive Twitter users, promising and tricking them to show leaked pictures of Osama Bin Laden.

Users on Twitter are tweeting (RT) a message that states – “Pics of Osama Bin Laden Are Finally Released! [LINK] ::wanring very gorry::”. The same message is spreading with simplified content – “Pictures of Osama Bin Laden [LINK] that leads to a page”

Pics of Osama Bin Laden Are Finally Released - Twitter Phishing Attack

Clicking on the short URL will lead to a site which is a clone of Twitter home page. You are asked to login to Twitter by providing your username and password. Before you enter your login details, take a look at the URL in your browser’s address bar. You can see that it’s a fake URL and it is simply an attack to steal your login details.

If you enter your login credentials and click on Sign in button, your account details, including the password will be sent to the phisher via email. The phisher will then have complete control over your Twitter account, who can use your Twitter account by further spreading the scam message to your followers by tweeting and sending them private messages.

If you happen to use the same password in multiple places like Facebook and Gmail, it is likely that your other accounts might be compromised as well. This way, the phisher can steal more information for financial gain.

I suggest you to avoid clicking on the link and alert your followers about the attack. If you have mistakenly clicked on the link and entered your login details, then change the password of your Twitter and all other accounts immediately. Also, contact your followers to stop re-tweeting the message and ask them to change their account password as well.

Twitter has been a victim of  several  scams  in the  past, most of which were sent through direct messages (DM), however, the DM scams have come down considerably after Twitter employed a brilliant spam protection for DM messages. However, it looks like spammers have begun using the plain old email scams to trick users again.

Please feel free to retweet this post so that your friends and followers will be aware about the issue.

Facebook Security Network – Phishing Attack

There are a dozen of scams spreading on Facebook every day. We constantly report Facebook scams, so that it helps users stay cautioned about it. Recently, a fake message that was spreading on Facebook stated – Lady Gaga was found dead in her hotel room. Well, scam messages like this are created in order to drive traffic to scammers’ websites or earn money.

Facebook is not just prone to scam messages, but also to phishing and malware attacks as well. There have been an increasing number of phishing and malware attacks recently. The latest in the series is a phishing attack that sent users a security message from fake Facebook Security Network. The message states that the user had violated the Facebook Terms of Services and requires completing a verification process.

The user is asked to click on a bogus link that leads to a fake account verification page. The message also gives a warning that Facebook account will be blocked, if the user does not verify his/her account in the next 24 hours.

Facebook Security Network - Phishing Attack

You can notice that the link provided to verify your account is a fake. It has the link – http://shortlink.tk/gh/accountconfirm which redirects again to  http://apps_facebook_account_help_center.cast.cc. Facebook does not create any short URLs when it comes to security related issues. Clicking on the link will take you to a page where you will have to go through the verification process.

During the process, you will be asked to enter your name, DOB, credit card number and your password. You will also be asked to enter your email id and password. Well, this not only hacks your Facebook account, but also your email account.

Facebook Security Network - Phishing Attack

At the end of the process, the details entered are sent to the scammers via email, and the scammer will have complete control over your accounts. It is recommended that you ignore the message and DO NOT click on any inappropriate links.  To protect against phishing scams, Facebook users should make sure that the URL they are visiting says “www.facebook.com.” If you find the URL to be different, but having a design similar to Facebook, then it is likely to be spam.

If you have accidently clicked on the link and completed the verification process, I advise you to immediately change the password of all your accounts.

There are over 750 million active users on Facebook, and its high time Facebook takes action against scammers and phishing attacks. Avoiding such scams are not an easy task, but you can always follow caution. Check out the following post on to how you can  use a security application for protecting you from Facebook scams.

As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on  removing apps from Facebook. We have compiled a list of  Most Actively Spreading Scams on Facebook  that you might want to have a look at.

(via)

Redditor Receives Phishing Email, Hacks the Scammer, and Reports Him

While surfing through Reddit this morning, I stumbled across an interesting submission from a Redditor going by the username “Tomble”. Apparently, Tomble received a standard PayPal phishing mail demanding personal information for “verification purposes”. However, unlike most of us, who would simply report it as a phishing attempt and be done with it, Tomble decided to do some snooping around.

Tomble noticed that the domain name had a structure similar to “http://www.example.net/~joe”, which indicated that the username for that domain’s control panel as well as ftp account was probably ‘joe’. He then decided to try his luck by assuming that the ftp address will be similar to the domain name. His guess turned out to be correct. He still didn’t know the ftp password. However, the domain indicated that this particular webspace was provided by an ISP. Hoping against hope that the webmaster hadn’t changed the default password, which is often just ‘password’, he entered ‘password’ as the ftp password. Amazingly, it worked, and Tomble managed to break into the server.

The website actually belonged to some clueless gentleman who probably had nothing to do with the scammer. The scammer probably managed to break into the server in the same way Tomble did, and planted a few PHP scripts to collect PayPal authentication information.

Tomble found all of this information stored in a single text file. So far, three gullible PayPal users had fallen for this scam. He immediately notified the concerned ISP. However, he didn’t receive any immediate response. On the other hand, two more users had fallen victim within the next thirty minutes.

Tomble now decided to intervene. He made a few modifications to the phishing website (see screenshot below). All of the victims, with the exception of one guy from Thailand, had left their phone numbers for verification purposes. Tomble emailed the Thai guy, and called up the other four with the following helpful suggestion.

Hi, my name’s Tomble, this might sound weird but I received a scam email pretending to be from PayPal this morning. I was able to follow it back and discovered your contact information there. You should contact your bank and let them know your credit card has been compromised, so they can protect you from fraudulent charges.

Scammer-Gets-Scammed

While one of the victims was initially suspicious, all of them eventually realized that Tomble was one of the good guys. In one case, he had to leave a message with the wife of the victim, who will probably find himself in some minor domestic trouble due to his gullibility.

It’s unfortunate that even today people are falling for phishing scams and Nigerian scams. Significantly, all of the victims were between the ages 39 and 60. While the younger ‘cyber-generation’ is by and large aware of the threats they face online, many from the older generations still need to be educated. Do you bit today, and educate your parents and grandparents about online security. As our fine Australian friend, Tomble, has shown, a little effort can go a long way.

Government Employees Fooled by Greeting Card Trojan

email from uncle samThe U.S. Government seems to be leaking a lot these days. After the WikiLeaks scandal, and the leak of the plan to stop leaks, we’ve heard about another leak. Two days before Christmas, an unknown number of government employees opened a greeting email that looked like it was from the White House. Normally, that’s no big deal, but this email contained a surprise gift.

Here’s what it said:

As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we’re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.

Greeting card:

hxxp://xtremedefenceforce.com/[omitted]
hxxp://elvis.com.au/[omitted]

Merry Christmas!
___________________________________________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500

People clicking on the links in this phishing email, downloaded a trojan called ZeuS. If they installed it, their computers proceeded to send out all of the Word and Excel documents to a hacker’s website. It appears that this hacker only wanted information that he could later sell.

Here’s what the greeting card website looked like.

trojan-ecard from krebsonsecurity.com

(image from KrebsOnSecurity)

I don’t think I should have to tell everyone this, but you should never have to download a greeting card. If you are asked to do this, exit the web page immediately.

Someone should have told the government employees about stuff like this. Very sensitive documents were stolen because the employees didn’t know about the high-risk practice of downloading from unknown websites.

Some of the documents were identified as coming from such places as the National Science Foundation, the Massachusetts State Police, the Financial Action Task Force, the Millennium Challenge Corporation, and many other .gov sites.

The US Government is now proposing that people use an Internet ID card to protect their privacy. Would you trust them to know how to guard   your private information?

[via krebsonsecurity]

Gmail China Hijacked by Chinese Hackers

Gmail has been revamping its contact manager and UI, however, in another part of the world, China to be specific, Gmail users are being scammed by hackers into giving away their usernames and passwords.

gmail_phishing_china

According to reports from Fast Company, for the past few weeks, several Gmail users are being redirected to a phishing site as seen in the screenshot above (courtesy FC) when they access Gmail.com. This also happens when they access Gmail through the Google toolbar.

This is not the first time that Google has had a problem in China, earlier this year, some high profile Gmail accounts were hacked, leading Google to stop their search service in China and threaten a complete pullout from China. However, Google did not pullout of China and renewed their operating license last month.

The current redirection of the Gmail domain to a phishing site definitely looks like a DNS hack which might not have propagated fully, which is why only few users are being redirected to the phishing website. However, Google might have definitely rectified the issue by now, but this goes on to show that Google definitely is on receiving end in China.

Update: A Google Spokesperson Jay Nancarrow reached out to us to clarify about the issue Gmail users are facing in China, the statement is embedded below.

This phishing attempt is not unique to Gmail and should not be misconstrued. As always, users should be careful about where they share their personal information, and should avoid clicking through warnings about suspicious sites. We encourage Gmail users to visit https://mail.google.com directly

He also adds that this is on background and not for attribution, but the same IP address hosting the fake Gmail URL has hosted phishing pages for other popular online services in the past. Screenshots indicate that this URL was being flagged by our Safe Browsing tool as a suspicious site, which would have warned users before viewing the page.

Warning: Twitter Account Deletion Phishing Email Scam

A new Phishing email is being sent out to users saying that their accounts will be deleted unless they click on a link. The link in question leads to a scam website and may compromise your accounts.

Though I do not have any such email samples with me right now, a tweet was officially tweeted by the @safety account on Twitter, the tweet reads:

Heads-up: if you receive an email saying that your account will be deleted unless you click on a link, it’s not from us.

Twitter has been a victim of several scams in the past, most of which were sent through direct messages (DM), however, the DM scams have come down considerably after Twitter employed a brilliant spam protection for DM messages. However, it looks like spammers have begun using the plain old email scams to trick users again.

It was not clearly mentioned on how user’s email address was compromised, but make sure to delete any emails which tell you that your Twitter account will be deleted.

Theft in Virtual World Triggers Investigation in Real World!

The Finnish police are investigation into a huge case of theft in the virtual world where furniture worth £840 is reported to have been stolen. The total number of cases amount to 400 and the thefts, all of them, have  occurred  at the Habbo Hotel. This is the second attack on the hotel, the first one being in 2007 when a Dutch teenager stole furniture from the hotel.

The thefts are occurring as a result of phishing scams where users are tempted to give in their usernames and passwords in the virtual world. Mikko Hypponen, chief research officer at internet security firm F-Secure says,

Habbo as a virtual world is targeted by thieves from all over the world.  We see malicious attacks and trojans stealing accounts for all the games you can imagine, including World of Warcraft, Farmville and so on.  Poker games for example are susceptible to trojans which share your cards with other players around the table.  When the TV stars play poker online, we’re talking potential losses of hundreds of thousands of euros.

It is funny as to how a theft in the virtual world is triggering investigations in the real world though on the other hand, it is good to see that the Finnish police are taking up these cases in display some immense online awareness.

(Source)

Facebook ‘Hilarious Video’ Phishing Attack Spreading Fast

Facebook has been seeing an increasing number of phishing and malware attacks recently. The latest in series is a phishing attack that lures you to watch the ‘most hilarious video ever’ but when you try to click on it, it asks you for your login credentials and installs the ‘Media Player HD’ app on your Facebook account. The app not only compromises your Facebook account but also installs malware on your computer leading to a potential leak of sensitive information.

To avoid it, simply DON’T click on any such link inviting you to watch a hilarious video and if you think you have already, change your Facebook password and uninstall the ‘Media Player HD’ app. The message for the hilarious video may appear on your wall or come in as a message from one of your friends. To save yourself from such attacks you can also install a free app Defensio that will protect your wall from messages like these.

Twitter Rolls Out Brilliant Spam Protection For DM Scams

users have been a victim of several DM scams and phishing scams in recent times, most of the times, users were send scam links, clicking on which would ask users to enter twitter details or compromise a user’s account, and then send out similar messages to their friend list.

twitter_dm_scams

However, that may be a thing of the past, since Twitter will now pass all the links in Direct messages through one of their own services, so that they can track and halt the problem at the core itself.

What this means is that if someone sends you a link in a Direct message or if you receive an email with the direct message, the links contained in them will go through twt.tl before reaching the destination URL.

This is definitely a smart move, considering that Twitter can disable a user from visiting a scam or phishing URL at their end itself. This will also allow Twitter to quickly avoid a scam from spreading across to multiple users.

I was always wondering on how Twitter would take steps to stop the DM scam, and this is one of the best possible solution one could come up with. Way to go Twitter, this is brilliant. More info at the Official Twitter blog.