Spam & Phishing

Digital blackmailing

We are used to see ransomware encrypting files and requesting money (bitcoin) to decrypt them. I received now a new email on a corporate address, which is a black-e-mail … in digital form. I have to say, that the amount of thoughts expressed in the email is interesting. Somebody, with some basic knowledge and bad English knowledge has put some infos together. 🙂   Here is the plain text, so that it is easier to index: Hello. I do not want to judge anyone, but as a result of several occasions, we have point of contact from now. I do…

Read More

Targeted Malware on the rise

  Ever wondered what a “spear phishing” is ? Or a “targeted malware” ? See below: It is an email targeted to a member of an organization, which is made to look as legitimate as possible. The difference between normal phishing and malware emails and a targeted one is that the contents of the emails are referring to locations or persons of the organization being targeted. In this case, Avira: as you can see below, there are apparent links to internal locations. Of course, they are all fake (like in phishing). In reality, they point to malicious documents and locations…


Colorful spams are back!

Yeeesss, the Spam/Trash folder is no longer so boring! Finally, the spammers are now using all the features of the email clients and have made the subjects to look much nicer. Do you know how they do that? They add UTF8 characters in the subject and then they encode the entire string using Quoted-Printable encoding: Content-Type: text/html; charset=”utf-8″ Content-Transfer-Encoding: quoted-printable Subject: =?utf-8?q?=F0=9F=91=B6_Free_Trial_of_Diapers_from_The_Honest_Company_?= =?utf-8?b?8J+Rtg==?= This is the output:   Another example: Content-Type: text/html; charset=”utf-8″ Content-Transfer-Encoding: quoted-printable Subject: =?utf-8?b?8J+YqCBXaWZlIFdhbGtlZCBJbiAtIE9PUHMhISEhISDwn5io?=


I received the first “nigerian scam” on XING

As a premiere, I received the first Nigerian Scam on XING. It is quite common to receive such requests on LinkedIn, but for me it is the first time on XING. This is the text: Hello Sorin Mustaca, I have partners who I front for to assist source for a foreign partner who could be of help to receive fund for the purpose of various viable investment abroad on their behalf, they are all still in service and want anonymity to protect their reputation in service.I will furnish you with their mode of operations after receiving your readiness. Regards, Dr….


Stock spam is back!

After many years, the penny stock spam is back. Hello, info! <name> needs your attention. This is the only stock you need to buy today. Keep on reading to find out why.. <name>(ticker: <tick>) is a mobile games developer that has built some of the most popular games on the planet. The games have been downloaded more than 100 million times and the company is planning to launch 5 new titles in January 2017 (next month). <tick> is extremely undervalued and there are serious rumors circulating that the maker of Candy Crush (King, a multi billion dollar company) is about…


How clever social engineering can overcome two-factor authentication… or not?

If you have a Google account you must have two-factor authentication enabled in order to prevent anyone to use your account by just having your username and password. If you don’t know how to do that, check my free eBook here. 2FA requires something that you know (username and password) and something that you have (smartphone) in order to allow access to your account.Unless somebody gets all of them, they simply can’t steal your account. Until now… Alex MacCaw has published screenshots from a new scam appeared that is targeting Google users who have two-factor authentication enabled (2FA). It works like this:…


Is eBay actually supporting phishing?

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”. The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”. “Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure…


Why do the more recent spams have so colorful subjects?

And I mean really colorful, as in it has signs and colors. Like the one in the featured image. If you look in their source, they look like this: Subject: =?utf-8?b?8J+QlfCfkIhZb3UgY2FuIHNhdmUgb24gcGV0IGZvb2Qg8J+QlfCfkIg=?=     As it can be seen on this page, there are all possible symbols described: http://www.unicodetools.com/unicode/codepage-utf8.php All it has to do is to force the email client to display them. Most of the time, it actually works, as can be seen above. Sometimes, it doesn’t, even if the symbols are correctly set up: Subject: =?utf-8?q?=F3=BE=86=93_sorin=2Emustaca=2C_Discount_Dental_Implants_in_You?= =?utf-8?b?ciBBcmVhIPO+hpM=?= You can actually see the character’s code number 🙂     So, are…


What do you think: new type of spam or just misconfigured servers?

My Junk folder from ITSecurityNews.info is currently flooded with “Delivery Status Notification” from various servers, all with the same content. Various servers, same content, in Russian:     The email goes indeed from a non existent email address of my domain to some server that refuses it for various reasons. What can you do? Block the spam: Fortunately, Google detects this mail as spam and blocks it. Unfortunately, this is pretty much everything you can do. 2) Don’t use a catch-all email address The reason for which my Gmail account was receiving this amount of emails was because it was…


How you can see that the cyber crooks are preparing for XMas

I start this post with the Conclusion Don’t fall for these scams! You will never get money or vouchers like this.     Details I see a lot of these messages in my Spam folder:   PayPal payment received     Report Spam Hi, Your account has been credited with $563.50 Click Here to Claim If you don’t want to get any more e-mails please Unsubscribe     Malware as invoice   Dear Customer Your invoice appears below. Please remit payment at your earliest convenience. Thank you for your business – we appreciate it very much. Sincerely, Dwain Dale Courier…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close