Spam & Phishing

Colorful spams are back!

Yeeesss, the Spam/Trash folder is no longer so boring! Finally, the spammers are now using all the features of the email clients and have made the subjects to look much nicer. Do you know how they do that? They add UTF8 characters in the subject and then they encode the entire string using Quoted-Printable encoding: Content-Type: text/html; charset=”utf-8″ Content-Transfer-Encoding: quoted-printable Subject: =?utf-8?q?=F0=9F=91=B6_Free_Trial_of_Diapers_from_The_Honest_Company_?= =?utf-8?b?8J+Rtg==?= This is the output:   Another example: Content-Type: text/html; charset=”utf-8″ Content-Transfer-Encoding: quoted-printable Subject: =?utf-8?b?8J+YqCBXaWZlIFdhbGtlZCBJbiAtIE9PUHMhISEhISDwn5io?=

Read More

I received the first “nigerian scam” on XING

As a premiere, I received the first Nigerian Scam on XING. It is quite common to receive such requests on LinkedIn, but for me it is the first time on XING. This is the text: Hello Sorin Mustaca, I have partners who I front for to assist source for a foreign partner who could be of help to receive fund for the purpose of various viable investment abroad on their behalf, they are all still in service and want anonymity to protect their reputation in service.I will furnish you with their mode of operations after receiving your readiness. Regards, Dr….


Stock spam is back!

After many years, the penny stock spam is back. Hello, info! <name> needs your attention. This is the only stock you need to buy today. Keep on reading to find out why.. <name>(ticker: <tick>) is a mobile games developer that has built some of the most popular games on the planet. The games have been downloaded more than 100 million times and the company is planning to launch 5 new titles in January 2017 (next month). <tick> is extremely undervalued and there are serious rumors circulating that the maker of Candy Crush (King, a multi billion dollar company) is about…


How clever social engineering can overcome two-factor authentication… or not?

If you have a Google account you must have two-factor authentication enabled in order to prevent anyone to use your account by just having your username and password. If you don’t know how to do that, check my free eBook here. 2FA requires something that you know (username and password) and something that you have (smartphone) in order to allow access to your account.Unless somebody gets all of them, they simply can’t steal your account. Until now… Alex MacCaw has published screenshots from a new scam appeared that is targeting Google users who have two-factor authentication enabled (2FA). It works like this:…


Is eBay actually supporting phishing?

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”. The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”. “Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure…


Why do the more recent spams have so colorful subjects?

And I mean really colorful, as in it has signs and colors. Like the one in the featured image. If you look in their source, they look like this: Subject: =?utf-8?b?8J+QlfCfkIhZb3UgY2FuIHNhdmUgb24gcGV0IGZvb2Qg8J+QlfCfkIg=?=     As it can be seen on this page, there are all possible symbols described: http://www.unicodetools.com/unicode/codepage-utf8.php All it has to do is to force the email client to display them. Most of the time, it actually works, as can be seen above. Sometimes, it doesn’t, even if the symbols are correctly set up: Subject: =?utf-8?q?=F3=BE=86=93_sorin=2Emustaca=2C_Discount_Dental_Implants_in_You?= =?utf-8?b?ciBBcmVhIPO+hpM=?= You can actually see the character’s code number 🙂     So, are…


What do you think: new type of spam or just misconfigured servers?

My Junk folder from ITSecurityNews.info is currently flooded with “Delivery Status Notification” from various servers, all with the same content. Various servers, same content, in Russian:     The email goes indeed from a non existent email address of my domain to some server that refuses it for various reasons. What can you do? Block the spam: Fortunately, Google detects this mail as spam and blocks it. Unfortunately, this is pretty much everything you can do. 2) Don’t use a catch-all email address The reason for which my Gmail account was receiving this amount of emails was because it was…


How you can see that the cyber crooks are preparing for XMas

I start this post with the Conclusion Don’t fall for these scams! You will never get money or vouchers like this.     Details I see a lot of these messages in my Spam folder:   PayPal payment received     Report Spam Hi, Your account has been credited with $563.50 Click Here to Claim If you don’t want to get any more e-mails please Unsubscribe     Malware as invoice   Dear Customer Your invoice appears below. Please remit payment at your earliest convenience. Thank you for your business – we appreciate it very much. Sincerely, Dwain Dale Courier…


Major PayPal failure: sending emails following all rules of a “good” phishing email

The email below (in German) is from PayPal. It is not a phishing email or a spam email pointing to some online pharmacy. I assure you of this. I have verified the DKIM and SPF information in the headers, checked all headers of any trace of alteration and of any trace of foreign IP address or domain. It is also very correct: it informs me that my credit card behind the PayPal account is about to expire. It asks me to update the credit card by clicking on the yellow button.   At this point, I am without words. I…


LinkedIn phishing ? Think again…

When you see such an email, you don’t think that it is a phishing… After all, why would anyone steal your LinkedIn credentials, right? Nobody would request a ransom to give your credentials back, nobody would steal your email & password and try to reuse them on other websites. You have, after all, read my eBook “Improve your security” and you do have an algorithm to create a unique password for each website.   Linked In Jamie Moore has sent you a message Date: 10/25/2015 http://www.linkedin.com/?viewMsg=d7fff&profile=67994&recipient=sorinmustaca View or reply to this message Don’t want to receive e-mail notifications? Adjust your…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close