Spam & Phishing

LinkedIn phishing ? Think again…

When you see such an email, you don’t think that it is a phishing… After all, why would anyone steal your LinkedIn credentials, right? Nobody would request a ransom to give your credentials back, nobody would steal your email & password and try to reuse them on other websites. You have, after all, read my eBook “Improve your security” and you do have an algorithm to create a unique password for each website.   Linked In Jamie Moore has sent you a message Date: 10/25/2015 http://www.linkedin.com/?viewMsg=d7fff&profile=67994&recipient=sorinmustaca View or reply to this message Don’t want to receive e-mail notifications? Adjust your…


Bought a new domain, the effects in the web are incredible…

I wrote in the post “What do you think: aggressive sales campaign or fraud?” about the attempt to impress and scare me of losing my domain. Now, I bought a new domain which was free in Internet. I watched this domain for two years to become available again, after i lost it because of a bad ISP. Minutes later I started to get emails related to the above mentioned campaign: Attention: Important Notice , DOMAIN SERVICE NOTICE Domain Name: urlcheck.org ATT: Sorin Mustaca urlcheck.org Response Requested By 19 – Oct. – 2015 PART I: REVIEW NOTICE Attn: Sorin Mustaca As…


Nigerian scams on a totally new level

I received every day a few requests on LinkedIn and I also send a few. Many of these people I don’t know personally, and they are from all kind of industries. Usually, they are interested in IT Security, but not always. Most important, I never receive direct messages like the one below: The few keywords there like “business proposal”, “bank accountant”, “Lloyds Bank”, “CONFIDENTIAL” and the name of the guy, made me think immediately to a Nigerian Scam.   So, I replied back saying: What business proposal do you have ? The answer was the expected one 🙂 Oh, I…


“Apple iPhone 7 testers wanted”: Probably the most complex scam I’ve seen this year!

  This scam is sent by CHTAH.COM platform which is known to send millions of spam emails. You can see its added “value” by inserting the three colored rectangles on top of the mail. “iPhone 7 Testers Wanted!” is trying to lure the readers to a website that looks very much like the times.com website.   Hey there,   It is official. Apple stores are crazily giving out iPhone 6 for ONLY 1£.   In order to claim your iPhone 6 for 1£, please follow the instructions below: 1) Click this link to tell us what improvement you want to…


What do you think: aggressive sales campaign or fraud?

What do you think after you quickly read this letter? What makes this email special: addressed to me, using the data from the domain registration (mandatory things, which my registrar added) uses my domain name A lot of red text written in capitals special keywords like “notice”, “important”, “notification”, “expiration”, “act”, “immediately” has a clear deadline on it First time I read it I went very quickly and I thought that they try to take over my domain by requiring me to “prolong” the registration with them. This would have required to transfer the domain to them and then pay yearly fees to…


PayPal Phishing for German customers with innovative social engineering technique

  Nothing special in this phishing email in German from the “PayPal Team” asking to click in order to unlock your PayPal account. PayPal – Informationen erforderlich! Hallo Ihr PayPal-Konto ist vorübergehend gesperrt. Sie können keine weiteren Zahlungen bei PayPal tätigen. Um die Sperrung Ihres Kontos aufzuheben und die Entfernung all Ihrer aktiven Fälle sowie weitere AGB Widerrufe, müssen Sie die fehlende Informationen eintragen. Bitte gehen sie wie folgt vor. Die Seite Jetzt loslegen aufrufen und die Schritte durchführen.     The first screens ask for PayPal account and name of the owner, so all is standard for this kind…


Phishing on a different level: IRS Scam

IRS(Internal Revenue Service) is the official authority in the USA to collect taxes. “Why would someone phish them?”, you may ask.   That’s why:(see red area below).   In the form they ask you to have access to your bank account. They have all needed proves to substitute you: address, tax payer ID and many others. This way they can pay with your bank account when they pretend to be you. Solution: Never answer such requests per email. Erase the email immediately.    


Interesting blog trackback spam

A trackback is one of four types of linkback methods for website authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to their articles. Some weblog software, such as SilverStripe,WordPress, Drupal, and Movable Type, supports automatic pingbacks where all the links in a published article can be pinged when the article is published. The term is used colloquially for any kind of linkback. A trackback is an acknowledgment. This acknowledgment is sent via a network signal (ping) from the originating site to the receiving site. The receptor…


No Picture

Targeted spam: Cotap is a secure texting app for teams.

You thought that there are only Advanced Persistent Threats and Spear Phishing? Here is a new one : Targeted Ads. This time it might not be so dramatic, but imagine that you sent this to a lot of people. How many do you think that will register?   So, what’s the catch? If there are many people in a company that use the service, the company might decide at some point to pay for an enterprise feature. And, for this segment, the competition is big: Whatsapp is definitel rulling by far. I can’t say since I don’t have a Whatsapp…


No Picture

“Ze Foreign Accent” spam is back

Twelve years ago the IT security world was fighting against an unprecedented amount of spam emails. Spam is not and never was just a nuisance; it is a big problem because it slows down the good emails and takes up resources. Together with Virus Bulletin and some antispam researchers from various companies, a list called “The Spammer Compendium” was created.  This list contains methods used by spammers to trick spam filters and to have their emails delivered to the end users. One of the methods listed there is called “Ze Foreign Accent” spam or(BWO!Accent!Plain). The main characteristic of this method is…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close