phishing

Dropbox phishing: someone is interested in your corporate files

I wrote before about the Target Malware. Now I can also write about Phishing. Here is one for Dropbox:     What is wrong with this email ? the contact me by extracting the user part in the email address (smustaca) The “Verify your email” goes directly to a phishing website. The text is rather unusual, as Dropbox will never send anything like this. Dropbox adds some personalized links at the end of the emails. Emails from Dropbox come from “Dropboxmail.com” and not from “dropbox.com”     Why would anyone phish Dropbox? In order to get your files!   Why…


Is eBay actually supporting phishing?

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”. The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”. “Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure…


Major PayPal failure: sending emails following all rules of a “good” phishing email

The email below (in German) is from PayPal. It is not a phishing email or a spam email pointing to some online pharmacy. I assure you of this. I have verified the DKIM and SPF information in the headers, checked all headers of any trace of alteration and of any trace of foreign IP address or domain. It is also very correct: it informs me that my credit card behind the PayPal account is about to expire. It asks me to update the credit card by clicking on the yellow button.   At this point, I am without words. I…


“Apple iPhone 7 testers wanted”: Probably the most complex scam I’ve seen this year!

  This scam is sent by CHTAH.COM platform which is known to send millions of spam emails. You can see its added “value” by inserting the three colored rectangles on top of the mail. “iPhone 7 Testers Wanted!” is trying to lure the readers to a website that looks very much like the times.com website.   Hey there,   It is official. Apple stores are crazily giving out iPhone 6 for ONLY 1£.   In order to claim your iPhone 6 for 1£, please follow the instructions below: 1) Click this link to tell us what improvement you want to…


PayPal Phishing for German customers with innovative social engineering technique

  Nothing special in this phishing email in German from the “PayPal Team” asking to click in order to unlock your PayPal account. PayPal – Informationen erforderlich! Hallo Ihr PayPal-Konto ist vorübergehend gesperrt. Sie können keine weiteren Zahlungen bei PayPal tätigen. Um die Sperrung Ihres Kontos aufzuheben und die Entfernung all Ihrer aktiven Fälle sowie weitere AGB Widerrufe, müssen Sie die fehlende Informationen eintragen. Bitte gehen sie wie folgt vor. Die Seite Jetzt loslegen aufrufen und die Schritte durchführen.     The first screens ask for PayPal account and name of the owner, so all is standard for this kind…


Phishing on a different level: IRS Scam

IRS(Internal Revenue Service) is the official authority in the USA to collect taxes. “Why would someone phish them?”, you may ask.   That’s why:(see red area below).   In the form they ask you to have access to your bank account. They have all needed proves to substitute you: address, tax payer ID and many others. This way they can pay with your bank account when they pretend to be you. Solution: Never answer such requests per email. Erase the email immediately.    


Phishing created for Apple’s mobile devices

I received last night an email pretending to come from Apple’s support. But, it is badly made if you see it in an email client. Dear Customer AppleID14028364ca Due to recent updates we are asking many of our customers to confirm their information this is nothing to worry about. We are making sure we have the correct information on file and that you are the rightful account holder. Failure to comply with this may result in your account being suspended. Once completed you may resume to use your account as normal and we would like to thank you for taking…


No Picture

Spam impersonating PayPal using attached form

A classical phishing email… Nothing special (same bad English, as always). Dear Valued Customer, Unauthorized access has been detected in your account. Unfortunately, due to this event, our security system has limited the access to your account. Account Limitations prevent you from completing certain actions with your account, such as withdrawing, sending, or receiving money. These limitations are implemented when we see unusual or suspicious activity to help protect both PayPal buyers and sellers. Please verify your account by completing the form which is attached in this email. By doing this, restrictions in your account will be lifted. We apologize…


No Picture

Phishing attempts making use of the eBay data breach

I wrote about the eBay data breach where cybercriminals got access to some eBay employees’ credentials and accessed the internal network. Names, email addresses, postal addresses, phone numbers, birth dates and encrpyted passwords were obtained. eBay started a campaign to reset the password of all their users. More information is available in their FAQ. Unfortunately, the breach occurred some time ago (between February and March this year) and this gave time to the hackers to already make use of the data. eBay communicated that the breach was discovered two weeks ago, but why they didn’t disclose the fact earlier it is not yet…


No Picture

Some thoughts about the spam attack sent through InternetOfThings (Proofpoint)

http://www.proofpoint.com/about-us/press-releases/01162014.php More than 750,000 Phishing and SPAM emails Launched from “Thingbots” Including Televisions, Fridge Note: An article about this has been published by Richard Adhikari in TechNewsWorld.   A general comment on the entire story. Security researchers usually use spamtraps (an email address that receive nothing else than pure spam) to collect these emails and then some kind of spam trap processsing machine would analyse the emails and extract the IP address of the sender. In order to see that an email is coming from a certain type of device, it is required to obtain the IP address of the…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close