Phishing is usually associated with email, but scammers have been known to redirect their prey offline before they close in for a kill. One way they do that is through retro tech like the good old fashioned fax.

Of course, lots of faxes today are just a step removed from email. Fax hosting services issue their users a phone number for receiving faxes. When the faxes are received by that number, they’re emailed to the user who views them on a computer.

One kind of fax scam that has been a favorite of phishers involves the U.S. Internal Revenue Service. The flim-flammers send an official looking fax to a potential guppie demanding information from him or her. Failure to comply, the target is warned, will result in dire consequences.

Uncle Sam’s phishing fighters in the tax agency’s Online Fraud Detection and Prevention (OFDP) group began chasing down fax scammers in 2009. In the last 18 months, the group has shut down some 250 phishing numbers. Before the group entered the picture, the phishing phone numbers used to remain active for months. Now most numbers are croaked within 12 hours, according to the Anti Phishing Work Group (APWG).

That group announced this week that it has been enlisted by the IRS to help combat fax phishing and has launched a new educational initiative, the APWG Fax Back Phishing Education Program, to educate consumers about protecting themselves from offline grifters.

Continue reading IRS teams with phishing fighters to school public»

A 23 year old Romanian immigrant from Michigan has been sentenced to 8 and a half years in prison for his role in a phishing scam that left over 7,000 victims and raked in over $700,000. Starting in June 2000, when he was 14 years old and lasting through February 2007, Sergiu Popa used two email accounts to send out phishing emails made to look like legit messages from such companies as Citibank and Paypal. Unwitting victims who clicked on the links were sent to the fake websites he set up and had their personal info stolen. He pleaded guilty to the charges in hopes of getting a lenient sentence, but the plan backfired

 

“Because there were so many victims who were hurt badly, the court believes the sentence is appropriate in order to protect the public,” said Judge John Tunheim. “There needs to be a deterrent to others who are trying similar crimes over the Internet.”

One file found in his Yahoo email account contained credit card information for over 5,000 people. Upon searching his home, the FBI found blank plastic cards being used to make fake credit cards and driver’s licenses, a machine used to print graphics on such cards, and foil ribbons used to stamp the holographs used on legit cards. Continue reading Phisher Sentenced to Eight Years in Prison»

The Anti-Phishing Working Group (APWG)  is at the top of their game, where ecrime is concerned.  APWG is a consortium that tracks Internet fraud and scams. This organization  recently submitted a plan to automate submissions of phishing and other ecrime related incident reports. This plan is pending review by the Internet Engineering Task Force (IETF)

As reported in PC World by Jeremy Kirk , “The challenge facing law enforcement and security organizations is a lack of a coherent reporting system, said Peter Cassidy,  secretary general of the APWG. Until now, there was no standard way to file an e-crime report. That makes it hard to coordinate the vast amount of data that is collected on cybercrime, Cassidy said.”

Once the IETF approves this electronic reporting system, it may still be a while for a complete roll out of this ecrime reporting system.  In the meantime, the APWG has published an industry advisory, which provides guidelines for developing a company ecrime incident reporting process.  This can be immediately implemented.

Continue reading APWG Introduces New eCrime Incident Reporting»

DomainKeys Identified Mail (DKIM) is a method for verifying email as being authentic.  DomainKeys was designed by Mark Delany of Yahoo!.  DomainKeys is covered by a U.S. patent assigned to Yahoo!.  Although it has been around for quite a few years, I suspect 3 variables have prevented DKIM from gaining wider acceptance.  Cost of implementation, universal compatibility between disparate email systems and speed of encryption/decryption processing must each be addressed for wider acceptance.  DKIM would be an excellent compliment to spam filters.

DKIM adds a header named “DKIM-Signature” that contains a digital signature of the contents (headers and body) of the mail message. The default parameters for the authentication mechanism uses a  cryptographic
algorithm and RSA as the public key encryption scheme, and then encodes the encrypted hash.

The receiving SMTP server then uses the name of the domain from which the mail originated, the string “domain key”, and a selector from the header to perform a DNS lookup. The returned data includes the domain’s public key. The receiver can then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail message (headers and body) that was received. If the two values match, this cryptographically proves that the mail originated at the purported domain and has not been tampered with during transmission.

Continue reading The New Spam Sheriff in Town»

A new type of phishing scam that uses Google’s Calendar service is making the rounds. The scam first appeared last summer, and has reappeared last week, according to reports.

The phish appears as a Google Calendar email notification, and it appears to be identical to a standard Google Calendar invitation to an event. The phish has a bit more credibility than most, because the data thief actually uses a real Gmail account, and the recipient is addressed by their real name, and it is a legitimate, genuine Calendar invitation to an event. When the recipient clicks on the invitation, they are taken to the phisher’s real Gmail Calendar.

Continue reading Beware of Google Calendar phishing scam»

Phishing is an estimated $3 billion a year industry and the costs incurred by companies who fall victim to such attacks are rising steadily. So says a report by security monitoring firm Cyveillance. Among those costs are fraudulent charges on credit cards, customer support calls, cash withdrawals from hacked accounts, and employee time spent dealing with all the above.  Other costs that are more difficult to place a cash value on include damages to corporate reputations and branding and loss of customers.

Continue reading Phishing Costs Rising Steadily»

Apple’s popular MobileMe service, which offers Mac and iPhone users webhosting, a personal email address, file sharing, and online data synchronization between their devices, has been hit with a phishing scam. Users received an email that looked like it came from Apple with the following message:

         “We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?”

The email then prompts the user to click on a link to update their info. The link is actually fake, and leads to a site owned by a Gmail user in Romania. The site steals the personal information of anyone who falls for the ruse and enters it into the phony Apple page.

This is the second time this year that phishers have targeted Apple. In May a similar email was sent to users of the immensely popular iTunes service. Security experts believe that phishers are aiming these attacks at Apple services to take advantage of Apple’s reputation of being more secure than Windows. They are banking on Apple users thinking such attacks could never happen to them and as a result not being wary of such emails. It appears that Apple users are not getting a rather rude wake up call. To scammers, no OS is off limits.

Consumer Reports is recommending Mac users dump Safari due to its lack of protection against phishing. The publication’s annual Internet security survey is recommending Firefox or Opera instead. Safari doesn’t include any anti-phishing tools, while the other browsers-and IE7-warn users when they try to access a known phishing or malware infected site and blocks it. Microsoft says the upcoming IE8 will also include an anti-malware tool as well. Continue reading Consumer Reports Recommends Mac Users Dump Safari»

Phishing is a very big problem on the net, and Ebay and Paypal are the two biggest targets. Everyday scammers send hundreds of thousands of phishing emails claiming to be from these net giants. The goal is to fool people into giving up their personal info so that the phisher can drain their bank accounts, hijack their ebay accounts, and more. Yesterday Gmail announced they have partnered with Ebay and Paypal in the fight against these scammers. The weapon of choice is Domain Keys and DomainKeys Identified Mail. From now on Ebay and Paypal will sign all emails coming from their domains, and as a result, Gmail will automatically reject any that are not authenticated-the users will never even know they were sent.

Continue reading GMail Partners With Ebay and Paypal to Fight Phishing»

A new phishing scheme is targeting iTunes users. The emails look like they are from Apple and tell the recipent there is a problem with their account and to log into the iTunes site via the link provided. The link leads to a malicious site set up to look like the iTunes store and ask for the recipient’s credit card number, social security number, and mother’s maiden name.

Security experts speculate that Apple has become a target for phishers as a result of it’s increasing share of the computer market via it’s iPhone, iTunes service, and multi-platform QuickTime and Safari software. This increased share gives phishers a large group to hit via Apple oriented attacks.

          “The bad guys have moved on from trying to take advantage of eBay or Citibank,” said Andrew Lochart, VP of product marketing at security vendot Proofpoint. “I guess this means that Apple is now a top-tier Internet retailer. The bad guys are trying to use Apple’s brand to commit identity theft.”

Fortunately, the scammers behind this new attack are not the brightest. They didn’t bother to even try and mask the domain their malicious site is parked on and anyone paying even the slightest attention is sure to catch on before being victimized. As of now, Apple has had no comment on the matter.