1. An unauthorized transaction billed to your bank account- Although most people should know that if their bank spots a fraudulent transaction they will call you or send you a letter - not email you, this subject line is alarming enough to get some people to open it and wind up getting phished or infected with malware.
2. DHL Tracking number #######- This is one of the oldest campaigns. A variation uses UPS instead of DHL, but in both cases the included attachment has a hidden executable that contains malware.
3. FDIC has officially named your bank failed bank- An obvious attempt to exploit the economic crisis. Too bad the horrible grammar gives it away.
4. Hello- This is why it’s often advised not to send emails this way. Many spam filters flag messages with “Hello” or “Hi” as the subject because of campaigns like this.
5. Notice of Underreported Incomeir- The glaring misspelling gives this away as spam right away.
6. Review your annual Social Security statement- This has been around for a while as well. The scammers are hoping there are still folks out there who don’t know that the SSA sends out your statement via postal mail about 6 months before your birthday each year.
7. Welcome to Friendster- An obvious attempt to exploit a brand. Unfortunately for them Friendster isn’t quite as popular as it used to be.
8. You have received a file from (email) via YouSendIt.- This campaign is banking on people’s natural curiosity to be peaked enough to open it.
9. Your Flight Ticket #####- Delta was one of the more recent airlines to be exploited by this campaign. The scammers are hoping that when someone gets the fake ticket and cheery note informing them that their credit card has been charged over $800 that they’ll be upset enough to not think first and open the attached paperwork, which delivers a Trojan.
10. Your Order with Amazon.com- This is a blatant phishing campaign. Every link in the fake notification leads to a fake Amazon login page. It’s pretty easy to spot though because the total amount due, which is listed twice, is always two different amounts and there is plenty of broken English as well.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Top 10 Zeus Campaigns

I recently joined a few email administrator discussion groups on LinkedIn.  I was surpirsed to see how many administrators are currently in a job search.  Although you may already know how to identify email phishing scams, it’s easy to get so caught up in the pressure which may derail our focus.

With the global economic meltdown, millions of people are out of work.  The stress is enormous. Marriages are dissolving, because  love jumps out the back window when money stops coming through the front door.  CNN even reports that many failed marrages can’t be completely dissolved, because couples can’t even afford to go their separate ways.  Tensions escalate as some couples are forced to stay together because they can’t sell property.  This is very fertile ground for email spam phishing scams to reap huge profits.

The phishing sharks are circling the rough water of a highly competitive job market. This volatile emotional climate sets the  stage for people to make very irrational decisions. People in a job search are vulnerable and easy prey for phishing scams. Bank accounts are being emptied due to people allowing their emotions to override making practical business decisions.    It’s  easy for anyone to get lathered up with email scams promising a job opportunity or making fast cash working at home in, but a cool head and common sense must prevail. I can  personally attest there are legitimate work at home opportunities.  When I’m not providing technology support to email clients, I provide business career coaching services.  My wife also runs a very successful Internet eComerce business.

Job Search Phishing Scam Prevention

• Make appropriate adjustments to your spam phishing filters and make sure the most recent updates are in place.
  

• Legimate job search sites will never send email that asks for personal information. They will also NEVER ask you to update your account via email with a link requesting you to login.

• Using your computer mouse feather over links in an email. This allows you to verify the actual web site link.

• When posting a resume online, take your time in creating a balance in disclosure vs. security. Use sites, like Careerbuilder and Monster, that allow suppressing personal information.

• Use a complex password that includes letters, numbers and special characters.

• Use multiple passwords on multiple job sites.

• Don’t send your password to anyone in an email.  You are the only person who should know your password.

Don’t send any money for job search services until you perform due diligence.  Many phishing emails present themselves as authentic services that will get you up and running with a new job quickly, but ask for a deposit up front. The Riley Guide provides many job search resources that are thoroughly verified by the owner of the this web site.  Consider using this guide as a reference.  Also consider global organizations, such as Empowering Today’s Professionals Network, that have a successful record in helping people land jobs without any up front fees. Use LinkedIn to verify companies. There is also a career management toolbar you can install to quickly obtain business intelligence on companies.

Email job offers from unknown sources should be viewed as a phishing scam until you confirm its legitimacy.  As the famous Murphy’s Law states “if it looks too good to be true, it usually is”.  Gathering business intelligence heightens our use of common sense. This keeps emotions in check and money in your bank account.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Use Common Sense During a Job Search

Here are a couple of weak spots, as identified by the CERT Coordination Center:

1. Outlook Express HTML protocol handler does not properly validate location of alternate data
This is a cross-domain vulnerability where a specifically formatted URL invoking the InfoTech Storage (ITS)2 format protocol handlers could cause Internet Explorer to load an HTML document located within a Microsoft HTML Help (CHM) file. This HTML document would then be rendered in the Local Machine Zone. This HTML document could contain a script, ActiveX object, or IFRAME element to download and execute malicious code. We have observed this vulnerability used extensively in attempts to install malware.

2. Mozilla may execute JavaScript with elevated privileges when defined in site icon tag
This cross-domain vulnerability in the Mozilla suite of web browsers allows scripts within the LINK tag to run unprompted with the privilege of the user running the web browser. We have observed this vulnerability used in an attempt to install malware.

3. Cross-Site Scripting Attacks
Cross-site scripting (XSS) attacks can occur in programs on web sites that accept user input. If the program does not properly sanitize the input data, the vulnerable program may process input or even execute code that the original program was not intended to do.  For example, a phisher could construct a URL that uses a vulnerable program on a legitimate commerce site. This URL would also contain (probably obfuscated) code, such as JavaScript, that could target account credentials. There have been reports that this type of attack was used in a phishing scam against a bank.

A more common XSS attack that has been used in phishing involves the exploitation of vulnerable URL redirector programs. URL redirectors are often used by web sites to perform custom processing based on attributes such as web browser or authentication status or even just to display a message when clicking on a link to an external site. There have been multiple incidents of commerce sites using URL redirectors that allowed a user to input any external URL they wanted to. Thus phishers were able to send phishing emails with URLs that used the vulnerable redirectors on the legitimate sites to trick people into visiting phishing sites.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Phishing Emails Exploit Browser Weaknesses