Over the last few months I’ve noticed a resurgence of e-card spam scam from our unfriendly neighborhood spammers.

According to security expert Bill Mullins, in the last year, email inboxes have being swamped with similar scamming emails from fraudulent sites like Greetings.com, and 2000Greetings.com, amongst others.

This time around, the domain name being used by these scammers is Greetingcard.org, which is a legitimate site of The Greeting Card Association, a greeting card industry trade association. This organization makes no bones about it when it says on its website, “We do not publish cards, nor do we have an e-card pick up. If you receive an e-card notification from our association, it is fraudulent and should be deleted”.

Read the rest of this entry »

Over the past three years a powerful Trojan maintained by a cybercrime organization has been responsible for stealing the usernames and passwords of nearly half a million bank accounts and nearly as many credit card numbers. Researchers captured some of the Trojan’s (known as Sinowal, Mebroot or Torpig) code and used it to track down its drop server full of the stolen information. Further research showed it’s been active since early 2006.

The Trojan works by waiting for the user to enter the URL for a banking or credit card site. Once it senses one, it replaces it with a fake one that captures the user’s details. So far it’s known to have the ability to sense nearly 3,000 different URLs, and is not detected by most anti-virus programs. It does this by using a rootkit to infect a PC’s master boot record, making it practically invisible.

Read the rest of this entry »

 MillerSmiles.co.uk is one of the internet’s leading anti-phishing sites, maintaining a massive archive of phishing and identity theft email scams.  This organizations provides the latest information on phishing scams.  MillerSmiles.co.uk actually keeps its phishing database updated from contributions from people around the world, including email administrators.

Read the rest of this entry »

French president Nicolas Sarkozy is a victim of a phishing scam. French officials confirmed yesterday that he had money stolen from his bank account after inadvertently giving scammers his username and password through what was later found to be a phishing email.

           “[This] proves the system of Internet checking is not infallible,” French secretary of state for consumer affairs Luc Chatel said. “These cases are sufficiently rare that we haven’t had to really organize ourselves, but [are] sufficiently serious for us to reflect on how to improve the system.”

President Sarkozy filed a complaint with police and an investigation is ongoing. The specifics of the attack haven’t been released and officials say the president’s bank could face sanctions if it’s found their security procedures, or lack thereof, contributed to the hacker’s attack.