TrendLabs report shows phishing scams blossomed this holiday season.

Tis the season, after all. The season of giving. The season of sharing. The season of buying with PayPal. The season to hurriedly check one’s email and click on links without thinking.

Or so it would seem according to anti-virus software maker TrendMicro. According to their research, phishing, black hole exploits and electronic pilfering of all kinds spiked during the 2012 Christmas season. And color me shocked! PayPal gets the hands-down biggest number of exploits. Including mobile:

Mobile users, unfortunately, are not exempted from this swath of online threats. [click for link] is an example of a spoofed PayPal for Mobile site that users should be wary of. Because mobile users will typically not see the whole URL, users may readily think that they visited the legitimate website.

It is easy to blame PayPal for the persistent problem of bank security online and it is certainly true that they’ve had their lackadaisical response to security issues in the past. But at this point, PayPal represents one of only a handful of high-profile payment gateways that can be used to dupe users.


Twitter is asking you to reset your password. Do it.

Every once in a while, we go through this. For one reason or another, Twitter asks to reset your password. Typically, they only send out emails asking you to do this when the situation’s gotten pretty wide-spread, and per TechCrunch, that is exactly the case with Twitter’s last set of emails.

Here is a copy of what the email looks like:

Hi, [name]

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.

You’ll need to create a new password for your Twitter account. You can select a new password at this link:…

As always, you can also request a new password from our password-resend page:

Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).

In general, be sure to:

  • Always check that your browser’s address bar is on a website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
  • Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
  • Review your approved connections on your Applications page at If you see any applications that you don’t recognize, click the Revoke Access button.

For more information, visit our help page for hacked or compromised accounts.

The Twitter Team

The first thing that jumps out at me is: why the hell is Twitter sending out emails with links to reset your password? That’s like the phishing-est phish that ever phished a phish.

But what caused this problem in the first place? Well, the servers might have gotten hacked or something like that. But these are probably the least-likely scenarios.

The simplest answer is that some very popular web service that uses Twitter login was compromised. If you use Twitter to log into, say, Huffington Post and they subsequently get hacked, the permission you gave them to your account may be sufficient to allow them to tweet or DM on your behalf.

Another possibility is a wide-spread dupe site, such as those that fool users with “vanity phishing” DMs, may have gotten particularly active.

Regardless of whether this is an internal or external problem for Twitter, it is probably in your best interest to reset your password. Even if you haven’t gotten the email.

AND EVEN IF THIS EMAIL IS LEGITIMATE, NEVER, NEVER, NEVER CLICK LINKS IN EMAIL! Go to Twitter directly and reset your own password. Email links are just way, way too dangerous.


Seven busted in elaborate Internet click-hijacking scam

The FBI announced in a statement today that they have arrested six suspects and are seeking another in Russia over what they allege is a sophisticated scam involving redirecting computers infected with a virus to sites where the suspects would be paid for clicks. The FBI says some 4 million computers world-wide including 500k in the US were infected with the group’s virus, generating an estimated $14 million in click cash.

The scheme involved using “rogue” DNS servers, which are servers whose role on the Internet is to tell requesting computers where to find the correct web servers. The arrest is being called the biggest take-down in Internet history.

The basics of the alleged scheme work like this: an infected computer is used to search for something and is sent to the search engine like normal. However, when the user clicked on any search result, they were routed instead to a site that was paying the scammers per click. This involved not only fraudulent rerouting of the user, but also loss of revenue for the search engines in question, because the affected links sometimes included the paid advertisement links at the top of Google and other search engines. The scammers also were able to swap out advertisements on websites such as the Wall Street Journal with their own paid links.

For full details of the investigation, read the FBI press release below:

FBI — Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business.


The #NSA and #FBI investigating the #Google #China hack claims

From CNet Security today we learn that the FBI and the NSA (at minimum, there are doubtless other agencies involved) are looking into the Google claim that a phishing scam of Chinese origin was targeting US government officials. Google’s claim also specifies journalists and activists have also been targeted, though this article does not specifically deal with those claims:

Feds investigate alleged attacks on Gmail accounts | Security – CNET News.

The official statement from the National Security Agency is a bit of a dodge, actually:

“Speaking on behalf of the U.S. government, we’re looking into these reports and seeking to gather the facts,” Caitlin Hayden, deputy spokesperson for the National Security Agency, told CNET today. “We have no reason to believe that any official U.S. government e-mail accounts were accessed.”

Notice that official government email accounts would not be administered by Google or gMail, so of course they would not be directly affected. That is not the same thing as saying that US officials with private email accounts didn’t get hacked, or that the information they shared with others on that account isn’t of a sensitive nature.

For its part, China seems to be acting rather punchy, especially considering the fact that Google’s statement does not imply any specific government involvement in the hack. In fairness, though, announcements of hacking attempts don’t normally include the specific city and country of origin. So the question becomes what, if any, Chinese government buildings are in Jinan, China?

Add to this the official Pentagon announcement that it will declare cyberattacks to be acts of war and you’ve got a somewhat scary escalation in the Internet realm. Not that I think cyberattacks will escalate to full-scale war, but a purely network-based “cold war” could tie up billions of dollars of Internet trade, which is not good news for economy.


Look Alive: The Latest Holiday Email Scam

Those of you who read this blog know I try to post any suspicious emails I see online for the benefit of the community.  I’ve been recieving emails lately – which correspond quite well with actual purchases for the holidays – that purport to be from UPS.  The body of the email goes something like this:

Unfortunately we were not able to deliver postal package you sent on Oct the 28 in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office Your UPS

The sender’s domain name is, which is a legit domain name, but unlikely to be the sender’s real domain.

The “invoice” in question is, of course, a zip file.  People: never, never, never open a zip file from someone you didn’t know was going to be sending you one.  This includes friends and relatives.  You never know when one of these dastardly little bastards is a virus, and what you think is an email sent by a friend may actually be virus activity your friend knows nothing about.

Uncategorized Phishing Scam

Folks who read this blog know: when I find them, I report them.

There seems to be a new attack on users, both employers and job seekers, aimed at spoofing their name for whatever purposes. I got the email in my mailbox today and will be dutifully informing CB of the problem once I’m done posting this to the blog. The email redirects to a address.


Dear employer

Due to a recent security breach in the Careerbuilder computer system, a new set of terms and conditions has been issued.
In order to guarantee the security of your Careerbuilder account , we need you to login over a secure connection and confirm your user and password,
by clicking the link below.After the process is completed, your account will be secured as stated in the new terms of use.

Please click on the link below and login in order to accept the new terms and conditions that have been issued ( Online Access Agreement Update ) :>

After completing this process, you will be redirected to our new terms of use.

Thank you

�© Careerbuilder Limited. Use of the information contained on this page is governed by federal law and is subject to the disclaimers which can be read on the disclaimer page.


Yet Another PayPal Phishing Scheme

Those of you who check this site often know I track such things. This one is an interesting one, in that it looks for all the world as though you just bought $400+ worth of Creative sound equipment, and then gives you a nice, fancy “Cancel this transaction” link, which of course goes to the phisherman’s cove. The body of the scam email is contained after the flip, as is the registrant information for the offending domain, in case you want to give him a jingle. As always, I have reported this email to PayPal and recommend you always do the same.

Citi Bank Phishing Scam

Citi Bank customers and others, beware! There is a domain called moving some kind of phishing scam through the Internet of which I have been recently made aware. The body of the email reads as follows:

Important Information Regarding Your Citi Bank Credit Card
Dear CitiBank Client ,

This is your official notification that the service(s) listed below
will be deactivated and deleted if not renewed immediately. Previous
Notifications have been sent to the Billing Contact assigned to this account.

As the Primary Contact, you must renew the service(s) listed below.

SERVICE: Citi Bank Credit Card
Expiration Nov 1st 2007

What you need to do:

It’s easy to renew your Online Banking Services by click on the link bellow :

– Go to Account Login
– Update/Verify Your Information

Citi Bank 2007

Try m-Product, Like m-Product, or else I’ll Sue yr-Ass

Yes, we’ve all seen this boy: John Scherer, CEO and founder of Video Professor, the series of DVDs that claims to teach you how to use a computer. And he always ends his commercials with the catch-phrase (of sorts), “Try m-product?”

Well, apparently, he’s only interested in you trying his product, he’s not at all interested in you reporting back what you thought of the product to anyone else. If you do, he’s apparently ready to sue each and every last one of ya:


Interesting Info:* A direct quote from the Video Professor website reads, “Any company can say good things about its own product, but the real proof of product quality is when customers speak out about its excellence.”

* Ironically, Video Professor is suing its own customers, despite the aforementioned quote

A website and public consumer advocacy group called “” is getting sued for allowing people with what appear to be legitimate gripes against the company to voice them to the world. This article goes into detail with all the hidden fees and unordered but charged-for mystery DVDs people are experiencing.

So we’re clear, this all looks terribly familiar to me. When I was out of work recently, I was introduced to a website offering free business cards, so I signed up. I couldn’t tell ya the name of that site, now. After ordering the cards and getting them, I started getting mystery charges all over the place, and as it turned out, some shady “check-box magic” on the order form gave this scam enough quasi-legitimacy to avoid litigation from scammed folks all over the globe. I suspect the same thing is in play here.

Technorati Tags: ,

Cuomo Investigating, Facebook Red-Faced

Across the country, attorneys general are sniffing around Facebook and MySpace, looking to crack down on pornography and sexual predators.  Unfortunately, Facebook has taken to bragging about it’s privacy over MySpace, and that’s led to some red-faced explanations of why complaints about porn and predation have not been followed up on:

Facebook’s safety disputed || Democrat & Chronicle: Local News

“My office is concerned that Facebook’s promise of a safe Web site is not consistent with its performance in policing its site and responding to complaints,” Cuomo said in a statement. Facebook spokeswoman Brandee Barker said Monday that the states’ concerns are being taken “very seriously.” . . . Founded in 2004, Facebook started as a social network for teenagers and college students, but in 2006, the site was opened to anyone. The company has boasted about its efforts to keep its sites private and safe.

Andrew Cuomo is right to be looking out for kids on the Internet, and if there’s reason to improve safety on Facebook, I’m all for it. However, this is an apples-and-oranges comparison: privacy and identity security as opposed to safety for minors.  

Blog Comment Phishing Scam

OK, guys and girls in the blogging community, lend me your ears and shit.

There seems to be a new scam in town, of which I am hot on the trail. I’m asking those of you who blog to pay particular attention to this one, because it affects your blog and is the kind of thing you could potentially be held liable for. I was browsing through my moderation queue and found this one, so have a look at yours, eh?

Hard-Core PayPal Fraud Alert!

Look out, everyone.  Phishing just got a whole new look, and it’s beginning to look a lot like PayPal:

broadband ? Forums ? Spam, Scam and Charge Busters ? [Phishing] ALERT!! New Vicious PAYPAL phishing

Within 72 hours one of these Paypal phishes has ensnared over 1,100 victim accounts. It was targeted by multiple spams that used various referral links on hijacked machines. In the two years that I have been digesting and extracting phish data, I have never seen any that came close to 1,100 victims in a little over two days. In fact, I have never seen anything even close to that rate regardless of the up-time or the phish type. As far as I am concerned this is a record.

Technorati Tags: , , ,

powered by performancing firefox