MX Lab detected a large new campaign targetting Facebook users. The campaigns combines phishing techniques with the download of malware and a PDF exploit from the web site.
The phishing campaign has the same characteristics of the previous campaign that we have posted:
Facebook account update (part 1)
Facebook account update (part 2)
The message is being sent from the spoofed [...]
December 8, 2009
Categories: Phishing, Viruses . Tags: facebook, Malware, Phishing, trojan, virus . Author: mxlab . Comments: 2 Comments
Social networks are often subject to phishing and today MySpace is the target. MX Lab intercepted some messages from MySpace <message-*********@message.myspace.com> – where * stands for random letter and number combination. The from address is obviously spoofed.
The body of the email:
Dear MySpace user!
Please be informed that you are required to update your MySpace account.
Please update [...]
November 10, 2009
Categories: Phishing . Tags: myspace, Phishing . Author: mxlab . Comments: 1 Comment
Yesterday MX Lab reported regarding a phishing email that has no URL but instead an attached HTML document with a web form included. Since then we see more similar cases and also PayPal is subject to this technique. The senders address shows us “www.paypal.com” <service@paypal.com> but this is spoofed. The email was sent from 69.128.90.226, an [...]
November 9, 2009
Categories: Phishing . Tags: paypal, PayPal phishing, Phishing . Author: mxlab . Comments: 1 Comment
In almost every phish email there is an URL leading to the phishingsite where you are asked for a login, password and other personal information. With the latest phish targeting Banca Agricola Popolare di Ragusa the URL is not inside the email but there is an attachment in HTML format. The goal of this trick [...]
November 8, 2009
Categories: Phishing . Tags: Phishing . Author: mxlab . Comments: 2 Comments
After a virus campaign, MX Lab now also intercepts a phishing campaign targetting Facebook users.
The From address is obviously fake and not related to Facebook in any way. This email in particular was directing users to the phishing site hxxp://www.facebook.com.saxzask.me.uk/globaldirectory/LoginFacebook.php?ref=******&email=info@****.com. Unfourtunalty, this host was already down when visiting so we didn’t had the chance to [...]
October 30, 2009
Categories: Phishing . Tags: facebook, Facebook phishing, Phishing . Author: mxlab . Comments: 6 Comments
MX Lab is intercepting phishing messages that target PayPal users. The email comes from the spoofed address
“Pay Pal.Inc” <Account0909Sur@pay.com> with the subject “Confirm refund request – Identity Verification”.
The contents of the email:
Dear client,PayPal
CONGRATULATIONS!
You have been chosen by the Online Department to take part in our survey.
In return we will credit $99.0 to your account [...]
October 23, 2009
Categories: Phishing . Tags: paypal, PayPal phishing, paypal phishing survey, Phishing . Author: mxlab . Comments: 1 Comment
Today, Google Adwords is subject to a phishing campaign. MX Lab intercepted several messages stating that there is an issue with your Google Adwords account.
The message appears to be coming from Adwords@google.com but this address is spoofed. The orgin is from User localhost (127.0.0.1) with the connection IP 128.175.13.92 and listens to the host name [...]
October 1, 2009
Categories: Phishing . Tags: Adwords phishing, Google phishing, Google Adwords, Phishing . Author: mxlab . Comments: 1 Comment
At MX Lab we intercept quite often very good phishing emails. This newest PayPal phishing email came to our attention because it contains a false order and payment transaction in order to mislead the intented receiver.
The intented receiver will open such a message and notice that a payment has been done towards, in this case, [...]
September 27, 2009
Categories: Phishing . Tags: paypal, phish, Phishing . Author: mxlab . Comments: Leave a Comment
One of the latest phishing emails with the subject “PayPal Forma ID PP697″ caught our attention because of the fact that it included a complete HTML form inside the email. The phishing is regarding a refund request and the amount would be transferred to your credit card within 5 or 7 days.
The form seduces you to [...]
June 3, 2009
Categories: Phishing . Tags: paypal, Phishing, scam . Author: mxlab . Comments: 1 Comment
Phishers send out a warning regarding a country-wide phishing attack and use the Federal Reserve Bank as the origin. The email is sent from Corporate Banking Alert <cmsupport@federalreservebank.com> – this is spoofed because the real SMTP From address is quite different.
Some subject samples:
Federal Reserve Bank – Urgent Security Notification
Federal Reserve Bank – Customer Service Notification
Body [...]
May 13, 2009
Categories: Phishing . Tags: Federal Reserve Bank, Phishing . Author: mxlab . Comments: Leave a Comment