Tag: phishing

TinyURL entices the malevolent

Sarah Perez:

TinyURL, one of the most popular URL-shortening services (although not our favorite) is now being used by cybercriminals to redirect web surfers to pages that contain viruses, trojans, and other sorts of malware. According to Finjan’s Malicious Code Research Center, these criminals are using the service to avoid having their web sites flagged by the Safe Browsing mechanisms built in to modern web browsers like Mozilla Firefox and Google Chrome.

Of course, even if the sites were otherwise safe from infectious files, the URL shortening services can still be used to obscure phishing attempts – people don’t pay much attention to URLs they click on as it is, let alone what winds up in the address bar. Further, I look at the safe browsing services as a crutch for prudent internet use – much as anti-virus software is only as good as the definitions within, the same goes ‘safe browsing’. A few warning messages later people think every site without one is safe. But they don’t call them ‘drive-bys’ for nothing.

I don’t click on shortened URLs from anyone I haven’t shaken hands with, or doesn’t have a lot to lose in terms of the interwebs popularity contest if they slip up. And that goes for links in emails, websites, and on services like Twitter.

Changing the world: one app, one bubble, one ID, and one margin call at a time

Having 2,000 feed items stuffed in one’s reader when returning from even the shortest vacation has me thinking about how to put said reader on vacation as well.

  • MySpace and Facebook apps suck. That’s not what they really said, but The Silicon Alley Insider did point out how little they might really be worth. I’ve got no experience with MySpace apps, and my only brush with Facebook apps was getting some notification that a friend had installed one and I should do the same. My first impression – I’m getting spammed (and others share that feeling). I would never react to such a notice again, even if I was an active Facebook user. Hence, they are worthless to me too (or maybe I’m just worthless to marketers). Also of note: based on their numbers Facebook should be worth something in the neighborhood of $850 million.
  • The New York Times infers that things are getting overheated in Silicon Valley. I disagree – I think a lot more bets are being placed on a lot more companies, and I suspect those bets are generally a lot smaller than post-Bubble 1.0. There may be a lot of duplication of effort going on, but the best execution in each category is going to turn out a winner. The money is just trying to find each of those winners. Meanwhile, TechDirt had its take on the Dallas Cowboys backing out of a domain purchase, but I says its a simple matter of the rest of the world not paying much attention to the chaos.
  • Commodities traders are in short supply. As a general rule, the commodities business also retains far fewer numbers than its big sister on the securities end. I think the actual registered headcount via the CFTC is less than 200K, while the NASD numbers hover around 800K. Someone throw me a bone on those numbers (and if anyone needs a Series 3/30, drop me a line).
  • OpenID gets a victory in the fight against phishing, as well as some competition. I think the first part is great – now the challenge is getting anyone and everyone to embrace Information Cards. On the latter, I’m going to bet it’s a non-starter – too little, too late. Despite being widely embraced, even OpenID is having slow goings regarding consumption (both in systems and people). More power to SlashID if they can be more effective on that end, but I’m skeptical.
  • After consuming this, I dropped TechMeme from my reading list. I guess I can just read each of these every morning from here on out. That, by the way, is a joke.
  • Seems that debt problems extend beyond the government, those bought out, and even mortgagees. I thought much of the last year’s rally was purely cash-driven, but I guess I was wrong. Personally, I only use my margin account for short selling.

I think that covers last week.

Phishers target MySpace

I wish I had a catchy headline like the one the Associated Press pushed: MySpace Users Big Targets for ID Thieves – unfortunately I don’t really consider stealing someone’s MySpace account a form of ID theft.

Unless MySpace users are posting their credit card and banking information, their SSN, or other such details on their MySpace page, this is more of a hassle than a threat, and one that MySpace could easily warn users about. Then again, users post just about everything else, so maybe I’m way off base here.

At least MySpace users have strong passwords – let’s hope they keep it that way when they have to repeatedly change them.

UPDATE: Slashdot notes that social networking users have already ruined their privacy. I concur.

US Defense Department goes plain-text

The US Department of Defense has started blocking HTML email, and gone a further step by banning the US of Outlook Web Access for email. (h/t to Slashdot)

It’s part of a heightened security alert protocol, and how long this will last is anyone’s guess. I’ll bet it is a permanent move to thwart phishing attempts, but with spammers’ tactics changing, I’m not sure how much it will help.

A clever eBay phishing attempt

We’ve seen them before, but let’s take another peek. This one is clever indeed.

Seth Godin gets phished

You are not alone – even marketers get phished.

Some quick answers for Seth:

Yes – it’s criminal and the purveyors of the messages know this or they wouldn’t be masking header information and hitting the send button from run-down trailers in the woods;

Yes – it’s different then robbing a bank, because robbers usually carry guns and guns kill people – spam just aggravates them;

Sorry – this mail is nothing new, and not particularly sophisticated.

The end.

Phishers pulling a “Jacques Cousteau”

When I was young, rainy days meant tele-time. Unfortunately for my social skills and sense of humor, the TV was invariably pointed (by an adult) to some educational programming. My favorite wound up being Jacques Cousteau’s adventures – that guy knew oceans, and I was already a pretty competitive fisherman. I figured I might learn something useful about fish, even if Jacques was more interested in preserving them and I was more interested in landing them with an 8-weight.

Now there are plenty of fly fishing shows on TV, yet my time in front of the tube is limited to CNBC as background noise in the office and absorbing the bullshit unbiased commentary from Sunday morning political pundits. Nevertheless, 21st century phishers seems to be taking a page out of my adolescent playbook as their attacks are getting much more concerted, and security experts expect it will only get worse.

I doubt AT&T would disagree right now.

Phishing for tinfoil hats

I’ve heard of targeted phishing exploits, but this is getting out of hand.

A new phish is circling the waters that purports to be from a dying KGB agent who knows who was on the Grassy Knoll. Did the Russians assassinate JFK? Sophos is blaming the whole thing on the Nigerians. No way – the scam is from a fundraising group related to the Jamaican bobsled team, and everyone knows the indigenous tribes of Waba Waba shot our President.

Phishers show their love for eBay and Co

According to recent report by Sophos, phishers are persistently targeting PayPal and eBay users. The reason? Ubiquity of the services. eBay is available in 27 countries, and I doubt there are many people who haven’t bought, sold, or at least browsed for goodies.

That’s a big market to go after. Add the fact that there are probably a lot of casual internet users (i.e. not so technologically sophistiicated) on eBay, and you have a big, targeted market for phishers.

I love stating the obvious.

VoIP phishing threat isn’t about VoIP

As if we didn’t have better things to worry about, now we get to wonder whether an announced security threat is really a threat. The latest case to be overblown (or simple shilled) is that of VoIP phishing. The process has been labeled “vishing,” and portends danger from scammers using voice over IP to steal credit card information.

Unfortunately, VoIP isn’t the issue – it is the naivete of the person on the other end of the line. Telemarketing has long been a staple of scammers, dialing little old ladies to separate them from their social security money over a new home awning thingamajig or water purification doohickey. VoIP is being targeted because phone numbers, which are used for forwarding calls, are a little easier to come by and slightly more anonymous. Still, a VoIP number won’t be used any longer that the land line formerly connected to a bank of phones for the old time stock pump and dump shops.

Target credit card holders with a sense of false charges isn’t the only game being played out there either. The same is being done to PayPal users, only mention of VoIP is nowhere to be found in that news.

My notion is scammers are returning to their roots. They know online threats are well publicized, and that those people willing to pick up the phone are likely less inclined to have heard about them, and more inclined to follow through on some form of disclosure. Like the little old lady buying that new fangled inflatable porta-shed, sight unseen.

End note: It wouldn’t surprise me if the telcos were cheering on these VoIP “threat” announcements either.