National Webcast Initiative
Are YOU The Weakest Link?
(What To Look For And What To Do)
October 19, 2004
Read More about the Latest Threats Online
************************************************************************
OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 1, No. 10. || October 15, 2004
************************************************************************
Major threat this month:
Phishing has gone Wall Street. Securities regulators were
warned on September 27, 2004 about phony email being sent by Smith Barney that
were seeking account information from customers of the brokerage unit of Citigroup
Inc. The solicitation is a fake, according to Securities and Exchange Commission
officials.
Read the full story here:
http://www.smartmoney.com/news/on/index.cfm?story=ON-20040927-000872-1848
************************
What To Avoid This Month
I.Email from people trying to get you to divulge private details.
These are often trying to steal your identity (and your money)
I.1 Phishers Are Getting Together
I.2 Scam of the Month
I.3 AT&T - Credit Card Declined
I.4 Wells Fargo - 'Wells Fargo Customer Support: Transactions security standards update.'
I.5 'Verify your billing information at Earthlink.'
II. Virus/Hoax Alerts
II.1Backdoor-CCT
II.2 W32.Netsky.ag@mm
III. Interesting links about Phishing
IV. FTC Goes Phishing, Nails Scammer
******************************
More Details About Things To Avoid
I. Email from people trying to steal your identity (and your money)
I.1 Phishers are getting together:
If Citibank thought it had trouble before, just wait. The bank has the uncomfortable distinction of being the legitimate business most abused by phishers.
Read more on this at: http://www.internetnews.com/security/article.php/3398181
I.2 Scam of the Month:
They sometimes try to trick people by using a URL for a fraudulent site that looks real. This trick has been around for some time; however, it continues to be a popular way to fool unsuspecting people.
Some recent examples of fraudulent URLs:
banking-account-renewal.com
citibank-validate.info
com-confirm.us
paypal-updates.info
ssl-verification.com
ssl-verification.net
secure-ebay.com
security-update.info
I.3 AT&T - Credit Card Declined:
The bait: The fraudulent email is received from AT&T stating that your credit card has been declined and your account needs to be updated. What it tries to make you do: When you click on the link you are presented a fake sign-in window which would have been more convincing if not for the misspelling in the first line of text and, of course, the IP address in the address bar.
Where you can see how it actually appears: http://www.mailfrontier.com/threats/advisories/2004-07/04072207_att/04072002_advisory.html
I.4. Attn: Wells Fargo Customer Support
The bait: "Wells Fargo Customer Support: Transactions security standards update (code ...)", random numbers after 'code'
What it tries to make you do: Getting victim's ATM card information and email address.
Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/10-13-04_Wells_Fargo(Wells_Fargo_Customer_Support)/10-13-04_Wells_Fargo(Wells_Fargo_Customer_Support).html
I.5 Verify your billing information at Earthlink:
The bait: "We've encountered a problem due to the fact that we could not verify the data that you provided... To verify your information please follow the link..."
What it tries to make you do: Click on a link and tell them all your credit card information as well as all your personal information.
Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/10-12-04_Earthlink(Verify_your_billing_information_at_Earthlink)/10-12-04_Earthlink(Verify_your_billing_information_at_Earthlink).html
II. Virus/Hoax Alerts:
II.1 BackDoor-CCT
The malicious program targets applications with specific strings in the window title so it can capture the keystrokes the victim uses when doing an online financial transactions.
It opens a backdoor on the victim’s machine, and also steals data from the machine:
- email passwords
- application passwords (e.g. FAR manager)
- WebMoney data
- logged keystrokes
- clipboard dataWhere you can read more information on this: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101172
II.2 W32/Netsky.ag@MM
This particular variant of W32/Netsky is very similar to previous variants. Here’s what it does:
- constructs messages using its own email engine
- steals email addresses from the victim machine
- spoofs the From: address of messages
Where you can read more information on this:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=128905
III. Interesting Links about Phishing:
What is phishing? - A Word Definition from the Webopedia Computer Dictionary http://www.webopedia.com/TERM/p/phishing.html
How Not to Get Hooked by a ‘Phishing’ Scam http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
Think you can't get caught in the "phishing" net of online fraud? Then take this simple IQ test and see how you do. You might be surprised. http://survey.mailfrontier.com/survey/quiztest.html
IV. FTC Goes Phishing, Nails Scammer:
Even though this happened last year we thought it important to let you know that they are catching these people and what they are doing about it. We will try to bring you more up-to-date information in the next issue.
The Federal Trade Commission (FTC) has agreed to settle Internet fraud charges against a 17-year-old male charged with using hijacked corporate logos and deceptive spam to con consumers out of credit card numbers and other financial data. If approved by the court, the defendant, a minor, will be barred for life from sending spam and will forfeit his $3,500 in profits from the scam.
Where you can read more on this story: http://www.internetnews.com/xSP/article.php/2238431
==end==
Copyright 2004, The SANS Institute. Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product.
-