Stop Spam Mail. Org

First we had phishing, now we’ve got pharming — a newer buzzword in Internet scams and a computer attack threat that’s especially dangerous for people who use home networks. Why? Because even the best anti-virus software and firewalls can’t detect or stop pharming once it hits your system.

A four-month investigation into the inner workings of the phishing scourge that drives identity theft attacks has uncovered an underground ecosystem of compromised Web servers, do-it-yourself phishing kits, brazen credit card thieves and lazy code copycats.

How many of us click on the links sent to us by trusted friends? Does the trust implicitly extend to the links they are sending? This trust is precisely what phishers take advantage of. Traditionally phishers have mainly used instant messaging (IM) and email to take advantage of the average user.

iT security and control firm Sophos is warning computer users to be extra vigilant about any emails which claim to come from financial institutions, no matter how genuine the correspondence appears. The warning comes as customers of a small credit union, Kessler Federal, are being targeted with phishing emails that attempt to cash in on […]

It is surely of no surprise, especially to regular readers of our Weblog, that not only banks are targeted by phishing attacks, but nearly anything that can be scammed. We already commented on the rise in attacks targeting virtual worlds and especially massively multiplayer online role-playing games (MMORPGs) in earlier posts.

A new spear phishing attack is targeting the email accounts of US university students. Researchers at Sans Institute said that the attacks are disguised as messages from administrators performing a ‘database update’.

The latest information on phishing indicates that fraudsters are increasingly using malicious software to direct users to their deceptive sites. The Anti-Phishing Working Group (APWG) said in a new report Thursday that it saw a sharp rise in November in malware that directs users to DNS (Domain Name System) servers controlled by phishers.

ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS.The use of domain names in most phishing is relatively crude, You see a lot of names like www.somefreewebsite.com/~ingrid/www.bankofamerica.com/…. Theres no SSL, and the tricky part of the domain name is off to the right. A user would […]

Cybercrime is going upscale. Criminals are not just putting together bigger botnets–more than a million computers in some cases–they are also adopting the principles of modern marketing to get their products onto your users’ computers. This has implications that will be coming soon to thousands of mailboxes near you.

Somewhere in St. Petersburg, Russia’s second biggest city, a tiny startup has struck Internet gold. Its dozen-odd employees are barely old enough to recall the demise of the Soviet Union, but industry analysts believe they’re raking in more than $100 million a year from the world’s largest banks, including Wells Fargo and Washington Mutual.

A bogus email is circulating that says it is from the Federal Trade Commission, referencing a “complaint” filed with the FTC against the email’s recipient. The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not […]

Apparently it’s not just unwary individuals that fall victim to online scammers. Even large corporations, it seems, can get suckered into parting with their money by devious phishers. Case in point: Eden Prairie, MN.-based grocery chain Supervalu Inc., which earlier this year got conned into depositing more than $10 million into two fraudulent bank accounts […]

The registry for the new .asia TLD (top-level domain) plans to ban domain names that are consistently used for phishing sites. DotAsia Organization Ltd. has agreed to implement a policy to ban domain names associated with phishing, said Laura Mather, of the Anti-Phishing Working Group (APWG), a consortium of companies and government groups that studies […]

Carnegie Mellon University is researching the best ways to educate e-mail users about the dangers of phishing, such as how to distinguish the URL of a fraudulent Web site from a legitimate one. Not exactly rocket science…or is it?

"A campaign’s ability to understand the Internet and protect itself is directly proportional to its investment in staff who understand it," said Andrew Rasiej, founder of the Web site TechPresident.com. "They don’t even think of it," he said, adding that the lack of precautions is a "symptom" of how poorly the Net is understood in […]