- Recent
- Popular
- Tags (1)
- Subscribers (7)
- Caveat Emptor: Watch Out for Phantom StoresYesterday
-
Most people are proud to say they would never fall for a phishing scam, that they would never give their personal and financial information away at fake banking sites, just because someone asked them to in an e-mail. But how many people will use that same common sense when a too-good-to-be-true bargain presents itself at a no-name online electronics shop?
A slew of fake electronics sites, some of them apparently being promoted by major online search engines and comparison-shopping sites, have been swindling consumers out of cash and credit card numbers for several weeks. The Web sites are confusingly named after legitimate electronics and clothing shops in the United States. All say they accept major credit cards and PayPal, and some carry seals boasting that they are "hacker safe."
But customers who order something from these sites soon find their accounts charged increasing amounts for unauthorized transactions.
Regina Arndt, owner of harborelectronics.net, a small repair shop in Hoquiam, Wash., said she has been receiving angry phone calls and e-mails from people who thought they had purchased items at harbourelectronics.com (pictured at left), a bogus consumer electronics store that lists Arndt's physical address, phone number and e-mail in its contact information.
- Spamhaus: Google Now 4th Most Spam-Friendly ProviderJanuary 5
-
Google's free services are being heavily exploited by spammers to redirect visitors to sites touting knockoff designer drugs and scams, according to the latest rankings from Spamhaus.org, a group that tracks unsolicited commercial e-mail.
Last month, Security Fix called attention to Microsoft's persistent ranking on Spamhaus's running list of the "Top 10 Worst Spam Service ISPs". Now that Microsoft has cleaned up its act, it appears the bad guys are moving on to Google, which is now ranked #4 on the list (#1 being the worst).
"Microsoft got rid of the bad guys, and off they went to Google, which is now hosting a lot of the stuff that was on Microsoft's domains," said Richard Cox, Spamhaus's chief information officer.
Other Internet providers, including Sprint and Verizon, currently round out the #8 and #10 slots on the Top 10 list, respectively.
According to Spamhaus, spammers are using Google Documents to host pages that
- Phishers Now Twittering Their ScamsJanuary 5
-
Phishers are trying to trick Twitter users into forking over their user names and passwords by sending tweets that direct users to fake Twitter login pages, security experts warn.
Update, 7:31 p.m. ET: Twitter now says that in an unrelated incident,
the Twitter accounts for president-elect Barack Obama and 33 other notables were compromised by an individual who hacked into some of the tools the company's support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. More on that incident from a new post on the Twitter blog.Original post:
Blogger Chris Pirillo spotted the Twitter phishes on Jan. 3, after receiving a tweet that asked him to log in at a counterfeit Twitter site called "twitter.login-access.com" (it's probably best to avoid visiting this site, which is still active as of this writing.)
Suspecting that access-logins might be a domain used by phishers to scam any number of popular online brands, I ran a reverse lookup on the Web site name. While that domain appears tied to just this one scam, the Internet address tied to that domain - an address in China - is currently home to a number of other phishy domains that include misspellings of popular social networking sites, such as:
- One Weak Link to Rule Them AllDecember 30 2008
-
It is said that any security system is only as strong as its weakest link. A team of researchers today proved that point yet again, showing the world how they could use known weaknesses in the encryption technology that protects online transactions to undermine the security around e-commerce.
washingtonpost.com ran an in-depth story I wrote about their findings, along with a sidebar explaining the weakness in a bit more detail. Long story short:
An international team of security experts (pictured at right, thanks to Alexander Klink) showed that they could undermine the system most of us rely on to secure our online transactions, so that even though the browser indicates your connection is encrypted (Web browser address starts with "https://") and vetted by a third party to be secure and authentic, it may in fact be controlled by an attacker offering up a counterfeit Web site designed to steal your information.
Web users
- Beware Holiday e-Greeting Cards, Digital HitchhikersDecember 26 2008
-
Cyber crooks are once again blasting out fake holiday e-greeting cards in a bid their special kind of cheer. Also, there are signs that computer viruses may again be piggybacking on digital photo frames and other data storage devices that make popular holiday gifts.
E-greeting scams are hardly new, but they tend to increase around major holidays, probably because consumers are more receptive to opening them at these times and because more people are home in front of their computers.
Most of these e-greeting scams try to foist malicious software by claiming the recipient needs to install some application in order to view the card, such as Adobe's Flash Player. Almost invariably, the downloaded program isn't a legitimate add-on, but malware.
According to Symantec, some of the fake e-card domains being used in this scam include (please don't visit any of these sites):
* [http://]itsfatherchristmas.com
* [http://]bestchristmascard.com
* [http://]whitewhitechristmas.com
* [http://]christmaslightsnow.com
* [http://]freechristmasworld.comMost legitimate e-greeting card vendors will include a code in the message that you can enter at their Web site to claim your card. If you believe an e-greeting message is legitimate, avoid clicking on links in the message, and instead, type the name