Search Scamdex & Scamalot
An Email with the Subject "Scamdex, Internet Scambusters Newsletter #297, 8-20-08" was received in one of Scamdex's honeypot email accounts on Wed, 20 Aug 2008 01:02:58 -0700 and has been classified as a Generic Scam Email. The sender shows as "Scambusters Editors" <reply@scambusters.org>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be added to their email address lists for spam purposes.
<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<> Internet Scambusters (tm) The #1 Publication on Internet Fraud http://www.scambusters.org By Scambusters Audri, Jim and Keith Issue #297 August 20, 2008 <>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<> Note 1: Easily change your subscription information by clicking the link at the very bottom of this newsletter. Note 2: Please share this newsletter with 3 or 4 of your friends or colleagues who you think will benefit from it. Hi Scamdex, Today we explain two threats: whaling (which is new and currently only affects top business execs), and a scary hack which can affect everyone who visits these compromised large websites. Whaling: After phishing comes "whaling," a sneaky attempt by scammers to hijack the personal computers of top-ranking business execs. We explore this latest form of Internet crime that, for a while, even had the security software companies fooled. We also discover that hackers are attacking corporate websites and embedding them with invisible program code that takes users to malicious sites. So, watch out! Before we begin, we recommend you check out this week's issue of Scamlines -- What's New in Scams? -- here. You'll find two huge scams you definitely want to know about. http://www.scambusters.org/scamlines/22.html Next, you may want to spend a moment looking at this week's most popular articles from our other sites: Answers to 7 of the Biggest Questions About Landscape Photography: An Interview With Jennifer L. Wu http://www.7photographyquestions.com/audio-podcast/ What You Need to Know About Credit Card Debt Settlement http://www.creditcardwhizkid.com/2008/08/considering-credit-card-debt-settlement.html Back To School Shopping: The Parent vs. Child Shopping Spree http://www.consumersavvytips.org/back_to_school_shopping_the_parent_vs_child_shopping_spree.html Three Photography Myths About Nighttime Photography http://hubpages.com/hub/Three-Photography-Myths-About-Nighttime-Photography Now, here we go... <>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<> Whaling? These Scammers Target Big Phish <>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<> Whaling. Bet you thought it was just something that marine conservationists get hot under the collar about. Recently, it's been the NBT (Next Big Thing) in Internet security. First we had phishing, where scammers try to grab personal financial details from Internet surfers. http://www.scambusters.org/phishing.html Then there was vishing, in which scammers try the same thing using cell phone text messaging. http://www.scambusters.org/vishing.html And there's pharming, which hijacks external servers and home network routers to control PCs. http://www.scambusters.org/pharming.html Now, there's whaling. As the name suggests if you think about it, whaling is a variation of phishing. But the targets are a whole lot "bigger" -- like CEOs and other boardroom execs. Apart from the status of its targets, whaling differs from phishing in a couple of very important ways. First, it is not spaham (misspelled intentionally) -- the same message sent to thousands or millions of potential victims. Whaling emails are carefully researched and crafted messages sent to specifically named senior business people. The scammers have discovered not only the individual's personal email address but also other information, like their correct title, direct line telephone numbers and names of other key people in the business. Experts think they bought the information from other criminals online. This kind of individually-targeted mail is known as "spear phishing," though maybe in the case of whaling we should call it "harpoon phishing"! Second, the scammers are not just after their victims' identities. They try to take control of their PCs to get hold of passwords and all sorts of confidential company information. The tricks they use are clever too. In a fairly recent attack, victims at major financial institutions and other Fortune 500 companies got emails that looked like genuine subpoenas from the US Federal District Court in San Diego ordering them to appear in court, in a civil action. The emails provided a link supposedly to download the full subpoena. What it actually did was download keystroke-capturing, data-mining software onto the execs' PCs, while displaying a realistic looking legal document on screen. Here is part of what the bogus email says: --- Begin bogus email --- Issued to: (Individual's name and title inserted here) SUBPOENA IN A CIVIL CASE Case number: 94-621-PGM United States District Court YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States District Court at the place, date, and time specified below ... Please download the entire document on this matter (follow this link) and print it for your record. This subpoena shall remain in effect until you are granted leave to depart by the court or by an officer on behalf of the court ... Failure to appear at the time and place indicated may result in a contempt of court citation ... --- End bogus email --- The US District Court alerted the FBI and issued a warning on its website. The bad news is that nearly half of all antivirus software failed to detect the Trojan malware the link downloaded and thousands of the business computers were compromised. "The success rate was incredibly high," says Stephan Chenette of Websense Security Labs, the company that first raised the alert. There were some giveaways in other parts of the email, however. The scammers didn't always use American English; it was more like British or even Asian variations of the language. And the phony Internet address they used had a .com, whereas US official and court addresses use .gov. Patrick Evans of security software company Symantec says: "Companies and high net worth individuals therefore have to be more vigilant than ever, ensure they are taking all of the necessary measures to safeguard against this threat, and generally, stop and think before clicking on an attachment or volunteering information." In fact, by following the same rules that apply to avoiding conventional phishing, the executives could have stayed safe. In particular, never click on an email link; instead, contact the genuine organization to confirm the document is authentic. Invisible hack attacks Meanwhile, a report published by the UK security firm IronPort warns not only of a big increase in whaling but also of a wave of invisible hack attacks on company websites that could affect any of us who use them. The scammers hack their way onto legitimate websites and embed a small amount of computer code (JavaScript) on certain pages. This cannot be seen by the naked eye and redirects users to a malicious site that downloads harmful programs onto users' computers without them knowing. The big security software companies are updating their programs to detect when this happens. But according to IronPort, some of the blame rests with the firms whose sites are hacked. Product manager Jason Steer says: "Some organizations forget to secure their web servers because the website is not seen as a revenue-generating system but a media avenue, public sector sites especially."
>
Also, check any corporate websites you visit for poor language usage. It's amazing that criminals who are so smart fall down on such a basic issue as getting their words right! That's it for today -- we hope you enjoy your week! - Please Check Out These Offers - They Keep Scambusters Free - - - - - - We Highly Recommend All of These Products - - - - - ----------==========**********O**********==========---------- Looking for a REAL Way to Protect Against Identity Theft? An identity is stolen every 2 seconds -- which is very scary. We've been searching for years for something (free or fee based) we could wholeheartedly recommend to our subscribers. And we've finally found it: LifeLock. LifeLock takes the worry out of identity theft: "We looked at a number of companies and found LifeLock had the best product for protecting people from ID theft plus much more. I wish we had found them before my wife and I recently became victims." - Bobby Joe Harris, Retired Chandler (AZ) Police Chief "I took all the precautions to fight ID Theft but never once thought about my son becoming a victim until he became one. Criminals don't care if you're 2 or 102, as long as they get what they want. "I have now turned to LifeLock to protect my children and only wish I would've known about LifeLock before this happened to my son." - Lisa Terwillegar, Hickory, North Carolina "I have dealt with the results of ID theft for more than three years and read about all the so-called solutions. Until LifeLock came along, I never thought I would see an answer to the problem. LifeLock can stop this crime!" - Paul Fairchild, Edmond, Oklahoma Find out how you can proactively protect your identity and make even your Social Security number useless to thieves. LifeLock is recommended by Scambusters.org. Get a 10% discount and 30 Day Free Trial when you use SCAMBUSTERS code. And be sure to find out about LifeLock's $1,000,000 guarantee. Visit: http://www.Lifelock.com/index.php?promocode=SCAMBUSTERS ----------==========**********O**********==========---------- ----------==========**********O**********==========---------- Are You Sabotaging Your Own Success? Most people do. No matter how close they come, something always seems to hold them back. Truly successful people know what it is, and how to defeat it without struggle. Do you? The good news is there is a simple approach almost anyone can use to make their life a smashing success. "Absolute magic! 'How to Control Your Destiny Through Your Attitude' provides the tools to help you create the life you want for yourself. It's almost hard to believe that it's so simple -- yet it works like a charm!" -- Michele Paccione, DanceGlam .com, Harrington Park, NJ "If you could read only one book to help you transform your life into a smashing success -- this should be it!" -- Bill Heinrich, Founder and CEO, Symmetry Springs If you'd like a real way to improve any area of your life in the next 30 days and achieve what has seemed impossible to you until now -- visit: http://scambusters.org/a/attitude.html ----------==========**********O**********==========---------- ----------==========**********O**********==========---------- "10 Simple Steps To Succeed As An Affiliate For Under $100" If you're looking for a PROVEN way to make money with an online business you can do from home -- instead of wasting your time with pie-in-the-sky, disappointing opportunities that are just hype -- this message is for you. There IS a real way to make money online as an affiliate. It's fast, easy, and you do NOT need a lot of money to get started. This short report will show you everything you need to know to get started now. Visit now for details: http://scambusters.org/a/affiliatesuccessplan.html ----------==========**********O**********==========---------- ===== About Internet Scambusters - Administrivia Copyright (c) Audri and Jim Lanford. All rights reserved. To subscribe, visit: http://www.scambusters.org/ To remove yourself or change address options visit: http://www.aweber.com/z/r/?TAwMjEyctMzsDKyMjAystEa0zOwMnCzMrA== (you might have to copy and paste it into your browser) This will take you off the Scambusters list. To send us feedback, do NOT click 'Reply.' Instead, please use our Feedback Form located at: http://www.scambusters.org/feedback.html The information we have on file is: Your name: Scamdex Your email: mark@scamdex.com Please do not send vacation notices or other autoresponders to us. This may take you off the Scambusters list. Scambusters is a public service from Jim and Audri Lanford. Since Scambusters is a public service and we receive thousands of emails, we cannot answer individual emails. For more about our privacy and legal policy, see http://www.scambusters.org/privacy.html Lanford Inc. 197 New Market Center, #115 Boone, NC 28607 To unsubscribe or change subscriber options visit: http://www.aweber.com/z/r/?TAwMjEyctMzsDKyMjAystEa0zOwMnCzMrA==