news aggregator

Parking firm pulls app after dev claims: I can SEE credit card privates

The Register Spam-News - Thu, 13/02/2014 - 08:02
No user details were breached, claims firm

An automated parking firm has halted public access to its payment app after a blogger identified a serious security flaw which he claimed allowed him to see other users' credit card information.…

Parking firm pulls app after dev claims: I can SEE credit card privates

The Register Spam-News - Thu, 13/02/2014 - 08:02
No user details were breached, claims firm

An automated parking firm has halted public access to its payment app after a blogger identified a serious security flaw which he claimed allowed him to see other users' credit card information.…

Guatemalan scammers taking lessons from Nigeria?

Cloudmark Blog - Thu, 06/02/2014 - 12:00

When it comes to exports and Guatemala, we generally think coffee. However, while poring over our Mobile messaging data, we discovered another Guatemalan export: Nigerian-style scam campaigns.

Over the past two to three years, mobile phone users in the USA have been receiving SMS messages, originating in Guatemala, informing them that they have won a cash prize and an automobile.

Here is an example:

felicidades! CLARO y TIGO te informa que GANASTE $35,000.00 y un VEHICULO TOYOTA comunicate al tel:01150248XXXXXX llama ya

We have only seen this attack in the Spanish language. The above roughly translates to:

congratulations! CLARO and TIGO informs you that WON $ 35,000.00 and a TOYOTA VEHICLE call 01150248XXXXXX to claim

The scam works like this: The unsuspecting recipient calls the number to be informed of the details of their prize. In order to receive the prize, they must hand over various personal information, bank account details, etc. To pick up their brand new automobile, they can either come to Guatemala in-person or it can be delivered to them directly. Therein lies the catch: they must pay the import duty, taxes, so-called “landing duty”, etc. involved. This will ultimately be the only transaction that occurs for those unlucky enough to fall for the scam. Well, that is unless their identity is stolen…

The scammers have dedicated personnel on-hand to answer queries. In fact, they only operate during normal business hours, directing weekend callers to get back to them on Monday morning. In addition to this, the scammers have also created a number of blogspot pages, purporting to belong to major mobile carriers.  Once the user has contacted the scammer, they are directed to one of these blogspot pages.  To the less savvy user, these fake pages can provide the scammer with an air of credibility:

An example landing page used by this scammer

This scam accounts for 22% of all international spam arriving in the USA. However, we found that these Guatemalan scammers have not only been sending text messages to the USA. In fact, the bulk of this campaign has been directed towards other Latin American countries: Costa Rica, Nicaragua, Belize and Uruguay. It would seem that the lure of $60K and a car is enough to tempt people, whether in a first world or developing country. The single-language nature of this campaign suggests that the spammer is targeting a specific list of Spanish-speaking users.

Whatever their success rate, these scammers are availing of cheap-rate international SMS rates to spam – and ultimately – scam people out of cash.

Guatemalan scammers taking lessons from Nigeria?

Cloudmark Blog - Thu, 06/02/2014 - 12:00

When it comes to exports and Guatemala, we generally think coffee. However, while poring over our Mobile messaging data, we discovered another Guatemalan export: Nigerian-style scam campaigns.

Over the past two to three years, mobile phone users in the USA have been receiving SMS messages, originating in Guatemala, informing them that they have won a cash prize and an automobile.

Here is an example:

felicidades! CLARO y TIGO te informa que GANASTE $35,000.00 y un VEHICULO TOYOTA comunicate al tel:01150248XXXXXX llama ya

We have only seen this attack in the Spanish language. The above roughly translates to:

congratulations! CLARO and TIGO informs you that WON $ 35,000.00 and a TOYOTA VEHICLE call 01150248XXXXXX to claim

The scam works like this: The unsuspecting recipient calls the number to be informed of the details of their prize. In order to receive the prize, they must hand over various personal information, bank account details, etc. To pick up their brand new automobile, they can either come to Guatemala in-person or it can be delivered to them directly. Therein lies the catch: they must pay the import duty, taxes, so-called “landing duty”, etc. involved. This will ultimately be the only transaction that occurs for those unlucky enough to fall for the scam. Well, that is unless their identity is stolen…

The scammers have dedicated personnel on-hand to answer queries. In fact, they only operate during normal business hours, directing weekend callers to get back to them on Monday morning. In addition to this, the scammers have also created a number of blogspot pages, purporting to belong to major mobile carriers.  Once the user has contacted the scammer, they are directed to one of these blogspot pages.  To the less savvy user, these fake pages can provide the scammer with an air of credibility:

An example landing page used by this scammer

This scam accounts for 22% of all international spam arriving in the USA. However, we found that these Guatemalan scammers have not only been sending text messages to the USA. In fact, the bulk of this campaign has been directed towards other Latin American countries: Costa Rica, Nicaragua, Belize and Uruguay. It would seem that the lure of $60K and a car is enough to tempt people, whether in a first world or developing country. The single-language nature of this campaign suggests that the spammer is targeting a specific list of Spanish-speaking users.

Whatever their success rate, these scammers are availing of cheap-rate international SMS rates to spam – and ultimately – scam people out of cash.

Will Yahoo Mail data be used for Phishing?

Cloudmark Blog - Fri, 31/01/2014 - 21:59

Yahoo Mail announced a security attack yesterday where they observed hackers had been logging into peoples’ Yahoo email accounts using usernames and passwords that appeared to come from a third party who had access to this information.

A Yahoo news article said that “A malicious computer program armed with Yahoo Mail passwords and usernames apparently slipped into accounts aiming to glean names and addresses from messages that had been sent.”

Once they noticed the attack, Yahoo quickly moved to reset the passwords of all the impacted accounts, which means that the affected users will have to use second sign-in verification to get access and re-secure their account. This involves either providing the answers to security questions or having Yahoo send a text message to your previously registered mobile phone number.

Often when an attacker gets hold of people’s email account credentials, they use those credentials to login to the account and send spam. In this case, the attackers appear to have been after information about the people to whom the victims had recently sent email.

This raises the question, what was the attacker going to do with this information when they got it? One obvious use for this data is for targeted phishing and fraud attacks, either against the original victim whose email account was accessed, or against the people to whom the victim had recently sent email.

By knowing the names and addresses of both the sender and receiver of email, the attacker could craft fake emails that appear to come from someone the victim knows. The victim is therefore more likely to open the message, believe it and take the requested action.

Will Yahoo Mail data be used for Phishing?

Cloudmark Blog - Fri, 31/01/2014 - 21:59

Yahoo Mail announced a security attack yesterday where they observed hackers had been logging into peoples’ Yahoo email accounts using usernames and passwords that appeared to come from a third party who had access to this information.

A Yahoo news article said that “A malicious computer program armed with Yahoo Mail passwords and usernames apparently slipped into accounts aiming to glean names and addresses from messages that had been sent.”

Once they noticed the attack, Yahoo quickly moved to reset the passwords of all the impacted accounts, which means that the affected users will have to use second sign-in verification to get access and re-secure their account. This involves either providing the answers to security questions or having Yahoo send a text message to your previously registered mobile phone number.

Often when an attacker gets hold of people’s email account credentials, they use those credentials to login to the account and send spam. In this case, the attackers appear to have been after information about the people to whom the victims had recently sent email.

This raises the question, what was the attacker going to do with this information when they got it? One obvious use for this data is for targeted phishing and fraud attacks, either against the original victim whose email account was accessed, or against the people to whom the victim had recently sent email.

By knowing the names and addresses of both the sender and receiver of email, the attacker could craft fake emails that appear to come from someone the victim knows. The victim is therefore more likely to open the message, believe it and take the requested action.

Cloudmark’s 2013 Annual Global Messaging Threat Report

Cloudmark Blog - Thu, 30/01/2014 - 19:28

As the Chinese New Year rings in the year of the Horse, we’re also excited to announce the release of our 2013 Annual Global Messaging Threat Report. Looking back at the year, we discuss the evolving realm of highly targeted, regional SMS spam campaigns, spammers’ preference for financial themes, Apple iMessage abuse, dramatic increases in the use of hacked domains, and various actions governments have taken to stem the tide of spam.

All spam is, at its core, motivated by profit. Spammers and scammers generate the campaigns that we see in order to earn money. It’s no surprise than that they attempt to motivate others with the lure of financial gain. In the United States, recipients saw 67 percent of SMS spam come in various forms of financial incentives or deceptions during 2013. Free gift cards, payday loans, and alarming yet fake bank alerts topped the list of categories using money as a motivator. However, the UK saw even more. In 2013, UK spammers sent 85 percent of their messages with a financial tone. The graph below illustrates the break down of various financially themed categories in both countries in comparison to non-financial spam.

Distribution of Financial Themed Spam

Argentinian SMS spam had a different theme though. Over the course of 2013, offers for cheap automobiles were the dominant form of reported SMS spam in Argentina. Also, adult oriented content made second place in the United States, accounting for 16% of reports.

On the email side, analysis of 2013 indicated that the U.S. is the by far largest producer of email spam generating about a third of the world’s email spam. Despite directing nearly three quarters of email spam within its own border, the U.S. made considerable contributions to the spam problems seen in Brazil, Australia, Japan, Great Britain, Italy, and Switzerland.

Often the call-to-action URLs included in many spam messages both in the U.S. and around the globe rely heavily on the use of compromised Web servers and domains. The link typically is not pointed at the advertised destination but instead a compromised website that redirects the browser one or more times to the actual site the spammer wants you to see. In 2013, Cloudmark saw a large increase in the amount of spam messages directing users to these compromised sites. The following graph shows the relative volume of compromised domains over the course of 2012 and 2013 for comparison.

Volume of Spam Using Compromised Domains

Some good news did come about from 2013. The Federal Trade Commission (FTC), a U.S. regulatory agency, took action against what was the most prolific form of SMS spam at the time – “free” gift card scams. Accounting for 44% of all reported U.S. SMS spam in 2012, this category was by far the single largest form of SMS spam. However, we saw the demise of this behemoth category happen nearly over night due most likely to the FTC’s filings against 29 defendants for their involvement in sending the scam texts. On March 7th, the agency announced its actions coinciding with the disappearance of nearly all reports of this type of spam. Details on the historical volumes of this spam type are highlighted in the following graphic.

SMS Gift Card Spam, 2012 & 2013

For a more in-depth discussion of these topics, mobile malware, regional campaigns, and iMessaging attacks, see our complete 2013 Annual Report.

Cloudmark’s 2013 Annual Global Messaging Threat Report

Cloudmark Blog - Thu, 30/01/2014 - 19:28

As the Chinese New Year rings in the year of the Horse, we’re also excited to announce the release of our 2013 Annual Global Messaging Threat Report. Looking back at the year, we discuss the evolving realm of highly targeted, regional SMS spam campaigns, spammers’ preference for financial themes, Apple iMessage abuse, dramatic increases in the use of hacked domains, and various actions governments have taken to stem the tide of spam.

All spam is, at its core, motivated by profit. Spammers and scammers generate the campaigns that we see in order to earn money. It’s no surprise than that they attempt to motivate others with the lure of financial gain. In the United States, recipients saw 67 percent of SMS spam come in various forms of financial incentives or deceptions during 2013. Free gift cards, payday loans, and alarming yet fake bank alerts topped the list of categories using money as a motivator. However, the UK saw even more. In 2013, UK spammers sent 85 percent of their messages with a financial tone. The graph below illustrates the break down of various financially themed categories in both countries in comparison to non-financial spam.

Distribution of Financial Themed Spam

Argentinian SMS spam had a different theme though. Over the course of 2013, offers for cheap automobiles were the dominant form of reported SMS spam in Argentina. Also, adult oriented content made second place in the United States, accounting for 16% of reports.

On the email side, analysis of 2013 indicated that the U.S. is the by far largest producer of email spam generating about a third of the world’s email spam. Despite directing nearly three quarters of email spam within its own border, the U.S. made considerable contributions to the spam problems seen in Brazil, Australia, Japan, Great Britain, Italy, and Switzerland.

Often the call-to-action URLs included in many spam messages both in the U.S. and around the globe rely heavily on the use of compromised Web servers and domains. The link typically is not pointed at the advertised destination but instead a compromised website that redirects the browser one or more times to the actual site the spammer wants you to see. In 2013, Cloudmark saw a large increase in the amount of spam messages directing users to these compromised sites. The following graph shows the relative volume of compromised domains over the course of 2012 and 2013 for comparison.

Volume of Spam Using Compromised Domains

Some good news did come about from 2013. The Federal Trade Commission (FTC), a U.S. regulatory agency, took action against what was the most prolific form of SMS spam at the time – “free” gift card scams. Accounting for 44% of all reported U.S. SMS spam in 2012, this category was by far the single largest form of SMS spam. However, we saw the demise of this behemoth category happen nearly over night due most likely to the FTC’s filings against 29 defendants for their involvement in sending the scam texts. On March 7th, the agency announced its actions coinciding with the disappearance of nearly all reports of this type of spam. Details on the historical volumes of this spam type are highlighted in the following graphic.

SMS Gift Card Spam, 2012 & 2013

For a more in-depth discussion of these topics, mobile malware, regional campaigns, and iMessaging attacks, see our complete 2013 Annual Report.

Syndicate content