|
Back To The Virus Support Home Page
PHISHING SCAMS
ALERTS
The Report On Identity Theft and Attacks On Computer Users
Every day, thousands of people are fooled by emails from criminals trying to steal their identities or infect and take over their computers. This update is our attempt to help you avoid being one of
the victims.
Part 1. Subject Lines You May See In Emails That Are Trying To Hurt You
I. Emails from people trying to infect your system and steal your friends' email addresses for spam
I.1 Pictures of Osama Bin Laden hanging or Arnold Schwarzenegger's suicide note
I.2. Email from your system administrator or other familiar sender that says your email could not be
delivered, or some similar statement.
I.3. Email with subject "Against!" or "Revenge"
I.4. Email with subject Re_ and body with animals or foto or other subjects
II. Emails from people trying to steal your identity (and your money)
II.1. Update Your Billing Information (from eBay)
II.2. Your account at eBay has been suspended
II.3. Your account at Wells Fargo has been suspended
II.4. Notification of US Bank Internet Banking
II.5. Attn: Citibank Update
III. Emails from people trying to fool you into hurting yourself or your friends and coworkers
III.1 Subject: "jdbg" Virus: how to detect and remove.
Part 2. More Details About Each Attack
Part I: Emails from people trying to infect your system and steal your friends' names for spam
I.1. Name: Hackarmy
The bait: An email or news article claiming to offer you copies of pictures of Osama Bin Laden being hanged. A second form comes claiming to have a suicide note from Arnold Shwarzenegger.
How it infects your system: You click on a link that downloads a zip file. You execute the file thinking you will see the pictures.
What it does to you: Gives attackers remote control of your computer so they can use it in attacks on other people, or harvest email names for spam.
Where to find detailed information:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.d.html
I.2. Name: Mydoom-O
The bait: An email from your mail or system administrator or other familiar sender with any one of the following subjects: (1) say helo to my litl friend, (2) click me baby, (3) one more time, (4)
hello, (5) error, (6) status, (7) test, (8) report, delivery failed, (9) Message could not be delivered, (10) Mail System Error - Returned Mail, (11) Delivery reports about your e-mail, (12) Returned
mail: see transcript for details, (13) Returned mail: Data format error. Each has an attachment.
How it infects your system: you download and open the attachment.
What it does to you: steals all email addresses from you to be sold to spammers, spreads to other sites from your machine. It also uses your system to send requests to search engines like Google to
look for more email addresses.
Where to find more detailed information:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html
I.3. Name: Atak-C
The bait: An email that arrives with the subject "Attack!" or "Revenge" and a zipped attachment
How it infects your system: you download and open the attachment.
What it does to you: steals all email addresses from you to be sold to spammers.
Where to find more detailed information:
http://www.sophos.com/virusinfo/analyses/w32atakc.html
I.4. Name: Beagle
The bait: An email that arrives subject Re_ and with an attachment.
How it infects your system: you download and open the attachment.
What it does to you: disables antivirus and other important software, mass mails itself to others, steals email addresses from throughout your files, gives attacker remote control of your computer to
use to attack other systems.
Where to find more detailed information:
II. Emails from people trying to steal your identity (and your money)
II.1 Update Your Billing Information (from eBay)
The bait: An email coming from eBay saying the company has "detected a slight error in your billing information" and saying that you must fix it within 48 hours to continue to buy or sell on eBay.
What it tries to make you do: click on a link and tell them your eBay and paypal username and password, and your credit/debit card information
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/07-27-04%20Ebay%20(Update%20Your%20Billing%20Informations).html
II.2 Your account at eBay has been suspended
The bait: An email coming from eBay saying your account has been suspended and "We had to block your eBay account"
What it tries to make you do: click on a link and tell them your eBay and paypal username and password, and your credit/debit card information
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/07-26-04_Ebay_(your_account_at_ebay_has_been_suspended).html
II.3 Your account at Wells Fargo has been suspended
The bait: An email coming from eBay saying your account has been suspended and "Your account has been compromised by outside parties."
What it tries to make you do: click on a link and tell them your username, password, and credit card information
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/06-29-04_Wells_Fargo_(Your_account_at_Wells_Fargo_has_been_suspended).html
II.4. Notification of US Bank Internet Banking
The bait: An email coming from US Bank saying, "as a preventative measure, we have temporarily limited access to some features"
What it tries to make you do: click on a link and tell them username, password, credit card data or debit card data.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/07-23-04_US_Bank_(Notification_of_US_Bank_Internet_Banking).html
II.5. Attn: Citibank Update
The bait: "Click here" link in an email that seems to come from Citibank.
What it tries to make you do: click on a link and tell them personal information and credit card or debit card data.
Where you can see how it actually appears:
http://www.fraudwatchinternational.com/fraud_alerts/040721_1046_citibank.htm
http://www.antiphishing.org/phishing_archive/07-21-04_Citibank_(Attn_Citibank_Update).html
II.6 Confirm AOL Billing Info
The bait: An email coming from AOL saying your billing information is out of date and asking you to "spend several minutes and update your billing records"
What it tries to make you do: click on a link and tell them personal information and credit card or debit card data.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/07-20-04_AOL_(Confirm_AOL_billing_info).html
III. Emails from people trying to fool you into hurting yourself or your friends and coworkers
III. 1. jdbg Hoax
The bait: An email telling you about a virus and how to remove it.
Example: "Subject: "jdbg" Virus: how to detect and remove." May also talk about finding a teddy bear on the machine - because the file has a bear as a symbol.
What it is trying to make you do: remove a file that is not harmful
Where to find more information:
http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html
Copyright 2004, The SANS Institute. http://www.sans.org Permission is granted to copy and redistribute this material to whomever it will
help.
PAYPAL Scam Alert
March 1, 2005
Your webmaster is receiving this email scam almost every day. PLEASE do not fall for this scam. The email looks very official and it is
easy to think the email is from PayPal, but it is NOT.
The email will ask you to click on a link to update your account information. HOWEVER, the link does NOT take you to the official PayPal
web site. You are redirected to another website where you will see a very official looking PayPal form that asks for you name, address, credit card number, expiration date, bank account
number and other personal information.
Again, the form will look very official, complete with all the real PayPal graphics and colors. Even some of the links on the page link to
real PayPal web site pages, but the link that takes you to the account update form is NOT a Paypal site page.
The one thing that should tip you off to this scam is the fact you are asked to fill in a form with your personal information BEFORE you are
asked for your User Name and Password.
The other thing you should note is the url you see when you point your mouse to any link within the email. If the link to update your
Paypal information does not go to www.paypal.com do NOT click on the link.
If you need to update or check on your PayPal account information, go directly to www.paypal.com and sign in to your account. NEVER
follow a link within an email to reach the paypal website.
ISP Scam Alert
March 3, 2004 (but still relevant in March 2005)
Even tech-savvy users could be fooled by the latest phishing scams, which have evolved beyond all recognition in their bid to steal credit
card details.
Phishing is where unsuspecting users receive emails that attempt to fool them into disclosing online banking passwords, by sending them to a site that mimics the look and feel of their bank's Web
site.
According to Jevans, the phishers are primarily after credit card information, so a typical scam email would tell the user that their credit card had expired or that the company was having a
billing problem and needed the user to update their details. Although this idea is nothing new, the sophistication of the attacks has evolved dramatically.
A new phishing method that people should be wary of is where the user receives an email from their ISP (i.e. AOL, Earthlink, Comcast) and when they click on the link, they are taken to the ISP's
legitimate web site in the main browser window; however, a new window pops up requesting their credit card information be entered. As pop-ups rarely display URL information, the user is less
likely to be suspicious.
Click here to read more about this scam
DESA Webmaster note: this story is another good example of why you should not click on links within the body of an email to reach the
web site. If you want to visit a legitimate site (i.e. Paypal.com or your bank's web site) the safest practice is for you to manually type the legitimate address into your web browser.
Do not use your "favorites" or "bookmark" to reach the page because there are viruses that can infect your favorites or bookmarks causing the link to take you to a fake website.
|
