Security and Privacy

The lengths that scammers will go to try to convince a possible victim is quite unbelievable
The following email dropped in my spam box

I really can’t believe anyone will think the FBI issue or verify credit cards/ATM cards & charge you $95 insurance fee for the privilege

Once again the advice is, if it doesn’t look right, then it isn’t right so delete these scam emails and don’t reply to them or phone the numbers given. All that will do is get you a big phone bill from dialling a premium rate international phone number

With the seasonal shopping season well underway, watch out for fake shopping sites and phishing emails trying to get your identity & credit card details.

A slightly different approach came into my inbox today which asked me to confirm the item in my shopping basket. Now I haven’t shopped with Littlewoods online but you can be sure that thousands of people have and the same scam will be applied to just about every well known online shopping site this season.

The email looks quite believable

The website if you follow the link looks exactly like the real Littlwoods shopping site Account sign in page EXCEPT that the real Littlewwoods or ALL reputable shopping sites will have a Padlock icon and the  site address will start with HTTPS and the address bar will turn green to show that you are on a secure site

This screenshot shows the fake site and I have blanked out the address for safety reasons

These show how a genuine site will appear in Internet Explorer 8 on left and Firefox on right. Both show the padlock icon and a green safe address bar. A genuine shopping site will always start HTTPS to show a secure site when you are asked to put in any details. The front page of the site might be a normal http:
Unfortunately a lot of well known shopping sites haven’t yet signed up to the Extended Valuation green bar very secure system yet so watch for the closed padlock and HTTPS in the address bar to show a secure site. In Firefox browser the closed padlock is on the bottom right hand corner of the page, not in the browser address bar

I strongly recommend using ROBOFORM which keeps all passwords in a secure encrypted database that only you (not a keylogger or malware) can access and use it to create safe secure passwords

I was notified of a google advert for a fake wowmatrix site. The original genuine wowmatrix is seen by many games players as not completely within the rules of the games
Wowmatrix is an addon that makes it easier to update and install other tweaks and addons to your game. Obviously using a fake version that downloads false addons & tweaks and installs them leaves you open to a lot of problems.

The advert on google looks like a search listing and it is only apparant that it is a sponsored listing or advert on close inspection

Continue reading…

We seem to have a new batch of the Microsoft lottery spam emails again

These have a @live.com email address with what at first glance looks like it could be a proper microsoft or MSN email address ( they of course are not genuine Microsoft or associated with Microsoft in any way)

DO NOT fall for the scam & try to ring the 070240****** number . it is a premium rate number that will have along recorded message on it and cost you £0.50 per minute

You won’t get any money from these scammers but they will get money from you

I have blanked out the full email address and phone number from the image to save the unwary

I mentioned previously HERE that the criminals doing these phishing attacks are changing tactics to make it harder for the antiphishing measures to block them

We are seeing many more phishing attempts using the same technique of sending an HTML page as an attachment to an email and asking you, the victim, to fill in the form

Many people are falling for this, even more than those who click on  link in an email. Continue reading…

I am getting concerned at the latest phishing attacks aimed at UK citizens who have to submit tax returns by November

The Anti-phishing sites are unable to block the sites or warn you that you are on a phishing site  because the html is a web page on your computer so NEVER checked

Even if you press submit, it bounces immediately to the genuine HMRC site so isn’t blocked Continue reading…

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new wave of malicious attacks claiming to be an update for Microsoft Outlook Web Access (OWA). Victims receive a message leading to a site to apply mailbox settings which were supposedly changed due to a “security upgrade.” Continue reading…

This post was originally  an automatic machine translation from http://www.linhadefensiva.org/2009/07/criminosos-brasileiros-criam-proxies-maliciosos/  a security blog written in Portugese (Brazillian). I have attempted to correct the translation and add a few other comments

We see the same problems in English & every other language  so please read & follow the advice:

Brazilian criminals create malicious proxies
By changing the settings of the major browsers, criminals can direct users to false bank pages or false search engines

A  new technique of targeting using proxy services is being operated by  Brazilian and other cybercriminals.  Continue reading…

The phishing attack that exposed the details of 10,000 Hotmail users has revealed that 12345 was the most popular password of those caught out, according to a security researcher.

That’s alarming news given the glut of information and warnings that pepper the internet, especially given the fact that the second most popular password was 123456789.

The information was revealed by security research Bogdan Calin on his blog. Calin reviewed the list of 10,000 Hotmail accounts posted on PasteBin by hackers and discovered that of the 9,843 valid passwords, 82 of them used one of these two numbers.

Also popular, and equally weak, were the passwords 12345678, 1234567 and 111111 – which all featured in the top ten.

via ’12345′ the most popular phished Hotmail password | IT PRO.