I really can’t believe anyone will think the FBI issue or verify credit cards/ATM cards & charge you $95 insurance fee for the privilege

Once again the advice is, if it doesn’t look right, then it isn’t right so delete these scam emails and don’t reply to them or phone the numbers given. All that will do is get you a big phone bill from dialling a premium rate international phone number

A slightly different approach came into my inbox today which asked me to confirm the item in my shopping basket. Now I haven’t shopped with Littlewoods online but you can be sure that thousands of people have and the same scam will be applied to just about every well known online shopping site this season.

The email looks quite believable

The website if you follow the link looks exactly like the real Littlwoods shopping site Account sign in page EXCEPT that the real Littlewwoods or ALL reputable shopping sites will have a Padlock icon and the  site address will start with HTTPS and the address bar will turn green to show that you are on a secure site

This screenshot shows the fake site and I have blanked out the address for safety reasons

These show how a genuine site will appear in Internet Explorer 8 on left and Firefox on right. Both show the padlock icon and a green safe address bar. A genuine shopping site will always start HTTPS to show a secure site when you are asked to put in any details. The front page of the site might be a normal http:
Unfortunately a lot of well known shopping sites haven’t yet signed up to the Extended Valuation green bar very secure system yet so watch for the closed padlock and HTTPS in the address bar to show a secure site. In Firefox browser the closed padlock is on the bottom right hand corner of the page, not in the browser address bar

I strongly recommend using ROBOFORM which keeps all passwords in a secure encrypted database that only you (not a keylogger or malware) can access and use it to create safe secure passwords

The advert on google looks like a search listing and it is only apparant that it is a sponsored listing or advert on close inspection

if you look at the screenshots of the 2 sites, you will see that there is very little difference between them and an unwary visitor can soon get infected

Don’t get caught out by it and get your passwords stolen. The downloads on the fake site are recognized by several antiviruses as a password stealer and downloads lots of other trojans and malware

the genuine site is on the left, the fake site on the right

I strongly recommend using ROBOFORM which keeps all passwords in a secure encrypted database that only you (not a keylogger or malware) can access and use it to create safe secure passwords

These have a @live.com email address with what at first glance looks like it could be a proper microsoft or MSN email address ( they of course are not genuine Microsoft or associated with Microsoft in any way)

DO NOT fall for the scam & try to ring the 070240****** number . it is a premium rate number that will have along recorded message on it and cost you £0.50 per minute

You won’t get any money from these scammers but they will get money from you

I have blanked out the full email address and phone number from the image to save the unwary

We are seeing many more phishing attempts using the same technique of sending an HTML page as an attachment to an email and asking you, the victim, to fill in the form

Many people are falling for this, even more than those who click on  link in an email.

Once again we warn that Banks, Building Societies, HMRC, Finance Companies, Ebay, Paypal and Government Departments will not send an email with a PDF to fill or a web page form to fill in asking for user name, password, date of birth, address, Mothers maiden name, Place of birth, favorite color or anything else that can be used to steal your identity. Most of all they NEVER, NEVER, NEVER ask for your credit or debit card details, pin number or log in password.

The Anti-phishing sites are unable to block the sites or warn you that you are on a phishing site  because the html is a web page on your computer so NEVER checked

Even if you press submit, it bounces immediately to the genuine HMRC site so isn’t blocked
Currently spreading in UK are emails pretending to come from HMRC ( Inland Revenue/Tax Office) telling you of a tax refund due to you. For a change they don’t ask you to follow a link directly but to open the attached HTML file ( web page) on your local computer to fill in the form

The webpage looks like

As usual the advice is be very wary, don’t save or open attached HTML files from anybody especially those that pretend to come from a Government department or  bank. They will ALWAYS be fraudulent

If you have unwittingly made a mistake & entered your details:  get in touch with your bank immediately and inform them that your credit/debit card details have been stolen and  immediately report it to the police. Don’t let the police fob you off with ” we don’t deal with that sort of thing”. Insist on a crime being reported and take & keep the crime reference number

The especially dangerous thing about these messages is that they are very deceiving.

 The messages and attack pages are personalized for the To: email address to imply the message is being sent from tech support of the domain.

The URL in the email looks like it leads to the company’s own OWA system.

 We have seen upwards of 30,000 of these messages per hour and they have low AV detection.

via Outlook Web Access Social Engineering Malware Scam – Security Labs Alert.

We see the same problems in English & every other language  so please read & follow the advice:

Brazilian criminals create malicious proxies
By changing the settings of the major browsers, criminals can direct users to false bank pages or false search engines

A  new technique of targeting using proxy services is being operated by  Brazilian and other cybercriminals. 

.PAC files

The attack begins when the user opens infected  emails or attachments. From that moment the virus will change yourbrowser settings, adding network options in a URL to a file.

 .PAC (proxy auto-config) are legitimate, but can be used in a malicious manner, such as in these cases. They are made in JavaScript scripts that define which Internet pages will be answered by a given server, acting as proxy.
On trying to access the pages of the main Brazilian and other  banks, you are directed to a fake site serving pages that look identical to the legitimate bank site and often with the correct bank URL in the address bar,  This allows the crimianls to steal your financial data.

This affects any version of Internet Explorer,  Firefox,  Chrome, Safari and any other browser. Programs like instant messengers and web updaters that use the same settings as Internet Explorer are also affected.

How do you know if you are infected

In Internet Explorer, go to the Tools menu, click Internet options. Connection tab, click LAN settings. See in the box that opens if there are anyentries in “use automatic configuration script”. If any are there remove the entry, then uncheck “use automatic configuration script”. Also check lower down “use a proxy server” because different malwares can set a specific proxy there. If you didn’t set the proxy yourself ( many ISPs or corporate networks do set this proxy) then remove the entry and uncheck the “use proxy server” check, Press OK or Apply

 Firefox, go to the Tools menu, options. On the Advanced tab, go to the network option and click the “configure connection” button. In the box that open, look at the item “address” proxy auto-configuration if there is any URL. If any, remove it. Also check the manual proxy configuration and if not set by you, fix in the same  was as I previously described for internet explorer.

The defensive line team notified the CERT Brazil to take reasonable precautions for the removal of malicious servers, because many of them are located in Brazil.

If you suspect you are infected by a banker trojan, suffer from any diverts, pop ups or other strange or worrying symptoms  please ask for help on our help forum TheSpykiller

That’s alarming news given the glut of information and warnings that pepper the internet, especially given the fact that the second most popular password was 123456789.

The information was revealed by security research Bogdan Calin on his blog. Calin reviewed the list of 10,000 Hotmail accounts posted on PasteBin by hackers and discovered that of the 9,843 valid passwords, 82 of them used one of these two numbers.

Also popular, and equally weak, were the passwords 12345678, 1234567 and 111111 – which all featured in the top ten.

via ’12345′ the most popular phished Hotmail password | IT PRO.