Prior to this blog post, zveloLABS published a phishing URL alert about fake Apple account verification websites. Now, zvelo’s team of engineers and researchers has unearthed a new phishing attack campaign using fraudulent Facebook log-in sites.
The Anti-Phishing Working Group (APWG) released their quarterly Phishing Attack Trends Report for the first quarter of 2013. Payment Services were reported as the most phished industry sector, followed by Financial Services. When considering the goal of cyber-criminals behind such scams – typically usernames, passwords and credit card information for monetary gains – these industries certainly make sense. While the total number of reported phishing website detections is seemingly on the decline, as illustrated in the trend line below, actual attacks may tell a different story.
I received an email seemingly from PayPal informing me that access to my account has been limited. It threw me off because I received this at my work email, which is not registered with PayPal. I immediately wondered if my account got hacked. Here is a screenshot of the email:
zveloLABS detected a suspicious-looking email purporting to come from the Electronic Federal Tax Payment System (EFTPS) of the U.S. Treasury Department. This email is fraudulent and claims that “Your Federal Tax Payment ID has been rejected.” The payment rejection is falsely attributed to the use of an invalid identification number. Here is an example of the actual phishing email (see image 01), followed by some observations that should raise red flags about its validity.
With the increasing complexity of threats appearing on the Internet, coupled with the rapid development of security products designed to mitigate them, the number of phishing-based attacks have grown. In the first half of 2011 and compared to the second half of 2010, the Anti-Phishing Working Group (APWG) reported a 62% increase in unique phishing attacks worldwide in 200 top-level domains (TLDs).1 This trend warrants swift action to address the growing threat.
Spear phishing attacks aimed at popular email service vendors and large companies have been abundant as of late. Google blogged1 about its recent Gmail incident, in which a spear phishing campaign selectively targeted senior U.S. government officials, Chinese political activists, officials in several Asian countries, military personnel and journalists. Yahoo! Mail and Windows Live Hotmail reported2 similar spear phishing attempts against their users, which were intended to serve up malicious code or steal email account passwords. The security breaches of RSA3 were also traced to a successful series of spear phishing activities.
CoolerEmail is notifying customers of a new phishing scam used to steal login credentials. The web based email marketing program carries an impressive client list including Walmart, Toyota, Pepsi and dozens of other big name brands. Any phished credentials can be used to impersonate these companies in additional phishing or malicious emails.
zveloLABS™ has found thousands of URLs and over 200 new domains registered to a group of Chinese scammers. The new sites are the same as the old, but with new branding and promotional products, such as "Acai Power Slim" "Pure Magnum Pro" and "Colo Cleanse Plus". This scam is perpetrated by sending spam messages advertising a "free trial" of the products. In the end, the criminals have made off with personal information, a credit card number and a recurring monthly charge.