Friday, March 12. 2010Thursday, March 11. 2010Indian Income Tax refund phishing scam emails now mentions tax refunds in US Dollars.
Yesterday a friend of mine forwarded me a mail he thought to be a phishing email. The email was indeed a phishing email. It was a Indian Income Tax phishing scam that is still going on as the phishers are still actively sending emails to millions of email addresses supposedly belonging to Indians. I had written blog on the same couple of weeks back.
This phishing scam is about attacker sending emails to unsuspected users telling them that they are eligible for income tax refund from Income Tax department from government of India. This particular phishing email had a surprising element that is showed the refund amount in US Dollars. I was amazed to read that the attackers believes that Indian Government does tax refund in US dollars as currency. Believing that the hackers being careful enough to not to do such a mistake I am thinking whether Indian Government really gives tax refunds in USDs? may be for NRI staying out of India? At least I am not aware of such thing. The email text looked like this:  The link in the email took me to the below fake Indian Government Income Tax website replica.  Phishing webpage of Income Tax Department Tuesday, March 9. 2010Monday, March 8. 2010FIFA World Cup 2010 Lottery Scam Mail
The online scammers have attempted a new trick shot. They are trying to boost their chances of a scam by capitalizing on the popularity of FIFA Football World Cup 2010 that will be held in South Africa from June 11, 2010 onwards.
Today I received an email with the words GOOD NEWS!!! in the Subject line and SOUTH AFRICAN FIFA WORLD CUP 2010 INTERNET LOTTERY PROMOTION as the header of the mail. Please be aware that such mails are framed by online scammers and serves just one purpose, to lure users into believing that they won the lottery and in turn gather personal information from the users. On many occasions when contacted on the contact details provided in the mail, scammers ask victim to pay some amount to receive the lottery prize. Most of the time victims have fallen for this trap and ended up paying their savings without receiving the lottery prize. While receiving this mail, Quick Heal AntiSpam automatically filtered it as SPAM. So please try to ignore such emails and keep away from online scams. A copy of the entire mail follows: 
Saturday, March 6. 2010Phishing email of Bank of India in Hindi.
Today I got 4 Bank of India phishing emails. As I had written a blog earlier the phishing attack on Bank of India is getting repeated every few days. Out of the 4 phishing attack emails that I received 3 were in English language but the fourth email was in local language Hindi.
This is the first time I have come across a phishing attack email on Indian bank with local language email. The email content looked like this.  The email message did not had any images like bank logo. Email had lot of grammatical and spelling mistakes The English language phishing emails had bank logo and a well designed HTML page. The email had a content that asked user to visit the given link which was as below: http:// dsl212-235-112-130.bb.netvision.net. il/www.bankofindia.com/ The above link points to a compromised server that is located in Israel. When visited the website it looked as below:  Fake Bank of India website asking for users PIN number. This indicates that the attacker is doing all possible ways to lure the innocent users to click the like and reveal their account information along with PIN number. The email is automatically blocked by Quick Heal AntiSpam and the link is blocked by the anti-phishing plug-in. More news as things happen. I will keep on twitting on this topic as I get more information. Follow me on twitter @sanjaykatkar Wednesday, March 3. 2010Tuesday, March 2. 2010Spanish police arrested 3 hackers as suspected masterminds of Mariposa botnet.
Mariposa botnet which has grown much stronger over last six months was posing a big challenge for security software developers. The botnet which was first observed in April-May 2009 has shown significant traffic growth over last six months indicating substantial number of compromised computers.
The botnet was quite actively managed by these hackers who use to update the functionality of the bot more frequently by downloading and executing random files from newly hosted locations. This way it has become quite sophisticated and was believed to have more than 10 millions computers under control. The real names of these hackers are yet to released. This sounds one more victory against bad guys which arrived just after the news of MS taking down Waldec. Even though the news arrived now the activity of tracking these guys and taking down the botnet has been going on months before this news release. Kudos to Spanish Police for the successful arrest of these masterminds. More information on the arrest news can be found at: http://www.cbsnews.com/stories/2010/03/02/tech/main6259510.shtml?tag=stack Tuesday, March 2. 2010Internet Explorer .HLP vulnerability on Windows XP
Microsoft's security team is investigating a security vulnerability reported at http://isec.pl/ by Maurycy Prodeus.
The vulnerability is observed on operating system older than Windows Vista (i.e. Windows XP). In this, the attacker hosting a malicious website can remotely run arbitrary code by convincing the user to press the computer's F1 key in response to a popup window. The vulnerability is the result of the passing a samba share as a helpfile parameter along with a stack based buffer overflow in the winhelp32.exe file when parameters are too long. There are no reports of attacks exploiting the weakness. Microsoft plans to issue guidance once its investigation is completed. Microsoft’s Jerry Bryant says more on it, here: http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx Tuesday, March 2. 2010Paypal phishing attack
I came across multiple emails in my inbox which were talking about my Paypal account being blocked. The mails had a subject line as "Your Papal account is suspended". I immediately sensed it as phishing email. As earlier I had received emails indicating about payments that I made using Paypal which were phishing emails and after that I had been more careful when going through the email with respect to Paypal.
This email was not having my name and has started like "Dear Paypal Member", usually it should have been addressed to me on my name. The email also had lot a warning kind of message like "Your account will be suspended" "Click here to activate your account". I just moved my mouse pointer over the link and observed that the link is not actually taking me to the Paypal website. This confirmed that its a phishing email. The link pointed to the URL something like (http :// www. worldangler.com/~paypal/paypal.fr/fr/...) I still visited the link just to see how the attacker had created the webpage. It appeared as shown below:  The above page is designed carefully to look similar as Paypal official website. Its in European local language. I advice to all the readers that while going through the emails from bank/paypal/online financial websites please have a suspicious view at the back of your mind and look for such signs of a phishing attack. Please "Do not click" on any links in the email. Its always better to open the browser and directly type in the email address of the bank/paypal etc. whatever service you are concern of. Then visit the website. This will delay the process but will be more safe. Paypal had a interesting tutorial on teaching to guess the phishing email correctly. Please see below webpage to have a look at the tutorial that teaches how to spot phishing. https://www.paypal.com/fightphishing Happy learning  Saturday, February 27. 2010 |
Archives |
