“Your craigslist posting” email

411-Spyware, a website that seems to be a magnet for every scam email out there, has posted a warning about a fake Craigslist email.

“Your Craigslist Posting” email reads:

From: noreply@craigslist.org
Subject: Your craigslist posting “SONY PLAYSTATION 3 METAL GEAR SOLID 4 PS3 80GB BUNDLE !”
Reply-To: noreply@craigslist.org
Confirmation for Posting ID# 921869828

Your ad, titled “SONY PLAYSTATION 3 METAL GEAR SOLID 4 PS3 80GB BUNDLE !,” has been posted as follows:

http://singapore.craigslist.com.sg/ele/921869828.html (electronics)
Posts will appear in the list of postings and in search results in about 15 minutes. If you have trouble finding them, please check our help page at http://www.craigslist.org/about/help/where.html

Please login into your account if you need to edit or delete your posting:
https://accounts.craigslist.org/login

If you did not post this ad please change your account password asap:
https://accounts.craigslist.org/login/chgpwd

For your protection please check our list of common scams: http://www.craigslist.org/about/scams.html

Thanks for using craigslist!

Attempting to log into Craigslist using any of links provided in the email takes you to a fake Craigslist website where any information you enter will go straight to the scammers.

411-Spyware has list of websites you should block concerning this email however I tested them all and they are inactive. The scammers will change the email links in the “Your craigslist posting” email from time to time so just delete the email as soon you get it.

Popularity: 12% [?]

419ERS TAKE CANADIAN FOR $150,000

Textbook scam

A Canadian man who fell for a 419 scam was taken for $150,000 by advance fee fraudsters who conducted a textbook operation to fleece their victim.

John Rempel of Leamington, Ontario, got an email back in 2007 from “someone claiming to be a lawyer with a client named David Rempel who died in a 2005 bomb attack in London”, the Windsor Star reports. The email claimed the “deceased” had left $12.8m, and since he had no family “wanted to leave the money to a Rempel”.

Keep reading “419ers take Canadian for $150,000” »

Popularity: 1% [?]

POP-UP PHISHING RISK POINTS TO WEB FRAUD EVOLUTION

Taking the spam out of e-banking scams

Fraudsters have the potential to develop techniques for mounting phishing attacks using pop-up dialogue boxes instead of spoofed emails, security start up Trusteer warns. Although the firm isn’t able to cite example of the possible next-generation attack, which it describes as in-session phishing, that attack scenario is plausible enough to merit a closer look.

In-session phishing, like drive-by download attacks, first relies on planting malicious code on targeted web sites. But instead of redirecting surfers to maliciously constructed websites under the control of malware , where browser vulnerabilities might be used to load malware on poorly secured Windows PCs, the hostile code is used to generate rogue pop-up browser windows.

Keep reading “Pop-up phishing risk points to web fraud evolution” »

Popularity: 1% [?]

UPSInv.zip and NorthwestAirlines.zip

411-Spyware has found two malicous emails you should be on the lookout for.

First is NorthwestAirlines.zip which is a trojan that comes on a fake Northwest Airlines ticket email.

From: Damian Muller
Subject: E-ticket #4418910180
Hello!
Thank you for using our new service “Buy Northwest Airlines ticket Online” on our website.
Your account has been created:
Your login: ida.camacho@t********.com
Your password: passXNK0
Your credit card has been charged for $471.52.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the Northwest Airlines ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards,
Damian Muller
Northwest Airlines
Attachment: NorthwestAirlines.zip

UPSInv.zip is a trojan that comes in a fake UPS email.

From: United Postal Service
Subject: Delivery problems
Hello!

Sorry, we were not able to deliver postal package you sent on December the 25th in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office.

Your UPS Support Team
Attachment: UPSInv.zip

If you have opened the attachments on either on these emails, naughty, naughty. Luckily 411-Apyware has the instructions to remove NorthwestAirlines.zip and remove UPSInv.zip

Popularity: 3% [?]

HMRC WARNS OVER TAX EMAIL SCAMS

Death and taxes and crime

The Treasury has taken the unusual step of warning UK taxpayers of a phishing scam doing the rounds, which looks to ensnare frantic last-minute tax return filers.

Bogus email warnings designed to trick citizens into handing over sensitive personal details are circulating in the run-up to the 31 January Self Assessment tax deadline. The scam messages claim that recipients are entitled to a tax refund and ask for bank or credit card details so that the fictitious refund can be paid out. The emails come from spoofed email addresses so that they might appear to come from tax authorities.

Keep reading “HMRC warns over tax email scams” »

Popularity: 1% [?]

WEAK SIGS FOUND ON ONE IN SEVEN SSL SITES

Survey highlights serious spoofability

One in seven digital certificates that stamp the authenticity of secure web sites use a vulnerable signature algorithm, according to a new survey. The shortcoming underlines the need to drop the insecure signing mechanism before its shortcomings are exploited in more convincing phishing attacks.

Netcraft reports that 14 per cent of the SSL Certificates it analysed during a recent survey were signed using an MD5 Algorithm recently discovered to be not just weak but vulnerable to practical attack. Last month security researchers at the Chaos Communication Congress showed how a fake certificate with the same digital signature (hash) as a valid certificate might be created. The issue arises because two different inputs to the weak MD5 hashing algorithm can produce the same output.

Keep reading “Weak sigs found on one in seven SSL sites” »

Popularity: 1% [?]

How to Avoid Phishing Scams

With the economy like it is, you’re likely to get more email scams: some dude in Nigeria wants to give you a billion bucks, and a credit card account you never knew you had is about to be closed.

!!!

Here’s a boring but informative video about how to avoid phishing scams.

Phishing Email Demo

If you want to get an apple from the teacher, watch this video, too. I fell asleep during the middle of it, though.

How Phishing Scams Work

(Or, “How to Fall Asleep in Three Minutes and 40 Seconds”)

Popularity: 2% [?]