Oregon Attorney General Office issued an alert to the public on September 11, 2008 about a new scam e-mail that was making rounds on the Internet and offering compensation to individuals who had been victims of earlier Nigerian e-mail scams, as reported by Kohd on September 11, 2008.
The scam e-mail says that the Nigerian courts had granted a huge sum of money to the victims who need to give their private information and remit $675 as fees for the grant's processing. It also says that the state police's help would be taken to deliver the funds.
Furthermore, the phishing e-mail informs the recipient that a local attorney in Africa was holding the funds on his/her behalf while looking forward to wire it to the US. However, it would be soon done after receiving the fees and the recipient's private details including full name, address, telephone number and driving license or passport details, claims the e-mail.
In addition, the message promises that after receiving the required fee and details, the U.S. government as well as the state police would be alerted of the funds' remittance to make sure they arrived promptly. However, the Oregon State Police dismissed any such involvement by them.
Meanwhile, Hardy Myers, Attorney General of Oregon, has also said that Oregonians should be protected from the latest twist to a classic scam. He added that these fake offers to assist victims of fraud, with the support of the Oregon State Police, are merely crafted to exploit the public, as reported by Kohd on September 11, 2008.
Hardy Myers further added that people should remain vigilant of such scams and always exercise caution while sharing personal information. In the meantime, the number of phishing attacks against the companies is increasing rapidly with new tactics are spreading nationally and internationally.
Also, according to similar news lately, an e-mail survey sent to residents of Grant Pass area with an offer of paying $90 to those who would answer some queries for a local bank that actually did not exist. Police confirmed that it related to a scam operated over e-mail from Valencia, Spain.
Source:
NASA hacker loses final appeal - faces extradition to the United States
Sophos comments on the case of Gary McKinnon.
Source: www.sophos.com
Massive Volume of Inbound E-Mails to SMEs Are Spam
On September 4, 2008, IT Force, an Irish technical services and consulting company, released a research report in which it revealed that about 92% of all e-mails came to the company as well as to its clients during August 2008 were spam.
The company analyzed more than 1,187,452 e-mails and established that 1,090,286 were spam. According to it, the Top Ten malware list included Email.Trojan-9 and Trojan.Delf-5385 as the most commonly used viruses by spammers. Some other top viruses included Email.PornTeaser, Trojan.Zbot-1966 and Trojan.Zbot-1962.
The research further disclosed that countries producing most spam region-wise included China, Belarus and the US, excluding Ireland.
However, according to the research, viruses coming via e-mail were falling, as the volume of spam mails containing viruses were extremely small, around 1% of the entire spam. The reason behind this fall is that security vendors in the industry were proactively enhancing their abilities to detect such viruses and organizations were also adopting these solutions.
Joe Molloy, Sales Director for Managed Services, IT Force, says that in the last few months, IT companies have been successfully eliminating viruses, leading to a significant drop in the malware's volume, as reported by siliconrepublic on September 4, 2008.
Also, phishing sites crafted to take advantage of any software vulnerability they find, installs the Zeus Trojan onto the victim's computer. Zeus is a dangerous Trojan as it gathers data from Internet-based forms, seizes screen shots, harvests browser passwords as well as controls the computer remotely.
Furthermore, IT Force believes that hacking criminals might be using a Trojan or virus to infiltrate home computers. The malware might then enter the victim's PC and deceive the end-user into opening legitimate software.
Besides, spammers are increasingly developing and applying new methods to evade enterprises' conventional anti-spam solutions. These attacks, known as 'Spam spikes', take place when unique domains are offensively targeted. The attacks could be extremely dangerous, particularly to SMEs (Small and Medium Enterprises), as their servers get overloaded with the spam mails, preventing inbound orders and communications from clients.
Similarly, SFA (Small Firms Association) has also said that spam is particularly threatening to the small and medium size market.
Source:
Penn State Rocked By Web Access Phishing Scam
A press release circulated in the beginning of September 2008 announced that many Penn State Community students were targeted by a phishing scam after responding to a message, which they believed, originated from the "PSU.edu Admin".
In contrast to other phishing scams searching for student information, in this particular case, the cyber criminals do not request the students to respond to the messages with their login details, on the contrary, they are led to a phony Web Access login page which resembles the Penn State University's authorized login page, according to the security investigators and security experts, investigating the details into the recent phishing scam.
In the meantime, reports reveal that some of the Penn State students found the fake homepage convincing enough to access it using their Penn State username and password. Security experts advise all victims to visit the official Penn State University login management Web page at https://www.work.psu.edu/apps/work/work.php and then modify their password.
The access to the fake site was barred on September 8, 2008 dawn. Nevertheless, students should be warned that the phishing scam is expected to recur via another Web address if the students keep on falling prey to the fraud, asserted security authorities.
In the course of the ongoing investigations by security researchers, the Director Customer Communications, Pennsylvania State University Information Technology Services, Robin Anderson remarked that it was extremely risky as they had been asking the Penn State community not to disclose any private details, as reported by Collegian on September 11, 2008.
According to her, the scammers behind the frauds are not connected with the university and most probably stay abroad.
In the meantime, outlining the purpose of the phishers, investigating officials and experts assert that con men and phishers usually hack the accounts to steal private data like Social Security numbers (SSN) and transaction details of their targets.
Besides, these con men often store the details in a database and then auction them, earning cash in exchange. As such kind of scams are perpetrated with monetary benefits, the key purpose is phishing people of their personal data.
Source:
