|
| |
| |
|
|
|
|
************************************************************************
OUCH: The Report On Identity Theft
and Attacks On Computer Users
Volume 1, No. 12. December 01, 2004
************************************************************************
Major threat this month:
Don't Get Hooked By Phishing Scams During the Shopping Season!
Experts are warning that online shoppers need to be extra watchful for
phishing scams this holiday season. Online shopping is expected to
surge 25 percent over last year and email phishing scams have rocketed
by a staggering 1,200 percent since last January.
************************
Take Note: When you update your Windows computer, you usually must get
both the Windows updates and Microsoft Office updates. They are at
different sites, which are:
Windows Update:
http://windowsupdate.microsoft.com
Office Update:
http://office.microsoft.com/en-us/officeupdate/default.aspx
(or you can use the link to Office Update on the Windows Update page)
Office Update often requires the user to have their original media
CDs available to perform updates. Microsoft's explanation for this is
in the Office Update FAQ (frequently asked questions) at
http://office.microsoft.com/en-us/FX010402221033.aspx#6
Users taking advantage of Microsoft's automatic updating and patching
of Microsoft Windows may not be aware that Windows update does *not*
also automatically update Microsoft Office products. You have to do
it manually.
************************
What To Avoid This Month
I. Email from people trying to get you to divulge private details.
They are usually trying to steal your identity (and your money).
I.1 Sovereign Bank - 'Sovereign Bank Unauthorized Account Access'
I.2 Paypal - 'Your Account Will Be Suspended
I.3 Citibank - 'Citibank Alerting Service'
I.4 People's Bank - 'New Mail from People
I.5 Suntrust Bank - 'Internet Banking with Bill Pay Fees Waived'
I.6 Citibank - 'Your online activity confirmation'
I.7 eBay - 'Account Suspension Notice - Section 9'
II. Virus and Hoax Alerts
II.1 Sophos: Training course emails are a scam
II.2 W32.Sober.I@mm
II.3 SymbOS.Skulls
II.4 Latest Mydoom Virus May Signal 'Zero Day' Attack
II.5 W32/Mydoom.ah@MM
III. Covert phishing scam lies in wait for its victims
IV. Important Phishing Information
IV.1 What To Do If You've Given Out Your Personal Financial
Information
IV.2 Identity Theft Help Sites
IV.3 Things you should do to protect yourself.
V. Alleged Phisher Arrested in Boston
VI. Many Users Replacing Internet Explorer
VII. Alliance Formed to Fight ID Theft, Phishing Schemes
******************************
More Details About Things To Avoid
I. Email from people trying to steal your identity (and your money)
I.1 Sovereign Bank - 'Sovereign Bank Unauthorized Account Access':
The Bait: An email sent to you stating that 'We recently reviewed
your account, and suspect that your Sovereign Internet Banking
account may have been accessed by an unauthorized third party...as
a preventative measure, we have temporarily limited access to
sensitive account features...check your account profile...To get
started, please click the link below...'
What it tries to make you do:
Divulge the victim's name and credit card information, and
sovereignbank.com username/password
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-02-04_Sovereign(sovereign_bank_unauthorized_account_access)/11-02-04_Sovereign(sovereign_bank_unauthorized_account_access).html
I.2 Paypal - 'Your Account Will Be Suspended'
The Bait: 'We recently noticed one or more attempts to log in to
your PayPal account from a foreign IP address.'
What it tries to make you do: Divulge your personal information
such as your name and credit card number and your
paypal.com username/password.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-09-04_Paypal(Your_Account_Will_Be_Suspended)/11-09-04_Paypal(Your_Account_Will_Be_Suspended).html
I.3 Citibank - 'Citibank Alerting Service'
The Bait: It arrives in the form of an email that requests "...We
Were unable to process the recent transactions on your account.
To ensure that your account is not suspended, please update your
information by clicking here..."
What it tries to make you do: Divulge your personal banking
information such as your debit card information, citibank.com
username/password
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-10-04_Citibank/11-10-04_
Citibank.html
I.4 People's Bank - 'New Mail from People'
The Bait: It arrives in an email asking that you confirm immediately
with your People's Bank account
What it tries to make you do: Divulge your debit card information.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-15-04_Peoples_Bank/11-15-04_Peoples_Bank.html
I.5 Suntrust Bank - 'Internet Banking
with Bill Pay Fees Waived'
The Bait: According to the email it will waive your monthly Bill
Pay fees on Internet Banking
What it tries to make you do: Divulge your credit/debit card
information
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-16-04_Suntrust/11-16-04_Suntrust.html
I.6 Citibank - 'Your online activity confirmation'
The Bait: Sending you an email telling you that your Citibank account
is on a hold status for maintenance
What it tries to make you do: Divulge all your personal information
such as credit card information, SSN, citibank.com
username/password, contact information (name, address, etc.)
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-17-04_Citibank/11-17-04_Citibank.html
I.7 eBay - 'Account Suspension Notice - Section 9'
The Bait: Sending you an email telling you that your eBay account has
been suspended due to a violation of eBay's site policy
What it tries to make you do: Divulge your eBay username/password and
email address
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-18-04_Ebay/11-18-04_Ebay
..html
******************************
II. Virus/Hoax Alerts:
II.1 Sophos: Training course emails are a scam
The Bait: An offering for training for well-paid jobs in the
financial sector.
What it tries to make you do: Sign up for a training course
that it claims will lead to a job with the financial
institution Credit Suisse.
Where you can learn more about this scam:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1022149,00.html
II.2 W32.Sober.I@mm
The Bait: An unexpected email that arrives in your mailbox with
various subject lines such as 'hi there', 'Registration
confirmation', etc.
What it tries to make you do: Open the attached file, and
if you do, and follow the instructions, it infects your
machine with this virus.
Where you can read more on this story:
http://www.symantec.com/avcenter/venc/data/w32.sober.i@mm.html
II.3 SymbOS.Skulls
The Bait: An extended theme for your cell phone
What it tries to make you do: Get you to download a new feature
for your phone and install it. The new "feature" replaces the
Phone's system files.
Where you can read more on this story:
http://securityresponse.symantec.com/avcenter/venc/data/symbos.skulls.html or
http://www.gcn.com/vol1_no1/security/27982-1.html
II.4 The latest version of the Mydoom virus suggests to security
experts that a much-anticipated "zero day" attack may have already
arrived.
"Zero day" refers to an exploit, either a worm or a virus, that
arrives on the heels of, or even before, the public announcement
of a vulnerability in a computer system. This week's version of
Mydoom appeared only two days after a security flaw in Windows
Internet Explorer was made public by two hackers, according to
experts.
Where you can read more on this story:
http://enterprisesecurity.symantec.com/content.cfm?articleid=5054&PID=18
2998&EID=796
II.5 W32/Mydoom.ah@MM
The Bait: Receiving an unexpected email that states "Congratulations!
PayPal has successfully charged $175 to your credit card"
What it tries to make you do: It tries to make you click on a link
provided within email.
Where you can read more on this story:
http://vil.nai.com/vil/content/v_129631.htm
******************************
III. Covert phishing scam lies in wait for its victims:
According to experts, this is a low risk for now, but this could be a
sign of worse things to come. Experts have detected a phishing
scam that will not require you to click on a link in the email
in order to gather your personal data while banking online.
It works by installing a diverter script on your browser so that
when you try to go to your bank's website, you are diverted to
the phisher's fake website which appears identical to your bank's.
Where you can read more on this story:
http://software.silicon.com/security/0,39024655,39125549,00.htm
******************************
IV. Important Phishing Information:
IV.1 What To Do If You've Given Out Your Personal Information
If you have been tricked by a phishing method into giving out your
personal financial information, do not wait for things to happen
or wait for the problem to resolve itself. Take immediate action
to protect your identity and your money.
Click on the following link for advice on what to do if you are in
this situation.
http://www.antiphishing.org/consumer_recs2.html
IV.2 Identity Theft Help Sites
The following links are provided to assist you in case of Identity
Theft.
*
http://www.consumer.gov/idtheft/
*
http://www.identity-theft-help.us/
*
http://www.identitytheft.org/
*
http://www.usdoj.gov/criminal/fraud/idtheft.html
*
Canadians will find the following side especially valuable:
IV.3 Things you should do to protect yourself:
- Since most of the phishing emails come through spam, get
a spam filtering software program and install it on your computer.
- If you suspect a phishing attempt, report it immediately to
your bank. Every bank web site has a link or a toll-free
number to report scams. Don't be embarrassed if you were
tricked into divulging account information. If you report
it immediately, your account will be protected until you
receive a new PIN.
- Change your password and PINs regularly. Banks advise that
you use separate PINs and passwords for different accounts.
That way, if one gets compromised, your entire financial life
won't be revealed.
- If you are a frequent user of eBay, download its Web
browser toolbar, a small program that runs with a
user's Web browser. It flashes red when the user visits
a possible spoof site. The toolbar uses a database of
spoof site URLs submitted by customers, and is updated
quite often.
- Check your computer frequently for possible virus infection with
an anti-virus software program.
- Regularly update your browser with patches.
- And more ideas from InfoWorld
http://www.infoworld.com/article/04/11/01/HNonlineidtheft_1.html
******************************
V. Boston police have arrested an alleged phishing scam artist. Andrew
Schwarmkoff has been arraigned on counts of fraud, larceny, identity
theft and receiving stolen goods. Schwarmkoff, who is alleged to
be a Russian mobster, was ordered held in lieu of US$100,000 bail.
Where you can read more on this story:
http://www.techweb.com/article/printableArticle.jhtml?articleID=52600627&site_
section=700028
http://asia.cnet.com/news/security/printfriendly.htm?AT=39200964-39037064t-
39000005c
******************************
VI. Many Users Replacing Internet Explorer
The Washington Post reports that after Microsoft cemented a monopoly
of the Web-browser market, it let Internet Explorer (IE) go stale,
parceling out ho-hum updates that neglected vulnerabilities routinely
exploited by hostile Web sites.
Then came FireFox, the latest in web browsers. Firefox blocks pop-up
ads automatically, does not use Active X (which has been known to
cause problems), and resists "phishing" scams, in which con artists
lure users into entering personal info on fake Web pages.
Where you can read more on this story:
http://www.washingtonpost.com/wp-dyn/articles/A47146-2004Nov13.
html?sub=new
(This site requires registration)
Editor's Note (Paller): FireFox, like IE, has security
vulnerabilities.
Another IE alternative is the Opera browser (www.opera.com) which
will probably be found to have security flaws, as well.
******************************
VII. Alliance Formed to Fight ID Theft, Phishing Schemes
Five online security software and service providers have formed the
Anti-Fraud Alliance Group in order to help e-commerce and financial
services firms fight fraudulent online activities such as phishing
and identity theft.
Where you can read more on this story:
http://enterprisesecurity.symantec.com/content.cfm?articleid=5077&PID=182998&EID=799
==end==
Copyright 2004,
The SANS
Institute. Permission is hereby granted for any
person to redistribute this in whole or in part to any other persons
as
long as the distribution is not being made as part of any commercial
service or as part of a promotion or marketing effort for any
commercial
service or product.
|
|
|
|
|
