Money, Oil and Politics > Money... Money... Money...
SPAM SCAM and make BANK
sky otter:
http://www.bbc.co.uk/news/technology-21058591
17 January 2013 Last updated at 07:21 ET
'Nightclub bouncer' phishing scam found by researchers
If your name's not down... you are not getting phished by the criminals behind this attack.
Cyber-criminals have invented a cunning new method of targeting victims by developing a system that behaves like a bouncer at an exclusive nightclub.
Security firm RSA revealed how attackers assigned targets with a unique ID, meaning the scam could be aimed at specific people.
If a person's ID was not on the list, their computer would not be affected.
RSA said the advanced threat posed a new "detection challenge" to the security industry.
In a blog post, RSA cybercrime specialist Limor Kessem wrote: "As we adapt and improve our detection systems, we are reminded that in the never-ending cat-and-mouse game, only the nimble will survive."
The so-called Bouncer Phishing Kit targets preset lists of email addresses. For each target, a unique ID is automatically generated, creating a unique web address for the user to click on.
If someone has an ID that does not match the list of intended targets, they will simply be presented with a 404 Error page, and will be unharmed.
If, however, a person is one of the unfortunate ones, the same page will instead spring into life as an "attack page" ready to steal user credentials.
Using this method means attackers can harvest data from certain groups of users, rather than having to sift through large amounts of data.
For example, the Bouncer Phishing Kit could be used to gather personal details on people in one particular country.
"It holds this [bouncer] moniker because much like many high-profile night-time hotspots - if your name is not on the list, you're staying out," Mr Kessem said.
"Traditional phishers like to cast as wide of a net as possible.
"But with this tactic the phisher is laser-focusing the campaign in an effort to collect only the most pertinent credentials for his purposes.
"Keeping out uninvited guests also means avoiding security companies and prompt take-downs of such attacks."
Phishing is a growing problem for internet users. According to RSA's data, attacks of this type were up 59% in 2012 compared with the previous year, and cost the global economy $1.5bn (£940m).
What is phishing?
Phishing is a tactic used by cybercriminals to trick users into sharing personal data.
Typically, this is by pretending to be a legitimate website - such as as popular social network, or online banking. Assuming they are on the real site, users will enter their username and password, only for them then to be stolen.
Other phishing attacks can make use of emails designed to look like they come from a trustworthy source.
Internet users can take several common-sense steps to prevent being caught out, such as double-checking web addresses look legitimate, rather than a misspelling such as Facebok.com.
Using the latest version of your internet browser, as well as up-to-date security software, will give you extra help.
The UK Payment Council has set up a website with advice on how to stay protected from phishing scams.
More on This Story
Related StoriesThe hackers' seven deadly sins 16 DECEMBER 2012, TECHNOLOGY
Police in Facebook global arrests 12 DECEMBER 2012, TECHNOLOGY
Fraudsters phishing for pop music
From other news sitesTechworld.com
Phishing sites use whitelisting to keep out unwanted victims
7 hrs ago
http://www.bbc.co.uk/news/technology-21058591
Amaterasu:
From: http://www.rumormillnews.com/cgi-bin/forum.cgi?read=268518
--- Quote ---FROM TERI HINKLE:
EXTREME CAUTION, BANKSTER ALERT!
Today a friend called to say that when his wife went down to their bank, Nashville Bank in Tenn. to renew the equity line of credit on their home she came home and told him to go up to the bank and sign the papers. His name has never been on the loan so he went to the bank to straighten everything out. When he got there and he was given the papers his wife had signed he found that on the bottom of every page in BOLD type it said that:
BY SIGNING THIS AGREEMENT YOU WAIVE YOUR RIGHT TO A JURY TRIAL IN REGARD TO ANY AND ALL EVENTS AND OR CLAIMS WHICH MAY ARISE FROM IT
Fortunately my friend is far to savvy to have fallen for that. He threw a fit and demanded the bank explain what they thought they were trying to pull. The loan officer called the main branch and then said, well we could take that off of there....( DUH! )
DO NOT UNDER ANY CIRCUMSTANCES SIGN ANY DOCUMENT WITH EVEN SIMILAR LANGUAGE TO THAT ON IT. By signing that agreement they would have been waiving all their rights to due process under the law and our Constitution. If the smaller banks like Nashville Bank are attempting this kind of entrapment you can bet the BIG BANKS LED THE WAY!
If you have inadvertently signed such a document in the last three days get your butt back down to the bank and exercise your three day right to rescission!
This is unconscionable and cannot be tolerated. If the fraudster banks can get you to renew your loans and or mortgages with language like that in the documents they have carte blanche ability to STEAL EVERYTHING YOU HAVE and you have NO POWER TO STOP THEM AND NO RECOURSE AFTERWARD!
--
Teri
--- End quote ---
zorgon:
SPAM SCAM and make BANK
Anyone haz an empty bank account and wants to play?
::)
Here is the latest email..
I am BD SAN a uk radiologist student.
Can you help me. I have access to my late fathers accounts and passwords containing millions of dollars in usa. Am ready to share this with you if you can help me as i have a lot to unfold to you as with your agreement I want to start making transfers to your account you will provide.
Please respond immediately via my email so that i will fill you in with further details.
Sincerely yours,
BDSAN@radiologist.net
The Seeker:
Dang, Z, I think we all have basically empty bank accounts these days :o
but I wouldn't even want to play with this turkey unless I had a false account set up and there was absolutely no chance that any of us could ever be identified or located 8)
would be fun to snare some con artist in a trap...
seeker
ArMaP:
I don't have a bank account. :)
Navigation
[0] Message Index
[#] Next page
Go to full version