UGN Phishing & Online Crime Reports UGN Phishing & Online Crime Reports
criminals want your identity... they'll stop at nothing to get it. BEWARE
The following are the latest developments in the computer industry's war on Phishing -- which has now become one of the most dangerous threats against computer users. Understand what it is, and help your friends, neighbors and relatives learn and understand as well...
Show the world you don't like online criminals with our anti-phishing buttons and stickers!
Table of Contents
An ongoing phishing attack against Citibank is using man-in-the-middle tactics to defeat two-factor authentication and gain access to online banking accounts. Netcraft - UK
There's been a lot of heavy breathing in recent days about phishing attacks that target two factor authentication technology used by banks and financial Web sites -- Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called "two-factor authentication" -- the second factor being something the user has in their physical possession like an access card
SANS ISC pointed out months ago, two factor authentication isn't a magic bullet, its just another roadblock for fraudsters to have to navigate around. See: blog.washingtonpost.com for info on "two factor" security. InfoWorld - San Francisco, CA, USA
Nearly three-dozen phishing Web sites are scamming Citibank business customers with a new scheme that hijacks accounts even though the users are protecting their information with state-of-the-art two-factor authentication InformationWeek - Manhasset,NY, USA
A recent phishing scam targeting Citibank and OCBC Bank customers went a step beyond most by spoofing two-factor identification. Security Pronews - Lexington,KY, USA
Security experts have detected a new type of phishing attack that could render two-factor authentication useless. A dual factor VNUNet.com - UK
Websense security labs reported Monday that phishing attacks against Google have increased in sophistication. www.websense.com offers the same story, with a picture of the actual graphic the criminals are using. An "error" occurs, taking you to another screen. Read this article.
Outer Court - USA covers same story: According to Vnunet, a current phishing campaign is targeting Gmail users specifically. First, 'lucky' Gmail users will get an email like the following: You won $500! Gmail congratulates you! ...
www.net-security.org offers More in-depth coverage eWeek - Woburn,MA, USA
Secure Computing Corporation, the experts in securing connections between people, applications and networks -- The cybercriminal configures a war dialler (sequentially dials regional phone numbers) to call phone numbers in a given region. When the phone is answered, an automated recording is played to alert the consumer that their credit card has had fraudulent activity and the consumer should call the following phone number immediately. The phone number could be an 0800 number often with a spoofed caller ID for the financial company they are pretending to represent. Computer Crime Research Center - Ukraine
Van Cutter Romney asks: I've received a lot of phishing IMs on my Yahoo! Messenger from contacts whose accounts I guess have been hacked into. Slashdot - USA
PayPal customers are being targeted by a new type of phishing email that tries to trick users into calling a phone line to confirm their credit card details. The email, which purports to come from PayPal , claims that the recipient's account has been the subject of fraudulent activity. However, unlike normal phishing emails, there is no internet link or response address. Instead, the email directs the recipient to call a phone number and verify their details.
Also see: Voice Phishing Hits PayPal, Slashdot, and Sophos: Sophos recommended the Apple Computer and Mac OS X to consumers for better security, they are now warning the web users of a possible PayPal phone phishing scam -- BusinessWeek offers its own spin on the story... Phishing attacks aren't just for e-mail anymore. ... Those remain the easiest and most common form of phishing attack. FILTERING CALLS. I.T. Vibe - UK
Voice phishing is dangerous because although most Internet users won't click on a URL in an e-mail, they're quite accustomed to entering credit-card or account over the phone. ...
* VoIP News: VoIP Phishing Scams - Don't Get Hooked!
* One Stop Click: VoIP users warned over 'vishing' scams
* PC World: Related to phishing scams, the new scheme uses cheaply obtained VoIP numbers as bogus credit card or financial services telephone numbers ... InformationWeek - Manhasset,NY, USA
Scams so common they just seem like background noise -- It's sad when a scam becomes the norm -- Unfortunately, that's the problem with scams like phishing or those Nigerian money letters. They happen so often that we've come to accept them as a somewhat deviated part of our normal world. Arizona Republic - Phoenix,AZ, USA
Please share your concerns or discoveries, we're listening.
Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director