Fake PayPal 'Cancel Payment' Phishing Scam
Mar 5, 2014 - "Email purporting to be from PayPal claims that the recipient has sent a payment to a specified merchant and offers instructions for cancelling the payment if required... The email is a phishing scam designed to trick recipients into divulging their PayPal account login details and a large amount of personal and financial information. All of the information supplied will be sent to online criminals and used to commit financial fraud and identity theft. The merchant or seller specified in the messages may vary in different incarnations of the scam. If you receive one of these bogus emails, do not click on any links or open any attachments that it contains...
... Those who do click will be taken to a -bogus- website and asked to supply their PayPal email address and password on a fake login box. After logging in, they will be presented with the following web form, which asks for a large amount of personal and financial information:
... All of the information supplied can be harvested by criminals and used to hijack the compromised PayPal accounts, commit credit card fraud and steal the identities of victims... If a PayPal phishing scam email hits your inbox, you can submit it to the company for analysis via the email address listed on the company's phishing information page*. A quick rule of thumb. PayPal emails will ALWAYS address you by your first and last names or business name. They will never use generic greetings such as 'Dear customer'. Nor will they omit the greeting..."
Fake Orange MMS SPAM
5 Mar 2014 - "A horribly managed spam turned up in my inbox, claiming to be an MMS message from Orange UK. Well, at least that's what it looked like when I got the HTML to render properly enough to make it readable..
Date: Wed, 5 Mar 2014 09:14:13 +0000 [04:14:13 EST]
From: mms.service3694@ mms. Orange .co .uk
Subject: IMAGE Id 889195266-PicFFY2C TYPE=MMS
Received from: 447457714595 | TYPE=MMS
There's meant to be an embedded image, but it is completely corrupt. Not that it makes much difference..
Attached is a file called bulger,jpg which is actually a ZIP file, so you have to -rename- it from .jpg to .zip in order to infect yourself. (?) Some assembly is required in this case.. Anyway, once you have done all that and unzipped it, you get a malicious file IMG0000002993.exe which has a VirusTotal detection rate of 17/50*. The Malwr report** shows that the malware attempts to connect with a bunch of IPs that mostly look like dynamic ADSL subscribers. This sort of behaviour looks like P2P/Gameover Zeus or something similar."
Also see: http://threattrack.tumblr.com/post/78565844188/orange-mms-message-spam
Mar 4, 2014