The Phisher King is Back

I’m glad to report Australian phisher king Daniel McNamara has revived his Code Phish website which dissects phishing attacks and associated scams. He’s just taken a close peek at one ‘mule ad’ (as I call them) or job scam as he calls them: DHL Mail Job Scam.  These are efforts by the phishers to repatriate their illicit … Read more

Fame At Last, Or Under Attack?

Here’s an example of how social engineering can be more important than technical sophistication. It’s an email with a credible from address, credible header, credible subject line, credible contents: From: john@flexiprint.co.uk Subject: Photo Approval Needed Hello, Your photograph was forwarded to us as part of an article we are publishing for our May edition of … Read more

Putting Phishers In The Banking Frame

Phishers are smart, and banks are dumb. At least, it seems that way. Here’s another example of what’s called a cross site scripting vulnerability attack, which basically lures the victim to what seems, both in the phishing email and in the website it links to, to be a genuine website belonging to Charter One Bank. … Read more

Phishing Gets Proactive

Scaring the bejesus out of a lot of security folk this weekend is a new kind of phishing attack that doesn’t require the victim to do anything but visit the usual websites he might visit anyway. It works like this: The bad guy uses a weakness in web servers running  Internet Information Services 5.0 (IIS) and … Read more

Spam And Social Engineering

(Please see a subsequent post on this: Apologies for getting it wrong and thanks to everyone for writing in) Spam always surprises. This morning I got an HTML email from seemingly credible email address with just one line in it: http://drs.yahoo.com/jeremywagstaff.com/NEWS Hmmm, I thought, my name! I was almost going to click it, but then … Read more