Online Fraud
https://forums.symantec.com/t5/Online-Fraud/bg-p/online_fraud
Online FraudWed, 07 Jan 2009 07:55:40 GMTonline_fraud2009-01-07T07:55:40ZPhishing Attacks Utilizing Port Numbers
https://forums.symantec.com/t5/Online-Fraud/Phishing-Attacks-Utilizing-Port-Numbers/ba-p/374610
There are varying types of technologies used by online attackers these days. There are old tricks and of course new ones, but it is the newer ones that make it even more difficult to handle the dilemmas faced in the world of Internet security. One of the trends of attack that was noticed a little while ago was an attack based on a website’s “port number.”Tue, 23 Dec 2008 21:00:55 GMThttps://forums.symantec.com/t5/Online-Fraud/Phishing-Attacks-Utilizing-Port-Numbers/ba-p/374610Sai Nayaran Nambiar2008-12-23T21:00:55ZIDNs in Phishing
https://forums.symantec.com/t5/Online-Fraud/IDNs-in-Phishing/ba-p/372325
What is an IDN? IDN stands for “internationalized domain name.” These are the domain names that contain one or more characters that do not belong to a Latin-based western language (or characters that are not available in the ASCII character set).Fri, 12 Dec 2008 17:47:58 GMThttps://forums.symantec.com/t5/Online-Fraud/IDNs-in-Phishing/ba-p/372325Mathew Maniyara2008-12-12T17:47:58ZReactive Phishing Defenses - Part 2
https://forums.symantec.com/t5/Online-Fraud/Reactive-Phishing-Defenses-Part-2/ba-p/361015
My previous blog article was intended to highlight two new features observed in a number of phishing kits that held the aim of making the lives of security analysts more difficult. I want to now focus my attention on another trick that has been used in phishing kits in order to protect the attack against a technique called "dilution."Mon, 27 Oct 2008 18:01:57 GMThttps://forums.symantec.com/t5/Online-Fraud/Reactive-Phishing-Defenses-Part-2/ba-p/361015Antonio Forzieri2008-10-27T18:01:57ZA Guide for Beating Phishing Attacks
https://forums.symantec.com/t5/Online-Fraud/A-Guide-for-Beating-Phishing-Attacks/ba-p/359720
Phishing is a way for individuals who are known as "phishers" to obtain your private information such as bank account details and passwords. Phishing messages come in the form of an email message that is directed to you and appears to be from a reputable company or business-often one that you have an association withTue, 21 Oct 2008 23:37:52 GMThttps://forums.symantec.com/t5/Online-Fraud/A-Guide-for-Beating-Phishing-Attacks/ba-p/359720Kelly Conley2008-10-21T23:37:52ZReactive Phishing Defenses – Part 1
https://forums.symantec.com/t5/Online-Fraud/Reactive-Phishing-Defenses-Part-1/ba-p/354065
A "phishing kit" is small piece of software usually written in PHP, HTML, and JavaScript that mimics legitimate portals (for example, financial institution websites) in order to acquire sensitive information such as usernames, passwords, and credit card details.Tue, 30 Sep 2008 17:49:01 GMThttps://forums.symantec.com/t5/Online-Fraud/Reactive-Phishing-Defenses-Part-1/ba-p/354065Antonio Forzieri2008-09-30T17:49:01ZDid You Catch Some Phish?
https://forums.symantec.com/t5/Online-Fraud/Did-You-Catch-Some-Phish/ba-p/353848
The evolution of a phishing attack is quite straightforward. At first, the fraudsters compromise a vulnerable server and deploy a package called a "phishing kit," which contains a clone application of the targeted institution. Then, mass mailing activities, with the aim of reaching a large number of recipients, are accomplished.Mon, 29 Sep 2008 23:22:15 GMThttps://forums.symantec.com/t5/Online-Fraud/Did-You-Catch-Some-Phish/ba-p/353848Davide Veneziano2008-09-29T23:22:15ZTravel the World without Moving - Literally!
https://forums.symantec.com/t5/Online-Fraud/Travel-the-World-without-Moving-Literally/ba-p/344393
Back in the 90's, Jamiroquai had a hit album named "Travelling without Moving." The title gives an apt description of some of the fantastic things that you can now do on the Internet. For example, we can now literally travel the world without moving beyond the comfort of the armchair.Tue, 19 Aug 2008 15:58:50 GMThttps://forums.symantec.com/t5/Online-Fraud/Travel-the-World-without-Moving-Literally/ba-p/344393Hon Lau2008-08-19T15:58:50ZBuyer Beware - Scam Olympic Ticketing Sites About
https://forums.symantec.com/t5/Online-Fraud/Buyer-Beware-Scam-Olympic-Ticketing-Sites-About/ba-p/340914
A timely warning to those wishing to purchase last minute tickets for the Beijing Olympic Games of 2008 to beware of scams and rip offs. There are some fake but very well crafted ticketing Web sites that have been duping unsuspecting members of the public out of their hard earned cash by posing as legitimate suppliers for Olympic events.Mon, 04 Aug 2008 18:19:56 GMThttps://forums.symantec.com/t5/Online-Fraud/Buyer-Beware-Scam-Olympic-Ticketing-Sites-About/ba-p/340914Hon Lau2008-08-04T18:19:56ZFrom Russia with Love
https://forums.symantec.com/t5/Online-Fraud/From-Russia-with-Love/ba-p/324802
We’ve all done foolish things for romance. The exhilaration of discovering a new partner is one of the more exciting feelings in the human experience. However, this flutter of emotions can also drive us to distraction -- so much so that reason and logic are often thrown out at its height.Fri, 23 May 2008 11:43:40 GMThttps://forums.symantec.com/t5/Online-Fraud/From-Russia-with-Love/ba-p/324802Ben Nahorney2008-05-23T11:43:40ZPolitical Implications of Cross-Site Scripting
https://forums.symantec.com/t5/Online-Fraud/Political-Implications-of-Cross-Site-Scripting/ba-p/317883
On the eve of the much anticipated Pennsylvania Democratic Primary, we received public reports of a series of cross-site scripting vulnerabilities that affected Barack Obama's campaign Web site. We also saw reports of these vulnerabilities being disclosed publicly on the XSSed.com Web site. The corresponding code to exploit the vulnerabilities was used to redirect users to Hillary Clinton’s Web site.Mon, 21 Apr 2008 23:53:38 GMThttps://forums.symantec.com/t5/Online-Fraud/Political-Implications-of-Cross-Site-Scripting/ba-p/317883Zulfikar Ramzan2008-04-21T23:53:38ZPhishing for Easter Eggs
https://forums.symantec.com/t5/Online-Fraud/Phishing-for-Easter-Eggs/ba-p/310235
There are hundreds of ready-for-use phishing kits available on the Internet. At the beginning of this month, a list with more than 400 links had been circulated on mailing lists and forums. Some kits areFri, 14 Mar 2008 07:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/Phishing-for-Easter-Eggs/ba-p/310235Candid Wueest2008-03-14T07:00:00ZTrojan.Trafbrush: Providing Click Fraud Services to Affiliates
https://forums.symantec.com/t5/Online-Fraud/Trojan-Trafbrush-Providing-Click-Fraud-Services-to-Affiliates/ba-p/310234
My colleague, Takashi Katsuki, posted a blog that describes how Trojan.Farfli provides a service to affiliates, which allows them to increase the number of hits for an affiliate’s tracker. Recently I came across another Trojan,Wed, 12 Mar 2008 07:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/Trojan-Trafbrush-Providing-Click-Fraud-Services-to-Affiliates/ba-p/310234Chen Yu2008-03-12T07:00:00ZHow to Prevent Buying a Fake Jeep - Trojan.Bayrob
https://forums.symantec.com/t5/Online-Fraud/How-to-Prevent-Buying-a-Fake-Jeep-Trojan-Bayrob/ba-p/306208
Tips to Avoid Fake Auctions We have previously discussed Trojan.Bayrob without describing the entire attack from end to end. This article will show how the entire scam works from initial contact right through to theWed, 05 Mar 2008 05:07:51 GMThttps://forums.symantec.com/t5/Online-Fraud/How-to-Prevent-Buying-a-Fake-Jeep-Trojan-Bayrob/ba-p/306208Liam O Murchu2008-03-05T05:07:51ZDo as I Say, Not as I Do
https://forums.symantec.com/t5/Online-Fraud/Do-as-I-Say-Not-as-I-Do/ba-p/306228
While there are various ways for attackers to trick users into disclosing their authentication credentials, phishing remains one of the most popular. Our spam traps caught a series of emails purporting to be from aMon, 03 Mar 2008 08:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/Do-as-I-Say-Not-as-I-Do/ba-p/306228Silas Barnes2008-03-03T08:00:00ZOnline Casinos an Easy Bet for Phishers
https://forums.symantec.com/t5/Online-Fraud/Online-Casinos-an-Easy-Bet-for-Phishers/ba-p/306227
We are currently in the process of compiling the upcoming Symantec Internet Security Threat Report. I am putting together the phishing sections for the Asia-Pacific and Europe, Africa, and Middle East ISTRs. One of theWed, 27 Feb 2008 08:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/Online-Casinos-an-Easy-Bet-for-Phishers/ba-p/306227Marvin Fabuli2008-02-27T08:00:00ZYou’re Under Investigation!
https://forums.symantec.com/t5/Online-Fraud/You-re-Under-Investigation/ba-p/306226
Earlier this afternoon in Italy hundreds of thousands of people received an email from a “friend” stating (approximately) the following: You’re under investigation! Hide everything and be quick!!! Your name appeared this morning together withFri, 22 Feb 2008 08:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/You-re-Under-Investigation/ba-p/306226Andrea DelMiglio2008-02-22T08:00:00ZPhish ‘n’ Exploit
https://forums.symantec.com/t5/Online-Fraud/Phish-n-Exploit/ba-p/306225
How many of us click on the links sent to us by trusted friends? Does the trust implicitly extend to the links they are sending? This trust is precisely what phishers take advantage of. TraditionallyThu, 21 Feb 2008 08:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/Phish-n-Exploit/ba-p/306225Nishant Doshi2008-02-21T08:00:00ZWorld of PhishCraft
https://forums.symantec.com/t5/Online-Fraud/World-of-PhishCraft/ba-p/306224
It is surely of no surprise, especially to regular readers of our Weblog, that not only banks are targeted by phishing attacks, but nearly anything that can be scammed. We already commented on the riseFri, 15 Feb 2008 08:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/World-of-PhishCraft/ba-p/306224Candid Wueest2008-02-15T08:00:00ZJaseZone? More like FakeZone.
https://forums.symantec.com/t5/Online-Fraud/JaseZone-More-like-FakeZone/ba-p/306223
We all know that there is a certain amount of risk we have to accept when we place personal information on a Web site, including the possibility that someone may use that information without ourFri, 25 Jan 2008 08:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/JaseZone-More-like-FakeZone/ba-p/306223Silas Barnes2008-01-25T08:00:00Z"Referer" Field Used in the Battle Against Online Fraud
https://forums.symantec.com/t5/Online-Fraud/quot-Referer-quot-Field-Used-in-the-Battle-Against-Online-Fraud/ba-p/306221
The "referer" [sic] header is generally used to track back-links in order to understand how a certain Web site is being reached by its visitors (hyperlinks on other Web sites, search engines, etc.) According toThu, 10 Jan 2008 08:00:00 GMThttps://forums.symantec.com/t5/Online-Fraud/quot-Referer-quot-Field-Used-in-the-Battle-Against-Online-Fraud/ba-p/306221Andrea DelMiglio2008-01-10T08:00:00Z
