'Tis the season for phishing scams. You've probably already seen quite a few here and there, and now there's another one to add to the list. There's a license key scam swirling around inboxes from scammers claiming to be Adobe, straight from the company itself.
Knowledge is power, and Spiderman always said that great power came with great responsibility, but what we're learning this week isn't making us feel proactive -- instead it's making us want to don our tinfoil hats and curl up in a ball in the deepest corner of our darkest closets. A day after Google filled us in on just how many speech-squashing takedowns it gets from the U.S. government, the company pulled the curtain even farther with a blog post this morning sharing just how many badware-peddling sites are online. It's a lot.
Give a man a virus and he'll wreak havoc on a single machine. But teach a man to phish and, well, he'll become a pain in the ass for potentially thousands of computer users. Unfortunately, phishing is a 'skill' every two-bit hacker acquires right off the bat, but not all of them move on to bigger and more insidious things. Some phishers concentrate on honing their craft in hopes of not only ensnaring the gullible and less computer savvy, but even sophisticated ones. Security firm ESET warns of a new phishing method that has popped up in the last few weeks.
Thirty-four-year-old Tien Truong Nguyen is finding out the hard way that you shouldn't do the crime if you can't do the time. U.S. District Judge Morrison England Jr. ruled that Nguyen was in fact guilty of scamming more than 38,000 victims by designing copycat banking websites intended to dupe users into inputting their personal information, and ordered him to serve 12 years in prison.
There are a million different ways malware can be delivered to your PC (or so it seems), yet the easiest way to spread foul files is to go phishing. It doesn't require exploiting any vulnerabilities or coding clever workarounds, and instead puts the onus on PC users to educate themselves on safe computing practices, a fundamental skill still largely in short supply. It's also the method Skype scammers are using, only the bait has changed.
Sony just can't catch a break. Just as the Japanese company was pulling itself out of the hole following the PSN and SOE hacks, a phishing site has been found living on Sony's servers. The site is hosted on a sub-domain of Sony's official Thailand site. Who's running this company's servers anyway?
Any power user who's ever fixed a friend or family member's PC or worked a job in IT knows that less savvy computer users are easy targets for spreading malware. But just in case there was any doubt, PhishMe, a provider of anti-phishing training, announced the results from its free online game intended to assess a player's phishing knowledge. The results? Not good, but you'll have to hit the jump to see how bad participants fared.
Most of those charged by the US authorities, including many Russian nationals, acted as “money mules,” or money-laundering agents, merely concerned with moving stolen funds for their Zeus-armed clients.
“The mule organization typically recruited mules from Eastern Europe who were either planning to travel to or were already present in the United States on J1 visas,” reads one of the complaints in the matter.
"The mules kept a portion of the fraudulent proceeds for themselves -- usually 8 to 10 percent -- and transferred the rest to other participants in the fraudulent scheme."
The trojan, which mainly spreads through phishing and drive-by download attacks, is said to have helped thugs rake in over $200 million since 2006.
Let's cut right to the chase -- according to security firm Panda Security, the infamous Nigerian scam ranks as the decade's most popular online ploy to swindle victims.
"This was the first type of scam to appear on the Internet and continues to be widely used by cybercriminals today," Panda Security says.
Coming in second are lottery-based scams, in which potential victims receive an email claiming that they won the lottery. The ones that fall for it end up sending out something like $1,000 to supposedly cover bank related fees and other expenses in order to transfer the winnings, only the victim never sees a dime.
"As with all the classic scams that predate the Internet, many of the numerous users that fall for these tricks and lose their money are reticent to report the crime," says Luis Corrons, technical director of Panda Labs. "If recovering the stolen money was difficult in the old days, it is even harder now because criminals' tracks are often lost across the Web. The best defense is to learn how to identify these scams an avoid taking the bait."
If you have a PayPal account connected to your iTunes login, now might be the time to decouple the two for a bit. At least one group of scammers has managed to find a security hole allowing them to charge thousands of dollars to users' iTunes accounts via PayPal. In some cases the amounts taken were obscene, with one would-be victim telling TechCrunch, "My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised." This user was able to keep his bank from disbursing funds to PayPal, but others are not so lucky.
Users are reporting all over the web that PayPal is promising to contact Apple to investigate the issues. PayPal seems to be working to set things right for their customers, but Apple hasn't been involved as of yet. Have you been a victim of this offense? Let us know in the comments who you've talked to, and what they told you.