You’ve seen the email subject lines: PAYMENT REPRESENTATIVE NEEDED! JOB ALERT! CONGRATULATION FROM: THE TREASURYLINE BOARD These are spammed emails claiming someone has discovered unclaimed money, found you a job, or needs someone in the US to receive a $10 Million dollar bank transfer. These are usually called 419 Scams…

Hello, you’ve reached _______ Bank: If you would like to check your balance, press 1. To be connected to an operator, press 2. To compromise your banking account, enter your 16 digit card number followed by the expiration date. No, I didn’t make up the name for this new type…

Back in April, fellow blogger Matt was theorizing about a new type of phishing where the phish used a phone system to obtain your information rather than stealing it through a website. Well, it looks like that theory has become reality. Recently a phishing email was detected that didn’t ask…

Here is an example of some person’s home machine hosting a phish: Phishers often use automated scanners to find, exploit and load phishing kits onto compromised machines. As you can see, this phisher loaded five phishing kits on this one compromised system: two eBay phishes, one paypal phish, and two…

While spammers sell more the more they spam, the opposite is true for phishing. We know spam when we see it. Most of us don’t like it, but let’s face it, there are some people out there who buy what is advertised. If that were not the case, spammers would…

Years back, spotting a phish was easy — simply look for typos. Today, not so easy — unless you get one like this, which will both prevent you from logging in and probably make you laugh:

Wired reports that Blue Security has escalated the fight against spam by sending mass quanities of email to the spammers themselves: Blue Security’s controversial method uses reverse spam, if you will, returning massive quantities of opt-out messages to companies it identifies as spammers. But the spammers seem to have found…

Recently I started investigating checking account options at various banks. So when I just received an email from Chase Online Banking I thought nothing of clicking it. Immediately after, I realized I’d written to Citibank and that I never have even been to Chase’s website. Argggh. And, on my personal…

Recently, I received an email from a favorite online store of mine, warning me that my order is on hold and that I need to call American Express to authenticate and validate the charge. In the email I was provided a phone number and a case number. It was presumably…

Secunia is reporting about an IE address bar spoof that looks very serious. I’m sure phishing groups will include this in their phishing attack kits shortly. We’ll keep an eye out for phishers using this attack and post more information/update this blog as we see it. Details from the Secunia…

Recently I’ve noticed a proliferation of spam messages coming to my Yahoo! mail that appear to come from a Yahoo! address – most often "info@yahoo.com." It’s easy to see why someone newish to the Internet might worry that these are official messages from Yahoo! In this posting, I’ve attached a…

I’ve been the unlucky recipient of quite a lot of junk mail recently. Today I was nearly fooled into clicking a link in an alleged "Yahoo! Greetings" email, which likely would have launched a virus. In a quick glance, it occured to me the message must be from a friend…

IT Vibe reports that 58% of computer users receive one Phishing email per day. This information was gathered through a web poll of 600 business PC users. I get a lot of phishing emails myself, but I want to see them so I know who’s being phished and what the…

Brian Krebs from the WP explains "one of the ‘best’ phishing attacks" he’s ever seen. This one is a very legit looking website, it claims to be related to the "Verified by Visa" program and uses a valid SSL certificate to appear even more realistic. Check out the screenshots as…