Ongoing Phishing Attack targeting PayPal, Bank of America, Lloyds and TSB

This new story by US-CERT shows they have become aware of reports on a new phishing attack. Apparently it's bypassing some of the new phishing protection built-in to many browsers. The team at CudaMail have also noted the new campaign (fortunately with a global network of 100,000 spam firewalls feeding "zero hour" threat information to the reputation database, it begins thwarting such campaigns very early), and have been successfully blocking it.

The US-CERT Story:

US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment. This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL. Many browsers utilize anti-phishing filters to help protect users against phishing attacks, this method of attack is able to bypass this security mechanism. US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing attacks:

• Do not follow unsolicited web links or attachments in email messages.
• Use caution when providing personal information online.
• Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.

Relevant Url(s):

• http://www.us-cert.gov/cas/tips/ST04-014.html
• http://www.us-cert.gov/reading_room/emailscams_0905.pdf
• http://www.us-cert.gov/cas/tips/ST04-010.html

Link to the original story.

Japan EarthQuake and Tsunami Email Scams

We see it all the time. Spammers and malware writers try to exploit all kinds of traumas and disasters. The recent earthquake and tsunami disasters in Japan are no exception - so the anti-spam community should be prepared for the onslaught.

US-CERT recently posted a warning about impending Phishing and Malware email scams regarding Japan's recent earthquake and the resulting tsunami disaster:

- original story below:

US-CERT Current Activity

Japan Earthquake and Tsunami Disaster Email Scams, Fake Anitvirus and Phishing Attack Warning

Original release date: March 11, 2011 at 10:14 am Last revised: March 11, 2011 at 10:14 am

US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Review the Federal Trade Commission's Charity Checklist.

Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.

You can find the original story here.