Cybercriminals abusing Microsoft Azure for phishing attacks


CyberCriminals usually host fake web pages on hacked websites, free web hosting, more recently they abused Google Docs.  These fake pages(phishing pages) trick unsuspecting users into handing over their personal and financial information.

Now, the cyber criminals have started to abuse the Microsoft's Azure cloud platform to host their fake websites.

Creating accounts on Azure is very easy and they are also offering a 30-day trial.  Once you are done with account creation, you can easily create your web pages using the main dashboard.

However, Registration process is not easy for criminals.  Because, it needs you to provide a valid phone number and credit card details.

MalwareBytes researchers says the attackers may have stolen the username and passwords from legitimate users that were already registered.

Netcraft has identified several phishing pages targeting users of Paypal, Apple, Visa, American express, Cielo hosted on Azure.

PhishTank records:
http://www.phishtank.com/phish_detail.php?phish_id=2428419
http://www.phishtank.com/phish_detail.php?phish_id=2391951
http://www.phishtank.com/phish_detail.php?phish_id=2342647
http://www.phishtank.com/phish_detail.php?phish_id=2174737

Australian Foreign Minister Julie Bishop Twitter account hacked


It's not usual tweet from Australian Foreign Minister Julie Bishop which suggest users to check out the post weight loss.

"LOL u gotta read this, its crazy [link]", " I'm laughing so hard right now at this[LINK]" these are one of the tweets posted from her account.

If you are regular user of E Hacking News, you would have already realized that this is nothing other than spam tweet.  However, most of people do not aware of that.

At first, i thought the link leads to simple weight loss spam website.  While analyzing few similar links, i found that some links are leading to a Twitter phishing page.

The JulieBishopMp account has more than 57k followers.  It means the phishing page has reached thousands of users.  We are not sure how many of them fall victim to these attack.

We already seeing plenty of similar fake tweets are being posted from several accounts(some accounts have more than 10k followers) which leads to the phishing pages.

Julie Bishop recovered and posted the following tweet:  "Yes my Twitter account has been hacked/compromised"

Beware of these new twitter phishing attack !  Share this post with your friends and make them aware about these kind of attacks. 

Microsoft confirms phishing attack compromised the employee's email account

Social Engineering attacks is one of the most successful attack method- Even the system which is claimed to be 100% secure can be hacked, if an attacker is able to manipulate one employee.

We recently covered a news about the recent Microsoft's twitter account hack in which Syrian hackers compromised the email accounts of Microsoft's employees through a phishing attack.

Microsoft has finally admitted that the Syrian Electronic Army has hacked into several Microsoft employee email accounts via phishing attack. 

"A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted." Microsoft spokesperson said in an email sent to Geekwire.

Microsoft said that the compromised accounts have been recovered.  They also claimed that no customer info stolen in the attak. 

"We continue to take a number of actions to protect our employees and accounts against this industry-wide issue."

Halifax Bank phishing email claims "3rd party Intrusion detected"


A phishing email targeting UK-based Halifax Bank users attempt to trick recipients into handing over their sensitive information.

The email informs the recipients that "3rd party intrusions" have been detected and their account has been limited for security reasons, according to Hoax-slayer.

To restore the account, it asks recipients to confirm their identify and verify that their account has not been used for fraud purposes, by filling an online validation form.

Once the victim opened the link provided in the email, it will take them to a fake Halifax Bank website where it will ask them to log in.  Then, it will ask victims to enter their personal information such as name, phone number, birth dates.

In next form, they will be asked to enter sensitive information such as Account Number, sort code, card number, expiration date and security code.

As usual in phishing scams, once the form is filled, the victim will be automatically redirected to the legitimate Halifax Bank website.

Victim fell prey to 'phishing' scam and lost £1 Million to fraudsters


This is another incident that reveals why you should be careful on the Internet. A British woman fell prey to a phishing scam and lost her £1million life savings.

The victim unwittingly handed over her personal details to fraudsters after receiving a bogus bank notification email.

Tamer Abdelhamid, the fraudster who stole the personal data then sold the info to Nigerian national, Rilwan Oshodi.  A 26 year old woman from Sierra Leone used the data to change the bank details by pretending to be the victim.

Detectives seized Oshodi's computer during a raid on his home with details of more than 11,000 credit cards, according to DailyMail report.

The fraudsters purchased cheeseburgers, high-end computers, gold with the stolen money. They are facing jail for their roles in the scam.

Phishing Scam alert: Samantha very hot scene from Telugu Movie

The recent report from Symantec shows that, even Cyber criminals became a fan of Telugu actresses Kajal agarwal and Samantha.  Cybercriminals started to use these actresses' name in their phishing campaign.

Few days after symantec spotted a phishing campaign with the title "Samantha & Kajal very hot song from Brindavanam Telugu movie", they spotted another phishing campaign that uses their name.

"the phishing site displayed a picture from a captivating musical number from the movie 'Saitan'." Symantec report reads. "The phishing site was titled, 'Samantha & Kajal Very Hot Song' but in fact, these celebrities were not a part of this movie. "


The phishing page requests the internauts who visit the page to log in for watching the video.  When a user give the login credentials, they will be redirected to the legitimate movie website.

" If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes." researcher says.

Browser Event Hijacking allows hacker to steal your password

Browser Event Hijacking

Be careful what you type on your web browser.  Hacker can hijack search command in browser and steal your password or any other sensitive data by social engineering attack.

The hacking method has been possible for years , but now two POCs has been published that demonstrate how an attacker can lure victims to give their password.

Browser Event Hijacking:

The hacker can hijack the browser event by using 'preventDefault' method on JavaScript, that cancels an operation while allowing all remaining handlers for the event to be executed. For Eg: if you press Ctrl+F , hackers can display their own search box instead of the browser search box.

The hack was initially posted here:
http://labs.neohapsis.com/2012/11/14/browser-event-hijacking/

A simple code that hijacks the browser event and steal password :
$(window).keydown(function(evt){
                if((evt.which == "70" && (evt.metaKey || evt.ctrlKey))){
                        console.log("STRG+F");
                        evt.preventDefault();
                        /* display fake search */
                        $("#searchbox").slideDown(110);
                        $('#search').focus();



Then another researcher rebuild the POC with a fake list of leaked passwords. So someone just presses CTRL+F in his browser and types his password to look if it is leaked ,become victim.

The POC :
http://h43z.koding.com/blog/leaked.html

If you search for any keywords in the page, it will lure you to believe there is password with your search string.

Microsoft Cyber-Crime Department Phishing Scam

A spam mail purporting to be from the Microsoft Cyber-Crime Department claims that all email users around the world are required to validate their account by clicking a link in the message or risk having their email address deleted from the world email server.

“As part of the security measures to secure all email users across the world, All email users are mandated to have their account details registered as requested by the Microsoft Cyber-crime Dept ( M C D ),” part of the email reads.

“You are here by required to validate your account within 24 hours so as not to have your email account suspended and deleted from the world email server. Kindly validate your email account to have your account registered, follow d link below: [Link],” it continues.

To make it more legitimate-looking, the logo of Microsoft’s Digital Crime Unit has been embedded into the notification.

When users click on the link, they’re taken to a bogus website that’s designed to collect sensitive information and send it back to the attackers, Hoax Slayer reports.

Lloyds TSB Bank Phishing Scam

“You have an incoming payment. We have encountered difficulty verifying your account information. This payment has been put into pending transaction. Click here to fix this transaction and view your current balance. LOG IN to verify,” reads a malicious email allegedly originating from Lloyds TSB Bank

"Email asks you to confirm/update/verify your account data at Lloyds TSB Bank by visiting the given link. You will be taken to a spoof website where your details will be captured for the phishers."www.millersmiles.co.uk statement reads.

The scheme itself is old, but this time around the masterminds that run it have slightly altered the message, most likely to ensure that in case potential victims want to verify it, it won’t show up on any scam alert websites.

Users who fall for it and click on the link are taken to the compromised website of a Turkish tourism company which hosts a webpage that mimics the site of Lloyds TSB.

Here, the user is asked to provide the valuable login credentials that can be utilized by the crooks to gain entry to his/her account.

Cyber Criminals use Google Docs for phishing attack

Usually, cyber criminals uses fake domains for phishing attack. Recently,  Sophos researchers come across a phishing attack in which the Google Docs page is used for the attack.

In one of the spam mails, the email asks the recipient to confirm their email account details or risk having it shut down.

Confirm your e-mail account please enter your Mailbox Details by clicking the link below:
[LINK]
Failure to provide details correctly will result to immediate closure of your mailbox account from our database.

The link points to a page on Google Docs (docs.google.com). That gives the link a false aura of legitimacy. Once users visit the link,  the page falsely claims that your email account will be shut down in three days and the only way it claims you can resolve the situation is by entering your username and password.

"Free Mobile Recharge Coupons" scam hijacks Facebook accounts


A recent phishing scam "Free Mobile Recharge" targets Facebook users, hijacks accounts and making impossible to recover the account, warned by McAfee.

The scam automatically post a tricky free recharge offer on the victim's wall to convince their friends to click on that link. Following the link will land you in a phishing website, which asks for their Facebook account details. Once you fill the detail and press the login button, it will take you to survey page. Meanwhile it will send your login details to attacker.

The same scam message is posted on that victim’s wall to further spread the attack.

The attacker not only change the account passwords but also deleted their primary information such as email . Even if the victims try to reset their passwords, they will never get the password reset email from Facebook.

TAX Refund Notification: HMRC phishing scam


"New Spam mail are currently circulating that purport to be sent by the UK tax organization HM Revenue & Customs (HMRC). These e-mails claim that the recipient is eligible to receive a tax refund and that he or she must download an attached file and open it in a browser" report from sophos.

The scam e-mail :


TAX REFUND NOTIFICATION

Dear Taxpayer,
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of 223.56 GBP.

Please submit the tax refund request and allow us 6-9 days in order to process it.

To access your tax refund, please follow the steps below:

- download the Tax Refund Form attached to this email
- open it in a browser
- follow the instructions on your screen

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.


If victim open the attachment, it will ask to enter his/her personal information. Ofcourse submitting the form won't actually send the information to HMRC; it will instead be sent to a malicious third party without the victim's knowledge or approval.

Are you interested to buy iPhone 4s? Beware about ebay Phishing pages


Are you interested to buy iPhone 4s ? Beware CyberCriminals can trick you into giving out your online financial credentials. TrendMicro Researchers have found a new phishing scam that targets users who are out to purchase an iPhone 4S through eBay.

Hackers create a phishing page by copying eBay posts for iPhone 4S units.  The page may look like legitimate one . All the link in the fake page are linked to legitimate site except the "Buy it Now", it leads to fake login page.

When user has filled it all up, users are directed to a page that says they must contact the seller via email in order to proceed with the transaction.

"We’re pretty sure that this is not how transactions go when buying something over eBay. This is most likely a scam that aims to steal money and personal information from its victims. The iPhone 4S is one of the top smartphones in this year’s holiday sales, and clearly the cybercriminals taking advantage of its demand.

This iPhone 4S scam is just one of the many attacks that people might encounter this season. Cybercriminals often leverage holiday activities—such as sending holiday greetings, shopping online, and looking for deals and promos—to launch attacks targeting unsuspecting users." Report from TrendMicro

Your credit card has been removed from your PayPal account : Spam Mails

A New spam mail purporting to be from PayPal claims that the recipient's credit card has been removed from the PayPal account and that they should follow a link to rectify the issue, recent report from Hoax-Slayer .

If anyone follow the link, it leads to a paypal Phishing page that asks them to fill the personal informations including credit card details.

The attackers can use this information to login into paypal or steal money using their credit card data.

Your Amazon Account is about to Expire : Spam Email

A New spam mail targets Amazon users with subject "You have (1) Message from Amazon", it masquerades as Amazon Team. Naked Security Reported today about this spam email.

Spam Mail:
Subject: You have (1) Message from Amazon
Attached file: NO003950033.html

Message body:
Dear customer,

Your online account is about to expire and will be deactivated.

Please confirm wether you want to continue using Amazon or not.

If the answer is yes, download and complete the attached form.

If the answer is no, please ignore this e-mail.

Best wishes,
Amazon Team

Note - Do not reply to this e-mail.

As you can see, the email has an attachment extends with ".html". Yes, it is Trojan, Sophos Security products detect it as "Troj/Phish-AZ" Malware.

Screenshot of Spam Email


Hackers steal millions of pounds from Xbox Live customers using Phishing Attack


CyberCriminals used phishing attack on Xbxo Live Accounts and stolen millions of pounds. The average loss to gamers in 35 countries hit by the scam is around £100, but many lost £200.

Attackers send mail to Xbox Live Customers with Phishing page that claims "offering free Microsoft points that can be used to buy games." The gamers entered the personal info without knowing that it was phishing page. These criminals take small amounts from credit cards over several weeks so that victims can not detect theft. Other victims lost money when passwords were accessed.

The victims only realised when their online profile became "locked out" , meaning someone else had used it.

Microsoft confirmed there had been no breach in the security of Xbox Live itself. Microsoft is investigating and says a small percentage of users are affected. Microsoft spokesman said:
"We take the security of the Xbox Live service seriously and work to improve it against evolving threats.

Very occasionally, though, we are contacted by members regarding alleged unauthorized access to their accounts by outside individuals.

We work closely with impacted members directly to resolve any unauthorized changes to their accounts and, as always, highly recommend all Xbox Live users follow our account security guidance in order to protect their account details."


Facebook Phishing Scam promotes Indonesian rock star


A New Facebook phishers used Indonesian Rock star as beit for their phishing sites.

"This is unlike the previous Indonesian adult scams whose phishing pages gave the impression that the adult video would be of a random celebrity. In October 2011 phishers continued their adult scams on Facebook, but this time they chose the Indonesian rock star Ahmad Dhani in particular." reported by Symantec.

Dhani is the frontman of the rock bands “Dewa 19” and “Ahmad Band”.

The phishing site contained a photograph of Ahmad Dhani and Indonesian singer Dewi Persik. The Indonesian caption of the photograph translated: “To view videos of Ahmad Dhani recorded from CCTV cameras, please login below”. After users entered their Facebook login credentials, the phishing page redirected to a pornographic website. Of course, if users gave away their login credentials to the phishing site, phishers would have successully stolen their information for identity theft. The phishing site was hosted on a free Web hosting site.

Celebrities have been a common target in phishing attacks. In the past, we have seen Aishwarya Rai and Katrina Kaif used as phishing bait. Phishers are choosing celebrities with a large fan following because they perceive a larger audience will mean more duped users.

Security Tips to avoid Phishing Attack ,provided by Symantec:
  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software, such as Norton Internet Security 2011, to protect you from online phishing.
Security Tips from BreakTheSecurity:
  • Before entering the login information ,check the url
  • Use Secure Connection(Ex: https://gmail.com)
  • Use some AntiPhishing Addon(ex: FirePhish)
  • Don't forget to read our Security Tips Blog: http://www.breakthesecurity.com

    Pictures of Osama Bin Laden Phishing attack on Twitter


    Phishing attack is one of the powerful hacking method. It will trick users to enter username and passwords. Today Pictures of Osama Bin laden phishing hits twitter users.

    They tweet contains:
    Pictures of Osama Bin Laden [Link]


    If the users follow the link, it will bring you to the fake Twitter Page(Phishing Webpage). Once you enter the username and passwords, your account will be compromised by Hackers.

    If you notice the URL of page, it will be "itwittiler.com/titterlogin1/". It is not twitter website.

    If you think your account is hacked by hackers, Change the Password as soon as possible. If you use the same password for gmail and other accounts, change it also.

    Security Tips:
    Use Different passwords for social networks(twitter,facebook) and mail id(gmail,yahoo).