Spoof Emails. You may have received one your self or know someone how has. The problem is that they may not realized they have received these Spoof Emails. These emails look like they came from the people that they claim they are from. Most of these emails ask you to update your information and most will ask you for user names and passwords account numbers mothers maddened name. No bank, credit union, financial institution, eBay, Paypal, credit card company's, department stores, exe, will ever ask you for this kind of info with an email that has been sent to you. You should know that you will never get an email telling you to (CLICK HERE to install a security patch) And yet a new wave of email scams disguised as Microsoft Security Bulletins. Users receive an email message which urges the immediate installation of a cumulative security patch. Users who execute the Trojan become infected with an SDBot variant, which is currently undetected by major anti-virus vendors. This Trojan/Bot allows complete unauthorized access to the machine.
Sample email body:
Microsoft Security Bulletin MS05-039: New patch against W32/Sober, W32/Zafi, W32/Mytob.
Issued: June 26, 2005
Updated: June 26, 2005
Version: 1.0
Summary
Who should read this document: Customers who use Microsoft Windows
Maximum Severity Rating: CRITICAL
Recommendation: Customers should install the patch immediately.
Security Update Replacement: This update replaces the update that is included with Microsoft Security Bulletin MS05-038. That update is also a cumulative update.
Affected Software:
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Download the update and patch your system.
This is another example of a spoof email.
Chase Bank.
Users receive a spoofed email message claiming that they have been locked out of their account due to unauthorized account access. The email instructs users to unlock their account by updating their account information. The link to update their account information redirects users to a phishing site requesting personal information.
This phishing site is hosted in Taiwan and was up at the time of this alert.
Phishing Email Text:
Dear Customer,
We are contacting you to remind you that our Account Review Team identified some unusual activity in your account. In accordance with Chevy Chase Bank's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved. We encourage you to sign on and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure. To view and perform the verification process, please click on the link below:
Harris Bank is committed to maintaining a safe environment for our customers. To protect the security of your account, our bank employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Online Banking system for unusual activity.
Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.
Sincerely,
Chevy Chase Bank, Customer Service.
SO how can you tell if the website your at is fake or not? With a tool called (Spoof Stick) This tool will display the name of the site you are at not just the web adderss that the link took you to. You can get Spoof Stick at http://www.corestreet.com/spoofstick Paypal has a site showing you how to spot spoof websites and emails. This site is at https://www.paypal.com/cgi-bin/webscr?cmd=xpt/general/SecuritySpoof-outside
skip to main |
skip to sidebar
THIS IS THE PLACE FOR TECH NEWS, INFORMATION AND HELP FOR LIFE'S PC PROBLEMS
BCM
Subscribe Now: To my Safe Web Browsing Podcast
Followers
Blog Archive
-
▼
2005
(64)
-
▼
July
(12)
- Windows Update Validation
- Microsoft unfazed by Vista legal threat
- A new instant messaging worm
- Windows Vista
- Most PC problems are easily fixable
- Web browsers, You do have a choice
- The truth about toolbars
- Spoof Emails
- Performing a clean install of XP
- Viruses change us
- Explorer vs Mozilla
- Customize Windows XP
-
▼
July
(12)
No comments:
Post a Comment