| |Via KrebsonSecurity.com
Aaron Jacobson of Authentify put together this map of all 43 of the U.S. commercial e-banking victims I’ve mentioned in stories at Krebsonsecurity.com and at the Washington Post’s Security Fix blog.
Clicking on this Google Maps link brings up an interactive version of this map showing the names of the victim at each point on the map, as well as their monetary losses.
By Kelly Jackson Higgins
Phishing attacks increased more than 60 percent from 2008 to an all-time high as the number of attacks per organization hit nearly 600, a new report finds.
MarkMonitor's 2009 BrandJacking Index report, released this week, shows 565,502 phishing attacks last year, up 62 percent from 2008, and attackers have become more targeted given only 33 percent of the victims were first-time phishing targets.
Wed Mar 17, 9:08 pm ET
BOSTON (Reuters) – Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.
The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc.
If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said on Wednesday.
Health officials are warning the public about fake e-mails inviting people to sign up for swine flu vaccine registrations. story continues..
by MGD 10:33PM Monday Jun 01 2009
...... According to a survey released Wednesday by the Consumer Federation of America (CFA), nearly a third of all adult Americans have been approached with fake check scams and at least 1.3 million have fallen for it. story continues..
By John Leyden
9th April 2009 11:26 GMT
Nine suspects in a banking Trojan case have been arrested by specialist cybercops from the UK's new Police Central E-Crime Unit (PCeU).
The suspects - four women and five men - were arrested following police raids in south east London. Investigators reckon the group of UK-based eastern European nationals used malware planted on compromised machines to steal login credentials and plunder online banking accounts.
The arrests follow the establishments of a virtual crime force, involving more than 50 officers from the PCeU and the Met's specialist crime directorate.Full article here: Via the Register
By John Leyden
Romania police arrested 20 suspected phishing fraud suspects on Wednesday.
Stefan Negrila, chief of the organised crime police in the western Romanian city of Timisoara, said the alleged hackers set up counterfeit banking websites that they used to trick surfers in Italy and Spain into handing over sensitive login credentials.
Phishing mule accomplices in the targeted countries then used these stolen credentials to "cash out" compromised accounts in a fraud whose losses might run into hundreds of thousands of euros, The International Herald Tribune reports
Full article here: Big phish
Mar 13, 2009 11:45 am
The TinyURL service allows you to enter a long URL, such as one for a particular Google Maps location, and convert it into a short, easy-to-type or e-mail link. Good for sending links - or as Trend Micro reports, for hiding a malicious Web site URL in a phishing e-mail.
Trend says the dirty trick, which it first reported on in February, is becoming more popular and spreading into multiple languages. The ruse is intended to make it more difficult for the wary to immediately peg a link as suspicious when they mouseover a link to see where it actually goes.Full article here
Major data breach could put police officers at risk of identity theft
BY: Shaun Nichols in San Francisco
vnunet.com, 06 Mar 2009
A recent offline data breach may have put tens of thousands of New York City police officers at risk of identity theft.
According to local media reports, a man has been arrested and charged with illegally entering a data warehouse in the borough of Staten Island and stealing an unencrypted storage cassette belonging to the department's pension fund office.Full story here
By Elinor Mills
March 6, 2009 3:54 PM PST
BERKELEY, Calif.--Six years after California enacted the country's first data breach notification law, many state residents have received letters warning them that their data was exposed by a breach but usually they don't know how or how long, experts said at a privacy conference on Friday.
That would change with the passage of a measure proposed by California State Sen. Joe Simitian, who authored the country's first bill requiring companies to notify customers when a breach has occurred that exposes their data.
Senate Bill 20 would require that notification letters to consumers have a standard set of information such as information about the timing and circumstances of the breach. Full story here
Companies, authorities fawn over informatics whiz story continues..
By Dan Goodin in San Francisco for The Register
2nd March 2009
Software companies and government officials in Italy are falling over themselves to recruit a 22-year-old hacker serving a three-year prison sentence for electronic fraud.
Gabriel Bogdan Ionescu, who is incarcerated at the Bassone Penitentiary in Como in northern Italy, has already been admitted to that country's prestigious Polytechnic University of Milano, thanks to help from Italian authorities.
by Elinor Mills story continues..
When we think of phishing attacks, in which scammers try to lure sensitive information out of Internet users, we think of fake official-looking e-mails and Web sites.
But you don't even need to be online to get phished.
Why pay when you can pwn?
By John Leyden
2nd March 2009
Three in four phishing sites are hosted on compromised servers, according to a new survey.
A study of 2,486 fraudulent websites found that 76 per cent were housed on hacked webservers, typically pwned after hackers identified well-known vulnerabilities using search engine queries. Free web hosting for fraudulent websites was used in just 17.4 per cent of cases.Full article via The Register
By John Leyden
25th February 2009
Gmail users, still swooning from the extended outage on Tuesday, were hit with a widespread phishing attack hours after the blackout.
The malicious message spread via the Google Talk instant messaging chat system, urging users to a video by clicking on a link connected via the TinyURL service. The link points to a website called ViddyHo, which invited users to submit their Gmail usernames and passwords.
Full article here: The Register
By JEFF OVERLEY
THE ORANGE COUNTY REGISTERLINK: Personal information belongs to scores of Seaview Financial customers
NEWPORT BEACH – Folders with personal information for numerous clients of a local mortgage broker sat for days at a public recycling site, overflowing from the tops of several bins in an apparently glaring identity theft risk.
The files contained bank account statements, completed tax forms, credit reports and Social Security numbers, among other information, and most if not all had one broker in common – Seaview Financial of Corona del Mar.
Seaview’s offices were vacant Monday; it moved out of its East Coast Highway office building last week, according to tenants and the property owner.Photo slide show:
by pleekmo 05:09PM Monday Feb 16 2009
Police seem to have arrested
the first suspects in the Hartland Payment Systems hack.
By John Leyden
Phishing fraudsters have moved on from banking sites with an attack designed to hoodwink hotel customers, according to a team of security volunteers.
Hotel chains including Hyatt, TraveLodge, Comfort Inn, Ramada, Days Inn, and Wyndham are being targeted in the reported scam. More than 71,000 travelers each month have been redirected to counterfeit sites, volunteer security community FraudTip.com warns (»www.prweb.com/releases/hotel/fra···4834.htm
). Mainstream net security firms are unable to confirm these figures.
More: Counterfeit site ruse proves hard to pin down
by pleekmo 09:23AM Thursday Jan 22 2009
A major credit card processor, Heartland Payment System, has recently admitted
that tens of millions of accounts were exposed due to poorly secured data being hacked.
by Valkyre 08:49PM Wednesday Dec 24 2008
by MGD 10:52PM Wednesday Dec 17 2008
Monday, December 8, 2008 story continues..
Telemarketer Sentenced for His Role in a Massive Fraud Scheme Targeting U.S. Residents
WASHINGTON - A room manager of a telemarketing call center operating out of Costa Rica was sentenced today to 11 years in prison for his participation in a massive, Costa Rica-based, telemarketing fraud scheme that targeted thousands of U.S.