Commtouch labs have detected large volumes of emails with malicious HTML attachments. The emails purport to come from a range of legitimate sites including:
Bell Canada
Craigslist
NewEgg
So let’s say you read our previous blog about the rise of the malicious HTML attachments. You open the attached HTML file in a text reader to find the malicious links [...]
In February, we “recommended” that cybercriminals save time and money by using LinkedIn as a way to harvest email addresses and details about corporate employees. Instead, they have added LinkedIn to the pantheon of trusted brands being used to scam unaware recipients.
Thanks to the simplicity of the LinkedIn design, spammers have had an easy time [...]
In the grand phishing universe, it’s clear that Amazon would be a target. This particular phishing outbreak caught our eye though. It starts with a typical “account verification” email. Recipients must submit the required information or they will suffer the dreaded “locked account”.
Opening the attached HTML file reveals phishing for more than just a username [...]
Perhaps you’ve gotten used to phishing, spam and scams supposedly coming from Facebook, Apple and Google. Now, though, even trusted brands that we thought were safe are being used in an attempt to get recipients to click the embedded URLs. Check out the emails below, both related to “recent account opening activity”.
Wikipedia and WordPress, whose [...]
One of the advantages of following us on Twitter is that you get our #Sillyspam posts. In their efforts to confound mail filters, spammers often need to perform all sorts of language acrobatics. We usually feel compelled to add a comment to these amusing bits of email – and we summarize our favorites every 3 [...]
Last week we saw an interesting series of emails which seemed to indicate a mid-outbreak change of tactic. The initial series of emails all had banking and account related themes. The emails indicated that it was necessary to open an attached document file. The attachments were actually zipped executable Trojan downloaders.
A Virus-Total (www.virustotal.com) scan showed [...]
Well-crafted emails mimicking Amazon order confirmations have been detected in large quantities in the past week. The Amazon logo and “your account” button actually take image files from the Amazon website. The email includes twelve links designed to motivate recipients to click:
More information about an Amazon Visa card
The ordered items are not shown and are [...]
In the last few weeks we have detected increasing usage of HTML attachments in a variety of message types – all of them attempting to install malware. These sorts of attachments are generally not blocked by message scanning systems. In addition they may arouse less suspicion in users than zipped attachments.
In the examples below, the [...]
Those frustrated with the on-again-off-again order status conundrum surrounding the launch of the newest iPhone might be tempted to respond to a wave of spam promising free iPhones (see spam sample below).
There are multiple templates for the email but all lead to a website that seems to only need your email address.
At this point we [...]
In their efforts to convince innocent recipients to part with their hard earned cash, email scammers have created seemingly endless versions of lottery, financial aid, and surprise inheritance stories. And now these… Looking for some new scam tales we present:
The Harry Potter Foundation giving away GBP 250,000 (and they are based in “Potter house”)
The Facebook Africa Jackpot [...]
