| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Feb 2007 17:06:17 +1030 From: Carl Jongsma <info@...ifwrald.com> To: bugtraq@...urityfocus.com Subject: Phishing Evolution Report Released Hello List(s), Apologies for the cross-posting, but given the attention that this subject has received on other lists and sites, I thought it would be appropriate to allow the BT crowd to look in on what is emerging in terms of real world phishing attacks. For those interested in the original FD email about a new phishing technique being employed on a professional networking site (late last week), the investigation and subsequent report have been published. Readers of 'The Register' will note a write up already in place with some feedback from the site involved. Although the claim of 10 or so reports per month of similar scams being made are probable, I doubt that many (if any) have taken as much detailed involvement from the scammer before the phish is set. http://www.theregister.co.uk/2007/01/29/ecademy_419_scam/ You can find the report at the following address: http://www.beskerming.com/marketing/reports/index.html Or, for the direct link: http://www.beskerming.com/marketing/reports/ Beskerming_Phishing_Report_Jan_07.pdf A higher detailed version is available upon request, which includes sufficient detail in the account screenshots for the profile text to be legible. An Executive Summary for those who don't want to read the report: - Yes, it was a scam. The scammer started out with a stolen identity, maintaining it all the way through the scam (even when confronted) - Ultimately it was a 419-style phish / scam that was traced back to Nigeria - The first recorded use of the particular stolen identity was November 06, with a very similar scam (though a more traditional mass spam email). - The scammer invested at least 2-3 days of communication and trust- building before beginning to seed the phish / scam - The initial round of the phish bait was mild enough to almost be missed. - The Networking site was VERY prompt in addressing the situation once notified (less than 5 minutes to remove the account when it reappeared and they were notified again). Props to Ecademy in this case. - Sometimes you just need to be paranoid. Any questions or queries, just ask them. Carl Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com
Powered by blists - more mailing lists