lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E2827961-6E8C-4FA0-86F5-56BF7BBF29FC@skiifwrald.com>
Date: Thu, 1 Feb 2007 17:06:17 +1030
From: Carl Jongsma <info@...ifwrald.com>
To: bugtraq@...urityfocus.com
Subject: Phishing Evolution Report Released

Hello List(s),

Apologies for the cross-posting, but given the attention that this  
subject has received on other lists and sites, I thought it would be  
appropriate to allow the BT crowd to look in on what is emerging in  
terms of real world phishing attacks.

For those interested in the original FD email about a new phishing  
technique being employed on a professional networking site (late last  
week), the investigation and subsequent report have been published.   
Readers of 'The Register' will note a write up already in place with  
some feedback from the site involved.  Although the claim of 10 or so  
reports per month of similar scams being made are probable, I doubt  
that many (if any) have taken as much detailed involvement from the  
scammer before the phish is set.

http://www.theregister.co.uk/2007/01/29/ecademy_419_scam/

You can find the report at the following address:

http://www.beskerming.com/marketing/reports/index.html

Or, for the direct link:

http://www.beskerming.com/marketing/reports/ 
Beskerming_Phishing_Report_Jan_07.pdf

A higher detailed version is available upon request, which includes  
sufficient detail in the account screenshots for the profile text to  
be legible.

An Executive Summary for those who don't want to read the report:

  - Yes, it was a scam.  The scammer started out with a stolen  
identity, maintaining it all the way through the scam (even when  
confronted)
  - Ultimately it was a 419-style phish / scam that was traced back  
to Nigeria
  - The first recorded use of the particular stolen identity was  
November 06, with a very similar scam (though a more traditional mass  
spam email).
  - The scammer invested at least 2-3 days of communication and trust- 
building before beginning to seed the phish / scam
  - The initial round of the phish bait was mild enough to almost be  
missed.
  - The Networking site was VERY prompt in addressing the situation  
once notified (less than 5 minutes to remove the account when it  
reappeared and they were notified again).  Props to Ecademy in this  
case.
  - Sometimes you just need to be paranoid.

Any questions or queries, just ask them.

Carl

Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ