[<prev] [next>] [day] [month] [year] [list]
Message-Id: <2DD1B718-CA53-4A3D-87C7-4B6A2BF5487B@beskerming.com>
Date: Tue, 30 Jan 2007 08:25:27 +1030
From: Sûnnet Beskerming <info@...kerming.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Phishing Evolution Report Released
Hello List(s),
For those interested in the original FD email about a new phishing
technique being employed on a professional networking site (late last
week), the investigation and subsequent report have been published.
Readers of 'The Register' will note a write up already in place with
some feedback from the site involved. Although the claim of 10 or so
reports per month of similar scams being made are probable, I doubt
that many (if any) have taken as much detailed involvement from the
scammer before the phish is set.
http://www.theregister.co.uk/2007/01/29/ecademy_419_scam/
You can find the report at the following address:
http://www.beskerming.com/marketing/reports/index.html
Or, for the direct link:
http://www.beskerming.com/marketing/reports/
Beskerming_Phishing_Report_Jan_07.pdf
A higher detailed version is available upon request, which includes
sufficient detail in the account screenshots for the profile text to
be legible.
An Executive Summary for those who don't want to read the report:
- Yes, it was a scam. The scammer started out with a stolen
identity, maintaining it all the way through the scam (even when
confronted)
- Ultimately it was a 419-style phish / scam that was traced back
to Nigeria
- The first recorded use of the particular stolen identity was
November 06, with a very similar scam (though a more traditional mass
spam email).
- The scammer invested at least 2-3 days of communication and trust-
building before beginning to seed the phish / scam
- The initial round of the phish bait was mild enough to almost be
missed.
- The Networking site was VERY prompt in addressing the situation
once notified (less than 5 minutes to remove the account when it
reappeared and they were notified again). Props to Ecademy in this
case.
- Sometimes you just need to be paranoid.
Any questions or queries, just ask them.
Carl
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists