Pay-Me-Pal Strikes Anew

March 3rd, 2008 by Keanu Beltran (Threats Analyst)

Phishing activities on online payment service PayPal continues today as Trend Micro received reports of a new spammed email. Below is a screenshot of the said phishing email:

It appears to be similar to previous phishing email messages that ask unsuspecting users to confirm their account by entering personal information such as the bank name, ATM PIN code, mother’s maiden name, birth date, and social security number. Nothing fancy, but it seems to continue to work for cyber criminals bent on stealing personal information for profit.

Clicking on the URL provided in the email takes a user to a spoofed PayPal Web site. The victim is then asked to enter his/her PayPal user name and password:

Note that the spoofed Web page does not check for the authenticity of the user and/or the password. The user is then directed to the following Web page where personal information is furnished:

It is evident that remote malicious users are only interested in capturing the user data for a smooth and well-executed identity theft.

When the unknowing user clicks on the link Why is this information requested?, the following pop-up window is displayed:

Note that the message implies that the information will be used to identify and locate the user’s PayPal records. As if the user name is not enough?

While this phishing Web site does not check the authenticity of the PayPal account, they do check for valid credit card information as shown below:

This phishing Web site has been up since 23 February 2008 and is still live as of this writing. Trend Micro users, however, are already protected from this phishing attempt with its Web Blocking and Web Reputation services.

Keanu Beltran, TrendLabs North America

Cuba’s Castro: Critical Condition to Concocted Casualty

March 3rd, 2008 by Arman Capili (Technical Communications)

After almost 50 years of ruling the Communist state of Cuba, strongman Fidel Castro retired on February 24 and was succeeded by his younger brother Raul as president. This story was all over the news as an era finally came to a close and a succession of power looms over the small anti-Western island state.

However, if a particular email message recently circulating is to be believed, Fidel Castro has likewise passed to the afterlife.

Trend Micro was alerted of an email phishing attack purportedly from the Hispanic television network Univision. The email message claims to have video evidence of Castro lying in state, with his close ally and President of Venezuela Hugo Chavez mourning by his side.

Clicking the links on the email message downloads a malware on the unknowing user’s affected system. Trend Micro detects this as TROJ_AGENT.FRV.

It can be noted the details of the message are accurate and the scenarios very imaginable in the event of an actual demise of the former president. Even a closer inspection of the attached image would reveal a man that closely resembles Fidel Castro, seemingly inside a casket. Here is a sample of the said spammed email message:

Users are strongly advised to be wary of these types of email messages. Avoid clicking on URLs and delete such messages altogether. You may want to check the news first before falling for these types of social engineering tactics.