Trend Micro Content Security recently came across an all-in-one attack that involves a fake postcard, a phishing site and, of course, a malware. A fake postcard launcher was found pretending to be Gusanito, one of the most popular Mexican greeting card services. After users click the link, the browser points to a Web site where users are prompted to enter their email address. The users then receive an email message with a link to a fake Hotmail login page. The said link leads ...

From Web sites related to online banking, credit unions, financial departments, and social networking sites, phishers are chucking their rods into relatively new territory: video streaming sites. Trend Micro Content Security team learned about this latest (and very interesting) phishing technique a few days back. Several phishing domains (see Figure 1) carry scripts that refer to legitimate YouTube video links. Figure 1: Screenshot of a Fake YouTube Video Page This nifty social engineering technique means that the user can actually search and watch ...

In recent months, Web site compromises have become the most prevalent problem that threatens Internet users from all over. While this trend continues to dominate today’s security issues, let’s not forget about other threats that, although may be not as massive as these attacks, have equally serious ramifications against the victims. Remember vishing? Well, here’s a refresher. Vishing is a type of phishing attack that involves Voice over Internet Protocol (VoIP) technology in stealing user’s sensitive information, usually financial in nature. Like ...

Here's the latest spam alert from our Content Security Team: An email message purportedly coming from Bradesco, a well known financial institution in Brazil, has been found in user inboxes in Brazil. The text of this email is found below. De: Bradesco S.A Enviada em: terça-feira, 3 de junho de 2008 10:54 Para: {recipient} Assunto: Comunicado Importante Caro cliente, Informamos que desde 14/06/2007, o uso da Chave de Segurança Bradesco Eletrônica para acesso ao Bradesco Net Empresa passou a ser obrigatório. Desde a data 03/06/2008 o ...

Phishing has evolved into a variety of forms. Phishers are always trying out new tricks to try to evade anti-phishing filters that are continually updated to recognize the latest phishing techniques. It thus seems strange for us to see this phishing attempt targeting users of two banking Web sites in North America: The first email targets Bank of America users; the said bank is only the largest commercial bank in the US. Bank of Montreal on the other hand (the subject ...