Ease is the main reason why users are going online for their purchases, especially during the holiday season. While convenient, online shopping poses risks to users’ login credentials and personally identifiable information (PII), as cybercriminals can easily craft phishing attacks that lead to data theft.

Using Trend Micro Smart Protection Network™ and other proprietary tools, we identified the top created phishing sites for December 2012. Below is a graph of created spoofed sites limited to 50 popular brand names.

Based from the information we’ve gathered, the e-commerce site PayPal was the most targeted institution, with 18,947 spoofed sites under its belt, followed closely by the American bank Wells Fargo. Users who are tricked into visiting spoofed PayPal sites may lead to their systems being infected by TROJ_QHOST.EQ. So far, the malware has infected systems from Taiwan, Thailand and the United States (US). As you can see below, the top 10 most spoofed sites are composed of either banks or well-known credit card companies.

Read the rest of this entry »

Possibly the most common sham seen on social networking sites, survey scams have certainly figured prominently in this year’s Web threat story. Phishing scams aimed at sites like Facebook are also prevalent this year. Before we bid 2012 goodbye, we give you a rundown of some Facebook-themed scams and threats we saw during the last week of December.

Choose Your Facebook Theme Scam

Possibly an incarnate of last February’s fake Facebook Valentine’s theme, we saw two scams that peddle new color themes for Facebook. The first scam promises a red or black Facebook theme. This scam was even found spreading on Tumblr.

Read the rest of this entry »