Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2013
    S M T W T F S
    « Sep   Nov »
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for October 1st, 2013




    We recently encountered a mobile phishing page that looks very similar to the official Facebook mobile page. However, looking closely into the URL address, there are noticeable differences. The real Facebook page is located at https://m.facebook.com/login and has the lock icon to show that the page is secured.

    Facebook-phishingvsreal-pag

    Figure 1. Fake vs. legitimate Facebook mobile page

    This page tries to steal more than Facebook credentials. Should users actually try to log in, the page then prompts users to choose a security question. This may sound harmless, but these same security questions might be used across several different sites, and can compromise your security as well.

    fake-facebook-security-page

    Figure 2. Fake Facebook security page

    Once users are done, they are led to another page, this time asking for their credit card details.

    fake-facebook-page-creditca

    Figure 3. Page asking for credit card details

    In cases like these, users should always be careful and double-check the URLs of sites they are entering personal information into, particularly those that claim to belong to a particular service. In addition, Facebook does not ask for a user’s credit card information unless they are making a purchase.

    Earlier this year, we established that mobile devices are now platforms for phishing attacks. With high-profile incidents like the mobile phishing page targeting Chase customers, the fake WhatsApp notification serving a multiplatform threat, the master key vulnerability, and not to mention the growing number of online banking transcations via mobile devices – threats for mobile devices are catching up with its PC counterparts in terms of severity.

    Armed with the right information and protection, mobile users can prevent becoming a victim of such threats. Trend Micro protects users from this threat by blocking access to the said site via its web reputation service.

     
    Posted in Bad Sites, Mobile | Comments Off



    As enrolment for the controversial Affordable Care Act or Obamacare starts today, cybercriminals already had a head start, spewing Obamacare-related spam as early as first weeks of September.

    Spam containing the terms “medicare” “enrollment” “medical insurance” started surfacing during the first week of September. Some of these spam variants can be easily recognized as such. However, others appear professional enough to fool some users into opening the email and clicking the links in these messages.

    obamacare-spam-sample

    Figure 1. Sample Obamacare spam

    Once users click these links, they are lead to nefarious pages, in particular survey scam sites. These sites typically encourage users to disclose certain information by pretending to be consumer survey pages or promising enticing prizes or in this case, Apple products like iPad, iPhone 5 etc.

    survey-scam-obamacare-sample

    Figure 2. Sample survey scam page

    Given spammers history of shrewdly using noteworthy events (iPhone 5s launch, the birth of the Royal baby), it comes as no surprise that Obamacare-related spam are making headway. Because of Obamacare’s novelty and impact, this may create confusion among American users. Spammers, unfortunately, see this as an opportunity to lure users into their schemes and disclosing personal information such as name, address, email address and the likes. The bad guys can either sell these to other cybercriminals or be used in other, more menacing threats.

    For users, it is important to always to double-check email messages and bookmark reputable sites to avoid visiting fake or malicious ones. To know more how spammers and cybercriminals use social engineering and how they earn from your personal information, you may read our report How Social Engineering Works. Trend Micro protects users from this threat by blocking the related spam and websites.

     
    Posted in Bad Sites, Spam | Comments Off



    According to news stories, Apple is now the most valuable brand in the world. One party that would agree: cybercriminals, who are now targeting Cupertino in increasing numbers.

    Earlier in the year, the number of identified Apple phishing sites would only be in the hundreds per month, as seen in the chart below:

    Figure 1. Number of identified Apple-related phishing sites

    Some cases of these Apple-related threats just use Apple as social engineering bait. For example, here, the need to “verify” one’s Apple products or services is used to phish email services:

    Figure 2. Phishing site

    As we noted earlier this year, Apple ID itself is now being targeted for theft. For users of all Apple products – whether they be Macs, iOS devices, or just the iTunes store – the Apple ID is a key ingredient in how they use these products. For example, it can be used to control the data stored in your iCloud account, make purchases of both music and apps, and even manage your iOS or Mac device.

    Not only that, users from all over the world are being targeted. For example, this phishing site is in French:

    Figure 3. Apple ID phishing site

    Unsurprisingly, the number of phishing sites seems to spike in months where Apple-related rumors are high as well. For example, the month with the most identified sites – May – was also the month when iOS 7-related rumors were most prevalent, particularly before its June announcement at the Apple Worldwide Developer Conference.

    Similarly, June itself saw many rumors related to what became the iPhone 5c. The same was true for the succeeding months, up until the new generation of iPhones was launched on September 20.

    It would appear that cybercriminals are using Apple-related rumors as a gauge of potential interest from users/victims and increase the number of their attacks as needed.

    This growth in Apple-related threats highlights how Apple users, far from being safe, are continuously targeted by threats today as well. We discuss these problems in more detail in the eguide Why Macs Need Security.

     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice