Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Luisa Villasabas (Anti-spam Research Engineer)

    It seems that cybercriminals will really stop at nothing to further their malicious activities. Trend Micro fraud analysts received yet another spammed message obviously designed to catch unwitting Caisse d’Epargne, a French semicooperative bank, customers into their phishing trap.

    Founded in 1818, with around 4,700 branches in France, Caisse d’Epargne is active in both the retail and private banking segments. It also holds a significant stake in the publicly traded investment bank, Natixis.

    The spammed message informs customers that the bank found some problems with their accounts. It then informs the recipients that the bank needs them to fill in additional information by clicking an embedded link in the email to keep them protected. Clicking the link, however,  redirects users to a phishing page that looks a lot like the bank’s official website.

    Click for larger view

    As expected, the phishing site asks users to enter their personal identification numbers (PINs) to validate their accounts. There are, however, noticeable differences between the phishing site (marked in red in Figure 2) and the bank’s legitimate site (marked in green in Figure 3) if only users take time out to make sure they are not being victimized by wily cybercriminals.

    Click for larger view Click for larger view

    In fact, the bank’s legitimate site even has a security warning (marked in green in Figure 4) to all of its customers regarding the said phishing attack since January 28.

    Click for larger view

    The continued proliferation of phishing attacks, as evidenced by this, supports the “2009 Third Quarter Report” released by the Anti-Phishing Working Group (APWG). Based on the group’s global phishing survey, the third quarter of 2009 broke the record with 40,621 unique phishing reports as of August.

    However, what is more often overlooked can be summarized by the question, “What really happens after a phishing attack?” Trend Micro partner, RSA Security, gave some really frightening answers to this question. The article describes a real-life scenario that shows how cybercriminals buy credit card information, which they use to purchase high-end merchandise online. Fraudsters then resell these products, enabling them to make substantial profits.

    Considering the persistence with which cybercriminals operate, users should thus be extremely cautious every time they conduct online transactions. Fortunately, Trend Micro™ Smart Protection Network™ already protects product users from this particular threat by preventing the spammed message from even reaching their inboxes and by blocking user access to the phishing site.

    Non-Trend Micro product users can also stay protected from malicious URLs by using one of Trend Micro’s free tools, Web Protection Add-On.


    As PayPal celebrates its 10th anniversary this year, the Trend Micro Content Security Team also discovered a phishing website that uses the occasion to lure users into its trap. This fraudulent site informs online visitors that PayPal is throwing a party to celebrate the anniversary, supposedly as a way of letting its customers know how much PayPal appreciates their support.

    The website looks very much like a typical PayPal page.

    It informs recipients that they are invited to the party, where there will be “plenty of fun, food, free flow drinks, music and dance” – and also some cash prizes as well. Like typical invitations, the page asks users to RSVP. To do this however, they must fill out a form first, and there phishers are able to steal user information.

    Users who visit this site are asked for their first and last names, telephone number, country of residence, and most importantly, their PayPal email address. The page also has a non-mandatory eBay ID box. Filling out the form compromises victims accounts because phishers may then be able to access these themselves.

    PayPal phishing continues to be a threat to Web users, as seen in these examples:

    The phishing URL is now blocked by the Trend Micro Smart Protection Network. The technology prevents users from even accessing the page, keeping their PayPal and also eBay accounts safe from phishers.

    Posted in Mobile | Comments Off on PayPal’s 10th Year Anniversary Phished


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice