Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Author Archive - Sheiree Salvago (Fraud Analyst)

    Posts masked as the fake web app “TumViewer” and “Online Income Solutions” were seen circulating on the popular blogging site Tumblr. Both offer something to Tumblr users, but in reality, they are social engineering lures meant to hook users into another run-of-the-mill survey scams.

    TumViewer and Online Income Solution: Just Another Survey Scam

    Several Tumblr posts were seen promoting “TumViewer” web app. This free app supposedly allows users to see who viewed their pages, which posts were viewed, and how often they were viewed. “TumViewer” appeared to be a minor hit among certain users, as we also noticed some tweets circulating on Twitter that promote the same app.

    Read the rest of this entry »

    Posted in Social | Comments Off on TumViewer and Online Income Survey Scams Hit Tumblr

    Italian bank Banca Popolare di Sondrio has become phishers’ new target with the discovery of a spammed message containing a link to the supposed bank’s Internet banking site, SCRIGNO.

    Click for larger view

    As with previous bank-related phishing attempts, clicking the link leads users to a site that looks very much like the legitimate Internet service’s login page. The site asks users to enter their user codes and personal identification numbers (PINs). After giving out the requested information, they are redirected to another site that asks for a control code, which is indicated in every Scrigno client’s card.

    Click for larger view Click for larger view

    Once users have provided all the necessary information, they are redirected to the real SCRIGNO site. Unfortunately, by this time, the phishers have already acquired the data they need.

    Click for larger view

    Phishing attacks, regardless of vector—spamming or site spoofing—are already a staple in the current threat landscape. As in this most recent attack, cybercriminals often send out spammed messages purporting to come from various banks to users in an attempt to trick them into clicking embedded malicious links, as shown in the following previous posts:

    Cybercriminals also spoof legitimate banking sites for their profiteering schemes. In such an attack, they leverage users’ trust on the latest banking technologies, as in the following previous attacks:

    To avoid becoming victims of phishing scams, the best solution is still user vigilance. Users must continue to be wary of suspicious-looking email messages and must refrain from clicking dubious links. Being familiar with the full addresses of banking sites users access can also prevent them from unwittingly giving out critical information in phishing sites. Of course, using an effective security solution will also help.

    Trend Micro™ Smart Protection Network™ protects product users from this threat by preventing the spammed messages from even reaching users’ inboxes via the email reputation service. It also blocks access to the said phishing site via the Web reputation service.

    Posted in Mobile, Spam | 1 TrackBack »


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice