HackDig : Dig high-quality web security articles for hacker

Advanced phishing tactics used to steal PayPal credentials

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa
Publish At:2016-06-14 19:15 | Read:3050 | Comments:0 | Tags:Cybercrime Social engineering fake JavaScript PayPal phish P

Tech Support Impostors Part II: Where are They Now?

Last October, our own Jerome Segura uncovered a tech support scam trading on Malwarebytes’ good name. So half a year later, what happened to the perpetrators? Still scamming, apparently, and now with a snazzy new website! Rather than coding a website from scratch and possibly making mistakes, they seem to have lifted assets from the Malwarebytes websi
Publish At:2016-05-13 19:50 | Read:7863 | Comments:0 | Tags:Cybercrime Social engineering fake scam tech support tech su

“BMW Lottery Department” 419 Spam

Good news, oh lucky winner! You’ve won a car, laptop, and a frankly terrifying amount of money after being entered in a prize draw. Well, that’s what the senders of the below missive want you to think, should you open it up in your mailbox. Titled “Dear Lucky Winner” and sent from the so-called “BMW Lottery Department”, th
Publish At:2016-04-12 05:15 | Read:2794 | Comments:0 | Tags:Cybercrime Social engineering 419 BMW email fake mail money

Steer clear of this latest fake iPhone discount news

More than a week after the FBI has decided to drop that case against Apple, it appears that the controversy surrounding all of this continues to keep us riveted to the news. Usually, people go to their favourite online publications; what shady actors behind equally shady news sites do, though, are the opposite. Users with UK IP addresses shouldn’t be s
Publish At:2016-04-06 03:15 | Read:2829 | Comments:0 | Tags:Cybercrime Social engineering Apple fake fake news gamificat

“Your Recent Purchase with your Apple ID”…

Apple fans should steer clear of a convincing phishing mail doing the rounds, with the sender address popping up in a 419 scam not so long ago. Here’s the mail in question: It’s a fake tax receipt which states that a purchase has been made for “Rain Radar, Remove Ads”. If you didn’t make this purchase, you should visit the link
Publish At:2016-03-17 10:55 | Read:4386 | Comments:0 | Tags:Phishing app Apple email fake phish phishing

Google Docs? Check One More Time…

If you go looking for Google Docs related URLs on your travels, you may run into the following site (registered through an “Offshore anonymous hosting company” in Panama): googledocs(dot)info Despite the name, you won’t find your documents sitting in a pile waiting to be edited. Indeed, you’ll currently see this: If we had a magical
Publish At:2016-03-04 15:05 | Read:3846 | Comments:0 | Tags:Fraud/Scam Alert fake Google phish

The Amazon Survey Phish: Back for Round 2

We’ve seen another run of Amazon themed spam doing the rounds, and they may well already be dropping into your mailbox. Here’s the email in question: The text is identical to the last one we took a look at (notice also the open red padlock, which is a new Gmail feature). As before, the link uses a redirect to send potential victims to an imitati
Publish At:2016-02-26 20:20 | Read:3106 | Comments:0 | Tags:Fraud/Scam Alert amazon email fake phish phishing scam

Avoid this “Casino Online Promotion” 419 Scam

Remember the time when you won a ridiculous amount of money from a Casino you’d never heard of, much less visited? Me neither, but as it turns out it doesn’t really matter when dealing with the wacky world of email spam – where winnings are often plentiful despite not actually taking part: Going by the wonderfully informative title of R
Publish At:2016-02-23 20:00 | Read:3297 | Comments:0 | Tags:Fraud/Scam Alert 419 fake lottery scam scammers

The Phishy Accountant: Something Doesn’t Add Up

We’ve recently come across a phish aimed at people working in / related to accounting firms, sent from a compromised accountant’s email address leading to a fake Google Docs page. The email reads as follows: Subject Important - For your review Hello, I've shared some files with you on Google Drive. Please, click on the E-Document to downlo
Publish At:2016-02-20 01:35 | Read:3141 | Comments:0 | Tags:Phishing cpa fake phish phishing scam

Gate To Nuclear EK Uses Fake CloudFlare DDoS Check

There has been a lot of talk about Nuclear EK recently, following Sucuri’s discovery about a large number of WordPress sites getting compromised to redirect to the exploit infrastructure. Here is another interesting spin: a Nuclear EK gate using a decoy CloudFlare DDoS check page while instead loading a malicious redirection that ultimately triggers th
Publish At:2016-02-08 18:15 | Read:2462 | Comments:0 | Tags:ExploitKits EK exploit fake Nuclear wordpress Cloud DDOS

A weather app with a twist

Recently, a weather app caught our attention by doing something far worse than predicting rain all the time. It installed all the ingredients for a false Blue Screen Of Death (BSOD) with a number to call for assistance. WeatherWizard As the app is bearing the same name as one comic book “super villain” this might have been a warning that there was something
Publish At:2016-02-04 05:45 | Read:3343 | Comments:0 | Tags:Fraud/Scam Alert bsod fake scam tech support scam

Tech Support Scammers Lure Users With Fake Norton Warnings, Turn Out To Be Symantec Reseller

Fraudulent tech support companies are well-known for taking advantage of unsavvy computer users by reeling them in with scare tactics and charging large amounts of money for bogus services. In many cases, these crooks sell free security products (or straight up pirate them) for hundreds of dollars more than their actual retail price. Security vendors may not
Publish At:2016-01-20 22:10 | Read:3226 | Comments:0 | Tags:Fraud/Scam Alert fake scam TechSupportScams

Clickjacking Campaign Plays on European Cookie Law

We’ve spotted an advertising campaign that tricks users into clicking on what looks like a notification alert that actually hides a legitimate advert, therefore abusing both the advertiser and the ad network hosting the ad (Google Ads Services). The rogue actors behind this fraudulent activity are cleverly leveraging a European law on the use of cookie
Publish At:2016-01-08 02:45 | Read:2870 | Comments:0 | Tags:Fraud/Scam Alert ads adverts fake fraud Google

Facebook “Page Disabled” Phish Wants your Card Details

Fake Facebook Security pages are quite a common sight, and there’s a “Your page will be disabled unless…” scam in circulation at the moment on random Facebook comment sections which you should steer clear of. The scam begins with a message like this, courtesy of Twitter user Alukeonlife: Heads up Facebook page admins, there’s a
Publish At:2016-01-06 14:35 | Read:3418 | Comments:0 | Tags:Fraud/Scam Alert facebook fake fraud phish phishing scam

Safe Browsing Scam: From Amazon to Rackspace

Tech support scammers are a very unique type of online criminals who traditionally were never as sophisticated as malware authors. For the most part, they really didn’t need to be since even a quickly put together scary webpage with some audio background would suffice to con victims. While this dirty business was poorly organized in the beginning, in r
Publish At:2015-12-30 01:45 | Read:4158 | Comments:0 | Tags:Fraud/Scam Alert amazon fake safe browsing scam tech support

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud