Tag Archives: fraud

Targeted ‘phone ring flooding’ attacks as a service going mainstream

Posted on by

By Dancho Danchev

Throughout the past year, we observed an increase in the availability of malicious (DIY) tools and services that were once exclusively targeting sophisticated cybercriminals, often operating within invite-only cybercrime-friendly Web communities. This development is a clear indication that the business models behind these tools and services cannot scale, and in order to ensure a sustainable revenue stream, the cybercriminals behind them need to change their tactics – which is exactly what we’re seeing them do.

By starting to advertise these very same malicious (DIY) tools and services on publicly accessible forums, they’re proving that they’re willing to sacrifice a certain degree of OPSEC (Operational Security) for the sake of growing their business model and attracting new customers. Just like the managed SMS flooding as a service concept, which we previously profiled and discussed, there’s yet another tactic in use by cybercriminals who want to assist fellow cybercriminals in their fraudulent “cash-out schemes’ – and it’s called ‘phone ring flooding as a service’.

In this post, I’ll profile a popular, publicly advertised service, which according to its Web site, has been in operation for 3 years and has had over a thousand customers.

More details:

Continue reading

Cybercriminals entice potential cybercriminals into purchasing bogus credit cards data

Posted on by

By Dancho Danchev

With the ever-decreasing entry barriers into the shady world of cybercrime, potential cybercriminals themselves may sometimes become the victims.

A recently intercepted fraudulent email sheds more light into the process of how cybercriminals attempt to scam novice cybercriminals, and also puts the spotlight on the QA (Quality Assurance) practices within the cybercrime ecosystem, each and every time a transaction or a transfer of fraudulently obtained assets is about to occur.

More details:

Continue reading

From Russia with iPhone selling affiliate networks

Posted on by

By Dancho Danchev

With affiliate networks continuing to represent among the few key growth factors of the cybercrime ecosystem, it shouldn’t be surprising that cybercriminals continue introducing new services and goods with questionable quality and sometimes unknown origins on the market, with the idea to entice potential network participants into monetizing the traffic they can deliver through black hat SEO (Search Engine Optimization), malvertising, and spam campaigns.

In this post, I’ll profile a recently launched affiliate network selling iPhones that primarily targets Russian-speaking customers, and emphasizes the traffic acquisition scheme used by one of the network’s participants.

More details:

Continue reading

Online dating scam campaign currently circulating in the wild

Posted on by

By Dancho Danchev

Lonely birds, beware!

Russian online dating scammers are currently spamvertising a fraudulent campaign attempting to socially engineer users into interacting with a bogus online dating service.

What’s so special about this scam? Just how vibrant is the Russian online dating fraud market segment? How can you avoid falling victim into their fraudulent schemes?

More details:

Continue reading

Cybercriminals launch managed SMS flooding services

Posted on by

By Dancho Danchev

Mobile devices are an inseparable part of the modern cybercrime ecosystem. From ATM skimmers with SMS notification next to fake antivirus scanners for Android users, the growth of the mobile malware segment is pretty evident.

In this post I’ll profile a recently spamvertised managed SMS flooding service, in the context of E-banking fraud, and just how exactly are cybercriminals using the service as a way to evade detection of their fraudulent transactions.

More details:

Continue reading

Spamvertised ‘YouTube Video Approved’ and ‘Twitter Support” themed emails lead to pharmaceutical scams

Posted on by

By Dancho Danchev

Just like true marketers interested in improving the click-through rates of their campaign, pharmaceutical scammers are constantly looking for new ways to attract traffic to their fraudulent sites.

From compromised web shells on web sites with high page rank, the impersonation of legitimate brands, to the development of co-branding campaigns, pharmaceutical scammers persistently rotate the traffic acquisition tactics in an attempt to trick more end users into purchasing their counterfeit pharmaceutical items.

In this post, I’ll profile two currently spamvertised campaigns impersonating YouTube and Twitter, ultimately redirecting end users to pharmaceutical scams.

More details:

Continue reading

Webroot Answers Your Security Questions

Posted on by

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

I’m very pleased to present today the first in a series of videos we’ve produced. The videos have the lofty goal of addressing the most pressing questions relating to malware, cybercrime, and online fraud. We’ll take you behind the scenes at Webroot and introduce you to some of our Threat Research team in the process.

In this first video, Webroot’s Director of Threat Research, Jeff Horne, answers a question submitted to us via Twitter direct message about the motives behind most cybercrime, and whether there are any examples of malware or other types of malicious online activity that have been motivated by anything other than financial gain.

We’re planning to release a new video every other Monday from now on. When you’ve thought of that question you always wanted to know the answer to, tweet @webroot or send an email to blog (at) webroot.com, and we’ll answer the ones about cybercrime. We’ll try not to disappoint, but offer no promises. If you think of questions about something else, send them to Dr. Phil or Craig. We look forward to your letters!

8 Tips for Filing Taxes Online Safely

Posted on by

By Mike Kronenberg

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

Getting ready to file your taxes online — and doing it at the last minute? Well, cyber-scammers are ready for you. Thieves are schemers, and they’ve got a bag full of tricks to steal your identity. You might even be doing things to make their job easier. And if you use a PC at work to do your return,  identity theft could be as simple as a crook (or an unscrupulous coworker) digging around and finding sensitive files.

One might send you an e-mail that offers a quick refund — or a warning about a problem with your already-filed tax return. Maybe they’ll pitch you with an expert’s review of your tax return, or helpfully offer advice, asking for all the sensitive financial details you’d normally put on your return so they can “look up your account.”

Here are eight tips to stay one step ahead of these virtual pickpockets and protect yourself.

Continue reading