Over the weekend, we encountered an interesting variation of a phishing email targeting Apple users. The email contained an alleged receipt for five movies purchased from the iTunes Store that was so detailed that the user who received it, and who knows better, still almost fell for the scam. Figure 1. Phishing Apple email Similar cases were reported in 2015 by users in the UK and Australia, except in those cases the fake receipt contained songs and books, respectively. Last year, similar emails targeting users in the US were also reported,... [Read More]
by RSS Lilia Elena Gonzalez Medina  |  Feb 23, 2017  |  Filed in: Security Research
We recently received a URL through Skype that caught our attention. It was a link belonging to LinkedIn, with our Skype ID as a parameter at the end of the URL.   Usually, people would be wary when they receive links that look somewhat suspicious. But this link is from LinkedIn, the world’s largest networking site, so it would easy for anyone receiving this to quickly dismiss any thought of it being harmful. And the convincing personalized Skype ID at the... [Read More]
by RSS Nelson Ngu  |  Dec 06, 2016  |  Filed in: Security Research
Earlier this month, the Daily Mail published an article regarding foreign crime gangs stealing millions through hacking email accounts of house buyers and sellers. The con is simple - use malware to steal email credentials, study the content of compromised emails, and then use the collected information to social-engineer your way into siphoning out victims' money. Business email scam, otherwise referred to as business email compromise (BEC) scam, has been around for a while now in different forms. Historically, we have seen the same... [Read More]
by RSS Roland Dela Paz  |  Jan 27, 2016  |  Filed in: Security Research
Today, Alibaba Group Holding Limited broke its own sales record during the world’s biggest online shopping event, China’s Singles Day. Alibaba is the largest e-commerce company in China providing consumer-to-consumer (C2C), business-to-consumer (B2C) and business-to-business (B2B) sales services through web portals. Alibaba’s success comes with a price, however. Over the years, it had inadvertently attracted scammers trying to defraud the platform’s users. In fact, a good portion of this happens on their B2B website... [Read More]
by RSS Roland Dela Paz and Kenny Yang  |  Nov 11, 2015  |  Filed in: Security Research
As malware continues to grow on Android (900K malicious samples and 1,300 new per day), we sometimes forget attacks can also affect other devices... like Amazon's Kindle. The Kindle indeed runs Fire OS, a fork of Android. Thus, in several cases, Android malware also work on Fire OS, and reciprocally. Proof below. Some time ago, while surfing on an old Wordpress website with his Kindle, a user got this pop-up: Legend. System kernel fix scam. Appears on Android devices and on Kindle. Of course, it is a scam: the web page does not... [Read More]
by RSS Axelle Apvrille  |  Jan 12, 2015  |  Filed in: Security Research
The games have began and we aren't just talking about football. Unsolicited emails: Beware of spam emails that say you're the lucky winner of a lottery for two free tickets to the World Cup, or promises to give you free access to Websites that let you watch the matches live. By clicking on those links, you could be taken to compromised Websites that download malware onto your computer. That malware could be used as a keylogger to retrieve all of your personal information, including passwords and other credentials; it could be used to download... [Read More]
by RSS Guillaume Lovet  |  Jun 18, 2014  |  Filed in: Industry Trends
Recently I received this SMS on my mobile phone. Basically, it tells me I have to call back 018377xxxx to collect a parcel. As this phone number is not premium and I was indeed waiting for a parcel, I nearly fell in for the trick. Figure 1. SMS scam received on the phone. It says: "E-Relay Hello, your parcel Ref: M794610 is waiting for you since July 8th, 2013. More details at 018377xxxx" I guess that AV analysts get suspicious about everything, and I checked it on a search engine. I quickly found out that plenty of other victims were complaining... [Read More]
by RSS Axelle Apvrille  |  Jul 17, 2013  |  Filed in: Security Research