Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Phishing Evolution Report Released

from [Sûnnet Beskerming] Network Security [Permanent Link]
Subject: [Full-disclosure] Phishing Evolution Report Released
Date: Tue, 30 Jan 2007 08:25:27 +1030 
Hello List(s),

For those interested in the original FD email about a new phishing  
technique being employed on a professional networking site (late last  
week), the investigation and subsequent report have been published.   
Readers of 'The Register' will note a write up already in place with  
some feedback from the site involved.  Although the claim of 10 or so  
reports per month of similar scams being made are probable, I doubt  
that many (if any) have taken as much detailed involvement from the  
scammer before the phish is set.

http://www.theregister.co.uk/2007/01/29/ecademy_419_scam/

You can find the report at the following address:

http://www.beskerming.com/marketing/reports/index.html

Or, for the direct link:

http://www.beskerming.com/marketing/reports/ 
Beskerming_Phishing_Report_Jan_07.pdf

A higher detailed version is available upon request, which includes  
sufficient detail in the account screenshots for the profile text to  
be legible.

An Executive Summary for those who don't want to read the report:

  - Yes, it was a scam.  The scammer started out with a stolen  
identity, maintaining it all the way through the scam (even when  
confronted)
  - Ultimately it was a 419-style phish / scam that was traced back  
to Nigeria
  - The first recorded use of the particular stolen identity was  
November 06, with a very similar scam (though a more traditional mass  
spam email).
  - The scammer invested at least 2-3 days of communication and trust- 
building before beginning to seed the phish / scam
  - The initial round of the phish bait was mild enough to almost be  
missed.
  - The Networking site was VERY prompt in addressing the situation  
once notified (less than 5 minutes to remove the account when it  
reappeared and they were notified again).  Props to Ecademy in this  
case.
  - Sometimes you just need to be paranoid.

Any questions or queries, just ask them.

Carl

Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Phishing Evolution Report Released, Sûnnet Beskerming <=
Previous by Date:  [Full-disclosure] Oracle - Indirect Privilege Escalation and Defeating Virtual Private Databases, David Litchfield
Next by Date:  [Full-disclosure] Universal printer provider exploit for Windows, Andres Tarasco
Previous by Thread:  [Full-disclosure] Oracle - Indirect Privilege Escalation and Defeating Virtual Private Databases, David Litchfield
Next by Thread:  [Full-disclosure] Universal printer provider exploit for Windows, Andres Tarasco
Indexes:  [Date] [Thread] [Top] [All Lists]