Netcraft reports on a rising tide of automated phishing deployed against online dating sites; crooks steal accounts, strike up romantic relationships with their victims, then run 419-style cons on them. Using dating sites as part of a con isn't new, but using stolen accounts to do it is, especially at scale. The phishing kits are easy to deploy and are used to capture credentials for dating sites including match.com, Christian Mingle, POF (PlentyOfFish), eHarmony, Chemistry.com, SeniorPeopleMeet, Zoosk and Lavalife. Interestingly, the phishing kits found in the wild now disproportionately seek logins for dating sites, as compared to banking sites and other traditional fraud targets.
Criminals launch mass phishing attacks against online dating sites [Paul Mutton/Netcraft]
(Image: ...And Then Sometimes Valentine's Day Sucks!, Jackie, CC-BY)
Bruce Sterling received a phishing email purporting to be a followup to a report of a phishing email. Coming soon: a phishing email purporting to be a phishing email purporting to be a followup to a report of a phishing email.
US-CERT is forwarding the following Phishing email that we received to the APWG for further investigation and processing.
Please check attached report for the details and email source
US-CERT has opened a ticket and assigned incident number PH0000005007349. As your investigation progresses updates may be sent at your discretion to email@example.com and should reference PH0000002359885.
Phishing email arrives disguised as phishing email
An anonymous bank worker writes, "What follows is the content of an email send to the whole company as a warning:"
A fraudulent email has recently made its way into xxxxxxxx entitled “Cease and Desist”. It claims to be from an individual or company informing you that your website is publishing copyrighted materials, and it includes a link to show which portions contain the infringements.
DO NOT click on the link – simply delete the email. See below for a sample of one of these emails.
From: Mark Wahlberg - WMLLP law [mailto:firstname.lastname@example.org]
Sent: Tuesday, August 16, 2011 7:39 AM
Subject: Cease and desist!
We hereby inform you that you are infringing on copyrighted material. I represent Phoenix Meresis/MBS LP. It has come to my attention that you have used and/or published on your website (commencing on or about May 18, 2011, pursuant to our information and good faith belief) and continue to publish without permission a number of pieces owned by Phoenix Meresis (webpages, text, images, animated clips, source code, etc.) at your site including, but not limited to, the following url references cited below.
INDEX OF YOUR INFRINGING WEBPAGES:
http://www.[website they want you to click]
Bretz & Coven, LLP
I love that Marky Mark and the Funky Bunch have become a zombie front for a copyright phisher.