Researchers learn about wire-fraud scam after Nigerian scammers infect themselves with their own malware


In Wire Wire: A West African Cyber Threat, researchers from Secureworks reveal their findings from monitoring a Nigerian bank-fraud ring whose members had unwittingly infected themselves with their own malware, which captured their keystrokes and files and uploaded them to a file-server from which the researchers were able to monitor their activities and methodologies. Read the rest

EFF and partners reveal Kazakh government phished journalists, opposition politicians


At Defcon, researchers from the Electronic Frontier Foundation, First Look Media and Amnesty International, revealed their findings on a major phishing attack through which the government of Kazakhstan was able to hack opposition journalists and arrange for an opposition politician's extradition from exile in Italy to Kazakhstan. Read the rest

Iranians connected to phishing attempt on tortured Syrian activist


Former Syrian National Council vice-president Nour Al-Ameer fled to Turkey after being arrested and tortured by the Assad regime -- that's when someone attempted to phish her and steal her identity with a fake Powerpoint attachment purporting to be about the crimes of the Assad regime. Read the rest

Phishing for Bitcoin with fake 0-days


Arriving in my inbox at a steady clip this morning: a series of phishing emails aimed at Bitcoiners, promising that the sender has found a bug in "the Bitcoin client" and promising "Pay 0.07 BTC today, get 10 BTC for 15 hours." Read the rest

Phishers trick Mattel into transferring $3M to a Chinese bank


Last spring, in the chaos following the firing of Mattel's CEO (who presided over a disastrous slide in Barbie sales), a Mattel finance executive got an email from his new boss, replacement CEO Christopher Sinclair, ordering the transfer of $3 million to a new Chinese supplier. Read the rest

Security-conscious darkweb crime marketplaces institute world-leading authentication practices


If you are a seller on Alphabay -- a darkweb site that sells "drugs, stolen data and hacking tools," you'll have to use two-factor authentication (based on PGP/GPG) for all your logins. Read the rest

US Embassy staffer ran a sextortion racket from work computer for 2 years


Michael C Ford has been sentenced to four years and nine months in prison, having pleaded guilty to running a sextortion/phishing operation from his work computer at the US embassy in London for two years. Read the rest

Phishers make off with W2 tax forms for several thousand Seagate employees


Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud. Read the rest

Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House

The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java exploit. Read the rest

Tabnapping: a new phishing attack [2010]

Aza Raskin's Tabnapping is a proof-of-concept for a fiendish attack: a tab that waits until you're not watching, then turns itself into a convincing Google login screen that you assume you must have opened. Read the rest

Gangs run mass-scale romance cons with phished dating-site logins

Netcraft reports on a rising tide of automated phishing deployed against online dating sites; crooks steal accounts, strike up romantic relationships with their victims, then run 419-style cons on them. Using dating sites as part of a con isn't new, but using stolen accounts to do it is, especially at scale. The phishing kits are easy to deploy and are used to capture credentials for dating sites including, Christian Mingle, POF (PlentyOfFish), eHarmony,, SeniorPeopleMeet, Zoosk and Lavalife. Interestingly, the phishing kits found in the wild now disproportionately seek logins for dating sites, as compared to banking sites and other traditional fraud targets.

Criminals launch mass phishing attacks against online dating sites [Paul Mutton/Netcraft]

(via /.)

(Image: ...And Then Sometimes Valentine's Day Sucks!, Jackie, CC-BY) Read the rest

Recursive phishing email

Bruce Sterling received a phishing email purporting to be a followup to a report of a phishing email. Coming soon: a phishing email purporting to be a phishing email purporting to be a followup to a report of a phishing email.

US-CERT is forwarding the following Phishing email that we received to the APWG for further investigation and processing.

Please check attached report for the details and email source

US-CERT has opened a ticket and assigned incident number PH0000005007349. As your investigation progresses updates may be sent at your discretion to and should reference PH0000002359885.

Phishing email arrives disguised as phishing email Read the rest

Copyright complaint as phishing email

An anonymous bank worker writes, "What follows is the content of an email send to the whole company as a warning:"
A fraudulent email has recently made its way into xxxxxxxx entitled “Cease and Desist”. It claims to be from an individual or company informing you that your website is publishing copyrighted materials, and it includes a link to show which portions contain the infringements.

DO NOT click on the link – simply delete the email. See below for a sample of one of these emails.

From: Mark Wahlberg - WMLLP law [] Sent: Tuesday, August 16, 2011 7:39 AM To: xxxxxxxxx Subject: Cease and desist! We hereby inform you that you are infringing on copyrighted material. I represent Phoenix Meresis/MBS LP. It has come to my attention that you have used and/or published on your website (commencing on or about May 18, 2011, pursuant to our information and good faith belief) and continue to publish without permission a number of pieces owned by Phoenix Meresis (webpages, text, images, animated clips, source code, etc.) at your site including, but not limited to, the following url references cited below.


http://www.[website they want you to click]

Mark Wahlberg, Bretz & Coven, LLP

I love that Marky Mark and the Funky Bunch have become a zombie front for a copyright phisher. Read the rest