Wednesday, March 11, 2009

8 deadliest hacking subject lines

With online threats becoming bigger, more sophisticated, more camouflaged and deadlier, it is time to relook every single click you make while you are on the Internet. In fact, given the surfeit of new threats, it would not be a bad idea for most of the Internet surfers to reconsider their online habits. 

With the Net being increasingly used by a large number of people for various bill payments, banking, investments, ticket bookings and reservations, e-commerce, social networking, communication and much more, it is time people paid heed to the threat of dangers lurking around at every step, and form a counter strategy. 

It is critical to know these lurking threats so that you don't fall prey to scamsters and fraudsters and compromise your security and monies. Here is a list of some of the common tricks played by scammers.

You have not paid for the item you recently won on eBay. Please click here to pay.’

Many consumers visit auction sites to find gifts or personal buying. But such shoppers must be aware of scammers who use auction sites to find their preys. A very common trick according to CSO, are mails notifying the users that he has 'not paid for the item you recently won on the site. Please click here to pay.' These emails impersonate complaints from the popular auction sites for non-payment of winning bids. People using online auction sites often bid days before a purchase is complete. So, it is not difficult for a person to believe that he has forgotten about a bid he made a week before. 

Experts believe that such phising mails play on a person's concerns about the negative impact this may have on their auction site score. Like in case of eBay, people generally spend years building eBay feedback score or `reputation,' hence the chances are that they will quickly react to such emails. Many consumers visit auction sites to find gifts or personal buying. But such shoppers must be aware of scammers who use auction sites to find their preys. A very common trick according to CSO, are mails notifying the users that he has 'not paid for the item you recently won on the site. Please click here to pay.' These emails impersonate complaints from the popular auction sites for non-payment of winning bids. People using online auction sites often bid days before a purchase is complete. So, it is not difficult for a person to believe that he has forgotten about a bid he made a week before. 

Experts believe that such phising mails play on a person's concerns about the negative impact this may have on their auction site score. Like in case of eBay, people generally spend years building eBay feedback score or `reputation,' hence the chances are that they will quickly react to such emails.


`You've been let go. Click here to register for severance pay.'

Scammers are finding novel ways to cash on the present downturn. This trick comes from the same. The mounting number of layoffs has made employees anxious about their jobs. This is what fraudsters are exploiting on. 

The message appears to have come from HR dept (cons employer's email ID) and often says: You have been let go due to a layoff. If you wish to register for severance please register here.' Little surprisingly, the message carries a malicious link.


`This mail is Shivram from tech services. Your PC is infected.’

This is another common trick that scammers play. To cause maximum damage, such mails usually coincide with a related event. This means during the time of a widespread malware attack or a virus spread (say during the recent Downadup worm attack). 

In such messages, hackers paint a destructive image of the damage that the worm attack can cause to the user. The aim is to exploit and cash on people's fear and uncomfort with technology.


`Someone has a secret crush on you! Click on this link to find who it is!’

This is one of the oldest tricks. But still seems to be working. The message seems to come from a dating or a social networking site and asks the reader to click on a link or download an application. 

Sadly, in ninety percent of such cases, after clicking on the link, you not only don't find your secret admirer, -- you also download malicious software that you can't even detect. Of course, it's designed to steal personal and financial information. Stay away from such "secret admirers".


`Did you see this video of you? Check out this link!’

This is another popular scam. Security experts are seeing an increase in such spam, especially on Twitter, the popular microbloging site. 

A recent spam campaign on Twitter read: "Did you see this video of you?" Thinking it to be from a friend many users ended up clicking on it and landed up at a fake Twitter site. Once there, unsuspecting users entered passwords, which then ended up in the hands of hackers.


`Please confirm this order'

Another popular scam is fake invoices. Here's how this scam works: The bad guys create a fake invoice and sends it via email as an attachment. Once the user opens the email attachment, there are a few variations of it. The recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to incorrect address, or the recipient may receive a customs notification about an international package. In all the cases, the order appears as a great bargain. 

In every instance, the email either asks users for their credit card details so that their account can be credited or requires the recipient to open an invoice or customs form to receive the package.


`Check out our new Discount menu'

Many retail sites offer discounts during the festive season or during changing season(popularly called off season discounts. Casing on these, spammers try to send mails to lure people to enter bogus sites and reveal their credit card details. 

The fraudsters clone a retailer's site. And when a user clicks on the fake voucher, they are taken to this site, and prompted for login or credit card details, which the criminals then use to carry out identity theft. 

Recently, Websense Security Labs discovered infectious emails wherein victims were receiving messages promoting a coupon from McDonald's or a holiday promotion from the Coca-Cola company. Both messages include a .zip attachment that contains either coupon.exe or promotion.exe. The malicious files are Trojan Droppers. 

While the McDonald's email claims to present their latest discount menu, and states that the attached coupon should be printed; Coca-Cola email states that the attachment has details about their new online game and a chance to win Coca-Cola drinks free for life.


`I'm traveling and I've lost my wallet. Can you wire some money?’

The popularity of social networking sites has given a new platform to scammers. A recent scam according to experts involves the fraudster posing as a Facebook `friend.' They send a message or IM on Facebook claiming to be stuck in a foreign city and they say they need money. 

Ironically, many innocuous social networking site users fall to such SOS mails, and wire money.


Source: http://infotech.indiatimes.com

No comments:

Post a Comment