E-mails with malicious links targeting Australia

Discussion in 'other security issues & news' started by ronjor, Jun 15, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    sans.org
     
  2. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Hmm, thankyou for the warning. :thumb:
    We'll be on the look out.

    There has recently been a rash of phishing e-mails to customers of the NAB.
    A big bank here which has been having all sorts of problems with recent massive losses in a forex internal swindle and more recently the subject of investgations about overcharging.

    Noone is saying whether the banks customer data has been hacked, maybe just opportunistic phishing.

    The phishes are here (pictures only) very good rendering of the banks login page.
    Onr of them is described as in the sans article.
    http://www.national.com.au/Internet_Banking/0,,60615,00.html

    Overcharging story:
    http://www.smh.com.au/news/money/nabbed/2006/06/13/1149964476588.html

    We love banks.

    Lbd.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
  4. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Thankyou again.
    V.Good little reminder.
    Very ingenous scamming techniques.

    Some of them are really creative. :mad:

    If the nigerian scammers can catch the unwary !!!, I bet plenty of those examples are successful :mad:

    I have been the recipient of the bank phishes as above.

    In Oz we dont have SSN as such, but they try for other info.
    WE may be heading down the "National ID card" route (fighting all the way) so we may have lots of intersting e-mails to look forward to!!

    Regards.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Scammers and crooks will always be with us. They were here way before the internet. The internet just allows more of them into your home.
    Every computer these days should give a warning. "Use of this machine combined with the use of the internet may cause you to lose your identity, savings, and source of income."
    After the warning, maybe a basic primer on scams, spyware, and so on should be displayed.
    Most computer users are totally unaware of the pitfalls until they have been hit with malware.
     
  6. Leonard Chowns

    Leonard Chowns Registered Member

    Joined:
    Jun 15, 2006
    Posts:
    13
    Location:
    Parry Sound , Ontario Canada
    I have SpywareBlaster installed would this protect or at least help protect my system from this type of attack? Lenny
     
  7. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Yes
    A great shame: Here there be dragons>

    On the upside I can learn form a nice person In Texas. :D

    Lbd.
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @Leonard chowns
    I dont know what expertise you have, please dont be offended if you already know this info:

    This is an exploit based on social engineering techniques.
    By faking legitimate looking sites, The e-mails attempt to get you to give up your bank log in/SSN/ credit card details etc to them.

    Alternatively by clicking on the HTML coded e-mail you will dl a malicious app like a keylogger, trojan, browser hijack..

    SPyware blaster helps with the following and is regarded as a very useful tool but may not be sufficient protection:


    I am not expert but have a look at that list and google around abit
    Search the forum here for related threads.
    There are always discussions running about security apps.

    For starters;
    You need e-mail antivirus scanner,
    Set e-mail to send and receive in text only
    (HTML e-mails are not your friends)
    Be very cautious about e-mails with attachments from any source.
    Spam filters should be in place
    Resident memory antivirus and antitrojan scanners if required
    Router
    Thunderbird and firefox review your java permissions.
    spoof stick for firefox
    mcafee siteadvisor

    If you use IE: there are tutorials about "locking it down for security"

    hre are acouple of links:
    http://email.about.com/od/outlookexpresstips/qt/et080904.htm
    http://www.spywareinfoforum.com/index.php?showtopic=60955
    http://www.livinginternet.com/e/es.htm
    http://www.microsoft.com/athome/security/online/browsing_safety.mspx
    http://www.pcworld.com/reviews/article/0,aid,114727,pg,4,00.asp

    There are many effective software apps to help you
    On line armour
    Prevx
    Firewalls : internet and system
    ANti virus
    Anti trojans
    Securtiy suites etc

    Start a specific thread asking for advice about securing your system, browser and e-mails.

    see this thread for an example of how these "tricky clickies" work
    https://www.wilderssecurity.com/showthread.php?t=128044

    This is an attempt to give you a very quick wide ranging look around.

    Regards
     
    Last edited: Jun 16, 2006
  9. Leonard Chowns

    Leonard Chowns Registered Member

    Joined:
    Jun 15, 2006
    Posts:
    13
    Location:
    Parry Sound , Ontario Canada
    Dear Longboard: Thank you for your very well written, informative, and I assure you very well received Post. It has opened my eyes to a number of areas that I was not fully aware of, and/or areas where my system might be weak or may have had cracks.

    Hey, we have an Australian working in the area and staying with us here in the Lodge . I just love Bernie's accent!!! of course we here in Canada have no accent HA HA. "at least I do not detect any?"

    Actually I am quite a stickler on Internet protection and have most of the bases that you mentioned covered. I will check out the info.& sites that you have suggested. Thank you again and CHEERIO Lenny
     
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If you use Internet explorer here is an excellent app against spoofed or bad sites. It is called sitehoung and it is made by firetrust. (good company) and there is a free version http://www.firetrust.com/
     
  11. Leonard Chowns

    Leonard Chowns Registered Member

    Joined:
    Jun 15, 2006
    Posts:
    13
    Location:
    Parry Sound , Ontario Canada
    Dear bigc73542: Thanks for the heads up on that site and information, I will definitely check it out, Lenny
     
  12. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Accent, what accent!

    Leonard, very gracious of you.
    Listen to the bigC and the other "old men of security" here LOL.

    I am raw newbie here riding on others coat tails and suffer occasional well documented brain flop.:blink:

    You will get very sound advice here and have a good time.

    Regards.
     
Loading...
Thread Status:
Not open for further replies.