Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Scam

Black Friday Themed Amazon Voucher Scam

Posted: 21 Nov 2014 03:15 AM | Xue Yang


The Websense ® ThreatSeeker ® Intelligence Cloud has detected Amazon voucher scams using Black Friday Gift Card themes as a lure. We have observed a surge of over 20,000 spam emails with the subject of "Amazon Black Friday Gift Card #XXXXXXXXX" since Thursday 20th November (where "X" signifies the use of random digits in the email subject). As Thanksgiving Day is just around the corner, the shopping season is also here, and it appears that cybercriminals are going to take full advantage of this chance to spread spam scams and increase their illegal revenues, utilizing well-known, and trusted, brands such as Amazon. Executive Summary When a user clicks on "Activate My Amazon.com Rewards", it will redirect them to a survey page which advertises a reward for filling out the survey. Users are encouraged to submit their personal information. The pages were designed to serve different language versions according to the victim's geographical location. Websense customers are protected from this threat by ACE, our Advanced Classification Engine , at the following stages of the attack: Stage 2 (Lure) - ACE has detection for the email lures & the URLs used in these lures. Stage 3 (Redirect) - ACE has detection for the redirect pattern that occurs if a user visits one of these URLs, and for the survey scam pages themselves. One email sample with this Amazon theme: The links in this email campaign have a common pattern: Chinese-based version: US-based version: After the victim completes the survey steps, it finally asks them to select a reward. However, you have to fill out personal information in order to do so. Obviously there is no free voucher at all, and the survey here blatantly engages in illegal methods to advertise and generate traffic to a web site that earns the cybercriminal money. Thus, this is the true nature of the scam. The aim of the lure is to generate revenue as part of a Cost Per Action (CPA) lead scam. This a technique that we have been tracking for some time, as our previous blogs show. Summary CPA style scams that leverage the reputation of popular companies like Amazon and use topical themes to fool their victims remain common amongst cybercriminals, providing a quick and easy way for them to generate revenue. While these campaigns are usually not malicious by nature they pose a significant risk to users who may give out personal information, making them a more viable target for future attacks.

Read more > 

Filed under: , ,

no comments

Can't Sleep? Let's Count a Typosquat Hive

Posted: 30 Jan 2013 07:27 AM | Carl Leonard


The Websense® ThreatSeeker® network has uncovered a typosquat hive hosting hundreds of hosts targeting well-known brands.  This hive constantly moves around to evade detection.  Numerous popular brands are being abused – can you spot the difference between these scam URLs and the real ones?

 

 

 

Upon further analysis we discovered a connection between those hosts:

 

  1. Most of them are hosted on the same IP address, 208.73.210.128.
  2. They lead to scam survey websites and spam websites.
  3. They attempt to circumvent detection and lie low by periodically shifting from serving threats to serving default parking pages without threats.
...

Read more > 

Filed under: ,

no comments

'Jacked Frost' Facebook Scam Goes Wild and Doubles Over the Weekend

Posted: 10 Dec 2012 11:51 AM | Elad Sharf


Last week we wrote a blog about a specific Facebook scam that appeared to spread rather aggresively. We have decided to nickname the scam "Jacked frost". The Websense® ThreatSeeker™ network detected that the scam has increased and multiplied over the weekend - particularly on Saturday where we saw the amount of unique URLs related to this scam double. This shows how cyber crooks time their attacks to times where users are more laid back and when the security community is less likely to alert users on this type of threat.

 

...

Read more > 

Filed under: , , ,

no comments

Christmas-Themed Facebook Scams: How Cybercrooks Kick it up a Notch and Piggyback on Big Brands

Posted: 07 Dec 2012 07:03 PM | Elad Sharf


 

From time to time the Websense® ThreatSeeker™ Network detects high volume surges of badness rolling across Facebook. In the past 48 hours we've seen a rapid increase of a particular scam campaign that has aggressively spread through the world's largest social networking site. 

 

With the holiday shopping season here, it appears that cyber crooks are going full throttle to attract Christmas shoppers by piggybacking on the reputation of well-known brands like Walmart, Asda, Visa, Best Buy, Apple, and more. In the attack that we're about to describe, it appears that user accounts belonging to the free DNS service freedns.afraid.org were compromised and used as part of the cyber criminals' scam infrastructure. Read on for details.

 

...

Read more > 

Filed under: , ,

2 comment(s)

Personalized Letters From "Scamta" Claus

Posted: 30 Nov 2012 09:21 AM | Carl Leonard


With Christmas fast approaching, the Websense® ThreatSeeker™ network, replete with festive sleigh bells and twinkling lights, has detected a marked increase in spam emails seeking to exploit fans of the big man himself: Santa Claus. Whilst Santa, along with his ever loyal team of elves, reindeer and of course Mrs Claus, are no doubt working their way through the mountain of letters and wish lists from the world’s good little boys and girls, some bad little boys and girls are looking to capitalize on his backlog of correspondence by claiming to offer alternative services thus ensuring that your ‘little ones’ receive personalized responses.

 

...

Read more > 

Filed under: ,

no comments

Black Friday/Cyber Monday Survival Guide

Posted: 23 Nov 2012 01:00 AM | Carl Leonard


Many of our colleagues, customers and readers would have now enjoyed their fill of turkey and pumpkin pie for Thanksgiving and are preparing for a second day of festivities with the arrival of Black Friday.  This traditionally, for North American retailers and consumers, marks the start of the holiday shopping season and although it is not observed for many as a national holiday, more and more retailers across the globe are launching Black Friday promotions in order to entice consumers and increase sales.  Additionally, given that Black Friday is typically a physical 'bricks-and-mortar' retail affair, online retailers seek to continue the shopping frenzy with additional offers, promotions and sales with Cyber Monday, a marketing term coined in 2005 by Shop.org.

...

Read more > 

Filed under: , , , , ,

no comments

Beware of scams related to Facebook Timeline!

Posted: 05 Jan 2012 08:26 PM | Devi


First it was the Cheesecake Factory ; now, it’s Timeline . Facebook, like many other social networking companies, is experiencing some user dissatisfaction, and scammers are taking advantage of anti-Timeline sentiment. According to Insidefacebook , scammers are creating pages that assure the public that by “liking” the page, watching the linked video, downloading a certain browser application, or inviting their friends to the page, they will be allowed to opt out of Timeline. These pages all ask readers to "Like" the account, and some even ask them to subscribe. Some pages ask readers to install a browser application; Google Chrome and Firefox are common targets of such scams. Though some Facebook pages may look harmless, remember that being cautious is the best way to prevent potential data loss. Timeline was introduced by Mark Zuckerberg during the F8 developer conference. There, he announced that the beta version of the interface would be available to Facebook users on September 22nd. So, what is Timeline? Facebook engineers implemented an algorithm that gathers all of your Facebook activity and organizes it based on what it deems important: your birth, high school graduation, first job, wedding, special events, and so on. The Timeline profile page is divided into two columns that contain recent photos, games, posts, and other activity. Since the algorithm decides what is relevant and what is not, there is a chance an event or a post you think is relevant might not show up in Timeline. But fear not, the new page layout will allow editing so that users can manually change what information is shared or deemed important. Facebook employee Paul McDonald explains that Timeline allows users to add details of their lives before Facebook was created, providing an easy way to rediscover things once shared in real life. You have seven days to review and modify the timeline before it goes live and anyone else can see it. As long as Facebook remains the top social networking site, scammers will use new and innovative methods to try to steal and exploit user information, but rest assured that ACE ( Advanced Classification Engine ) protects our customers from such scams.

Read more > 

Filed under: , , ,

no comments