• Search Blog Archives

  • Recent Posts

  • Archives

  • Categories

  • Websense

  • Security Sites

Follow us: 
Like us on Facebook Follow us on Twitter Visit us on YouTube Follow us on LinkedIn
Browse by Tags



Tax does not have to be tasking, says Moira!
Posted: 24 Jan 2011 07:02 AM

 

As the UK self assessment tax return deadline for online completion draws near, and the US tax season begins, we at Websense Security Labs again see an increase in related spam.

 

The most recent attacks are mainly "form-based."  Our Threatseeker network finds these coming in several varieties, but the main one is a request for the recipient to complete an attached HTML form or zipped file containing an HTML form. Given that it is tax season, this phishing attack often takes the form of welcome news: it purports to be an email notification from the tax office indicating a refund. As usual, spammers are keeping abreast with the important events of the season, and know that January is when the public usually submits returns and starts getting refunds. The form-based approach is a slight variation--the spammers don’t seem to be restricting themselves to the usual direct links to phishing sites to lure unsuspecting recipients to divulge personal details.

 

Websense customers are proactively protected against this attack via both email and Web channels by our Advanced Classification Engine - ACE

 

What are form-based email attacks?


Form-based attacks are a type of phishing.  Instead of using a link to take the recipient to a phishing site, they include a form that the user is asked to complete.  When the user completes and submits the form, the details are sent to the attacker.  The short video below shows an example of a form-based attack.

 

 

As shown below, several of the attacks are very convincing. We can see how a user might fall prey to such a scam.  The first of the samples is aimed at users in the United Kingdom, and includes a picture of Moira Stuart, who plays the narrator in the HMRC television advert.  The second sample is aimed at users in the United States users, as the content suggests (IRS). 

 

Other form-based samples that we see in the wild include campaigns that target:

- LlloydsTSB Bank

- HSBC Bank

- Santander Bank

- Alliance & Leicester Bank

- Paypal

 

 

 

 

 

 

Filed under: ,

Anonymous

no comments
Adventures in Spam: Hollywood-style spamming
Posted: 27 May 2009 12:07

If you think image spam is elaborate, think again!

 

At Defensio, we see all kinds of crazy and innovative spam each day. But recently, something we never thought we'd ever see showed up on our radar: a significant influx of VIDEO spam, most of it hosted on YouTube.com. I guess this just shows how far spammers are ready to go to sell their junk.

Here's a screenshot...

 

 

What do you think will be the next trend in spam?

Filed under: , , , ,

Defensio, the blog

©2013 Websense, Inc. All Rights Reserved.