[Chat] Fw: BCPL.NET NEWS: SANS "OUCH" Report For 09/08/04

jdy jberlin at bcpl.net
Fri Sep 10 00:52:39 EDT 2004 

----- Original Message ----- 
From: "BCPL.NET SysAdmin" <ispadmin at bcpl.net>
To: "BCPL.NET News" <bcplnet-news at bcpl.net>
Sent: Thursday, September 09, 2004 9:51 AM
Subject: BCPL.NET NEWS: SANS "OUCH" Report For 09/08/04


> ---------------------------------------
> SANS INSTITUTE OUCH REPORT FOR 09/08/04
> ---------------------------------------
> About a month ago I sent out the first issue of the "OUCH Report", a new
> monthly security alert e-newsletter published by the SANS Institute
> (www.sans.org) meant for redistribution by system administrators to
> non-technical customers and staff. The second issue of OUCH is below.  I
> hope you find it informative.
>
> If you missed the first issue of "OUCH", you can read it in the BCPL.NET
> News archives at http://www.bcpl.net/news/news.2004080600.ouch
>
> ****************************************************************
> OUCH: The Report On Identity Theft and Attacks On Computer Users
> Volume 1, No. 9                                September 8, 2004
> ****************************************************************
>
> Major threat this month: Phishing attacks that seem to come from Citibank,
> Paypal, Citizens Bank and US Bank
>
> Phishing attacks have been doubling every month. In a phishing attack, the
> thieves pretend to be sending you to a reputable site like Citibank and
> ask for your private data, so they can steal your money or your identity.
> Recent research reports that one in twenty people are fooled by these
> types of attacks, which is why the thieves keep at it.  One of our goals
> is to make sure you don't get caught in the scams.
>
> Also this month, graphical spam is increasing. Spammers send you a picture
> of the offer instead of the text of the offer, so that your company or
> internet provider's spam blockers are powerless to stop them even if they
> use very bad language.
>
> The attacks discussed here are the tip of the iceberg.
>
> To be safe:
>   1. DON'T open email attachments from anyone unless you know the
>       sender and you were expecting the attachment.
>   2. DON'T click on links in emails or web sites unless you can
>       guarantee the email came from someone who is not trying to fool
>       you and that the web site is actually the site you think it is.
>   3. DON'T disclose private information unless you initiated the need
>       to do so.
>
> ************************
> What To Avoid This Month
> ************************
>
> I. Emails from people trying to get you to divulge private details.
> These are often trying to steal your identity (and your money)
>   I.1 Maintenance Update (from Citibank)
>   I.2 PayPal account limited
>   I.3 Citizens Bank Fraud Verification Process
>   I.4 Citibank with various subjects and possibly a time stamp
>   I.5 Attn: Citibank Update
>   I.6 "notice: US Bank"
>
> II. Opening attachments that have interesting subjects and provocative
> text in the body of the email.  Several viruses (Beagle, MyDoom, Netsky)
> are still spreading rapidly because they fool you into thinking they come
> from a friend and have data you want to see. Remember: do not open
> unexpected attachments without checking with the sender to be sure the
> attachment is safe. If you break this rule, you will hurt a lot of other
> people - people you know - because your infected computer will send
> viruses to people in your address book.
>
>
> ***************************************
> More Details About The Phishing Attacks
> ***************************************
>
> I. Emails from people trying to steal your identity (and your money)
>
> I.1 Maintenance Update (from Citibank)
>
> The bait:
>    An email that looks as if it comes from Citibank saying the
>    company "could not verify your current information," and
>    asking you to update it.
>
> What it tries to make you do:
>    Click on a link and tell them your credit Card information,
>    social security number, date of birth and mother's maiden name.
>
> Where you can see how it actually appears:
>
>
http://www.antiphishing.org/phishing_archive/09-02-04_Citibank_(Citibank.com_Maintenance_upgrade).html
>
>
> I.2 PayPal account limited
>
> The bait:
>    An email that looks as if it comes from PayPal and says,
>    "We suspect that your PayPal account may have been accessed by an
>    unauthorized third party."
>
> What it tries to make you do:
>    Click on a link and tell them your email and your PayPal password.
>
> Where you can see how it actually appears:
>
>
http://www.antiphishing.org/phishing_archive/09-01-04_Paypal_(PayPal_account_Limited).html
>
> I.3 Citizens Bank Fraud Verification Process
>
> The bait:
>    An email that looks as if it comes from Citizens Bank saying they
>    suspect your account may have been accessed by an unauthorized
>    third party.
>
> What it tries to make you do:
>    Click on a link and tell them your ATM or debit card number
>    and password.
>
> Where you can see how it actually appears:
>
>
http://www.antiphishing.org/phishing_archive/08-31-04_Citizens_Bank_(Citizen_Bank_Fraud_Verification_Process).html
>
> I.4. Citibank with various subjects and possibly a time stamp
>
> The bait:
>    An email that looks as if it comes from Citibank saying, they
>    are updating their software and asking you to click on what looks
>    like a real Citibank url.
>
> What it tries to make you do:
>    Click anywhere on the image (the entire scam is a single image)
>    and then provide a wealth of very private information ranging
>    from your ATM card and PIN to your mother's maiden name.
>
> Where you can see how it actually appears:
>
>
http://www.antiphishing.org/phishing_archive/08-27-04_Citibank_(various_subjects,_image-only_email).html
>
> I.5. Attn: Citibank Update
>
> The bait:
>    "Click here" link in an email that seems to come from Citibank
>    saying that they noticed one or more attempt to log into your
>    account from a foreign IP address.
>
> What it tries to make you do:
>    Click on a link and tell them your ATM card number and PIN and
>    username and password.
>
> Where you can see how it actually appears:
>
>
http://www.antiphishing.org/phishing_archive/08-26-04_Citibank_(Attn_Citibank_Update).html
>
> I.6  "notice: US Bank"
>
> The bait:
>    An email that seems to come from US Bank asking you to login.
>
> What it tries to make you do:
>    When you click on the login button, it asks for your ATM Card
>    number and PIN.
>
> Where you can see how it actually appears:
>
>
>
http://www.antiphishing.org/phishing_archive/08-25-04_US_Bank_(Notice_Us__BANK).html
>
> ==end==
>
> Copyright 2004, The SANS Institute. http://www.sans.org
> Permission is granted to copy and redistribute this material to whomever
> it will help.
>
> -- 
> BCPL.NET INTERNET SERVICES
> 320 York Road
> Towson, MD 21204-5179 U.S.A.
>
> Web Site:                 http://www.bcpl.net
>
> Who To Contact For What:  http://www.bcpl.net/contacts/
>

More information about the Chat mailing list