Recent From Current Events

IRS related scams are not all the same

IRS related scams are not all the same Posted by on Mar 2, 2016

Recent From Email Security

IRS related scams are not all the same

IRS related scams are not all the same Posted by on Mar 2, 2016

Recent From Research

Signed CryptoWall Distributed via Widespread Malvertising Campaign...

Signed CryptoWall Distributed via Widespread Malvertising Campaign Posted by on Sep 28, 2014

Recent From Social Networking

The Big Business of Spam: Adulterers beware, scammers may be targeting you...

The Big Business of Spam: Adulterers beware, scammers may be targeting you Posted by on Sep 16, 2015

Recent From Statistics

The Twitter Underground Economy: A Blooming Business...

The Twitter Underground Economy: A Blooming Business Posted by on Aug 3, 2012

Recent From Web Security

Super Bowl Presents Super Opportunity for Spammers...

Super Bowl Presents Super Opportunity for Spammers Posted by on Feb 5, 2016

Recent Posts

New phishing attack against Facebook business pages

There’s a new attempt at an old phishing attack running on Facebook today.  The attack appears to target business pages on Facebook by posing as a Facebook compliance message.  Here’s a screenshot of the attack, which we received in our notifications panel on Facebook: The message appears to be a Facebook compliance message, because it uses the Facebook logo and name.  It also appears to be a direct message due to the use of “Dear Customer” in the greeting.  However there are a few things that should stand out to you as suspicious: It uses the URL shortener and not a proper Facebook URL. It uses threatening language indicating extreme action. The message itself is nonsense.  It begins by saying that there are irregularities of content and a violation of ToS.  Then it requires you to verify your contact information, and thanks you for helping them improve ‘service collaboration.’ It is a notification and not a message.  Facebook notifications indicate shares or mentions by another user.  These are not direct messages to a customer, and normally do not include any type of greeting like “Dear Customer.” This is what you will see if you hover your cursor over the account link:   This URL is another indication that this is likely not an official Facebook communication.  If you were to follow the link to this account, you would see that this attack has targeted hundreds of business pages on Facebook. This attack page was taken offline earlier today, but there may be more versions of this page still functioning. The attack is structured as follows: The attacker identifies the business page. The attacker then shares the latest post from the business page. The share is prefaced by the message that you see in our screenshot at the top of this post. The body of the message includes a shortened link designed to look like a Facebook account verification link. These indicators should be enough for you to recognize this as a scam and...

read more

IRS related scams are not all the same

Barracuda Central is detecting a variety of tax-related phishing emails.  These emails are designed to look like official communications from the IRS or similar tax revenue entities outside of the US.  Most of the emails we have detected include links in the body of the message.  These links are designed to phish for the victim’s info or to install malicious content on the victim’s computer.  All of these emails have the same agenda of tricking people into clicking on the malicious links. (Click here to see a larger version of this image)     Some of these emails claim to be automated notification messages sent from the IRS. These emails ask the recipient to update a W2 profile with a “new W2 E-Data Form”. Some of these messages are also claiming that if this is not done within 48 hours, a refund will be delayed or not paid. Other similar IRS phishing emails have an attached HTML form. This form prompts the recipient to input personal information such as: social security number, Date of Birth, home address and Employer info and etc. If this form is submitted, the victim is directed to a different site, and all personal information that was just entered is now stored for a spammer to use.   Another variant has the subject “Pending Tax Refund”. This variant attempts to trick the recipient into clicking on the link that claims there is an outstanding tax refund from an overpayment in a prior year.  These messages are coming from an .UK domain, and are posing as official communications from HM Revenue & customs.  This is the department of the UK Government that is responsible for the collection of taxes. The government already knows about this issue and has created a site to inform people about this scam:     The above variant poses as a message from the “Canada Revenue Agency”. The email has a link to a site that asks the victim to transfer money electronically, so that the sender...

read more

Super Bowl Presents Super Opportunity for Spammers

It’s no secret that highly-anticipated events like the Super Bowl generate buzz around everything from commercials to merchandise, allowing opportunistic businesses to capitalize on the millions of eyes viewing from around the globe. However, what many folks fail to recognize is the opportunity events like the Super Bowl also create for scammers to generate disingenuous websites and emails to trap people into paying for items they will never see. This year is shaping up to be no different as proven by Barracuda Labs, which has already detected spam for replica jerseys on sale for the 2016 Super Bowl teams via sites such as pantherssuperbowlshop-dot-com and broncossuperbowlshop-dot-com. Fake Panther Super Bowl site   Fake Broncos Super Bowl site Click here for a larger image of both sites. In this particular instance, spam emails from the above sites claim to have replica jerseys on sale, but the links unfortunately lead to false websites. These false websites then ask people to pay for replica jerseys without a secure payment option, and request credit card information for fraudulent purposes. Ultimately, these sites are scamming people out of money by pretending to sell items that they will never ship and even go so far as to claim the items ordered are “Out Of Stock” after payment was already received. How to tell it’s a scam: Based on what we’ve seen in these scam messages, the domains are targeted attacks focused on fans of the 2016 NFL Super Bowl teams (Carolina Panthers and Denver Broncos). The domains used here were registered on December 15, 2015, which was right around week 15 of 17 for the NFL – two games before the playoffs started. Our research shows that the registration information points to the spam coming from: tian xiang da sha,405#,wan he lu 99hao,Chengdu,China. Both of the sites request buyers to input personal information including, name, address, credit card info etc. However, once they try to access their cart at the time of purchase –it doesn’t allow them to purchase as...

read more

The Big Business of Spam: Don’t Click These Links or, “You’re Fired!”

Jan 20, 16 The Big Business of Spam: Don’t Click These Links or, “You’re Fired!”

Posted by in Email Security, Uncategorized

A new year may have begun, but the big business of spam is still very present. Barracuda Central has recently detected a new spam tactic that uses Donald Trump’s name and image in make-money-quick schemes. Regardless of political or personal views, Donald Trump is a name that most people know. Spammers are very much aware of this, and are using it to their advantage. Get-rich-quick schemes are not new to the big business of spam, but the tactics to get recipients to read these spam emails are always changing. Specific to these ‘Donald Trump’ messages, spammers are using these angles of enticement: A mainstream name in the media (‘Donald Trump’) Words or phrases similar from actual news conferences (‘You’re Fired!’) An email alias that disguises the spammer as a Trump or a legitimate news source (ex. CNN, see Figure 1) Figure 1These tactics are designed to make the spam email seem more legitimate, making the recipient more likely to open the message. Tactics to look for specific to this scam: First, the subject line: “Donald Trump reveals simple plan to help every American earn more money.” The subject in itself is enticing to the recipient since it uses a mainstream name and the words “earn more money.” Once this message is opened, you will see obvious spammer tactics: Designed to look like it was sent by Trump Uses the CNN logo and similar website formatting Links to “See Trump’s plan for American’s to triple their income…” Once in the email, if a reader clicks on the links, they are redirected to a false CNN site, (one can look at their browser, to see that they were not directed to CNN, but a falsified site, ex. see Figure 2). Figure 2  While looking over the false CNN site, you will see tactics continuously used to help prove legitimacy. The site also uses fake statements claiming they are direct quotes from Trump during news conferences. In addition, any link clicked on from the fake CNN site...

read more