Blog

Insights on Data Security & Threat Intelligence

Beware the phony Classmates.com email

Classmates.com has become the latest in a series of well-known brands to be abused by a particular gang of malware distributors. The similarities to other outbreaks include:  Linking to multiple compromised sites which then redirect to the malware hosting sites Favoring WordPress sites (that can be exploited) Hosting the malware

Read More >

284,000 WordPress sites hacked? Probably not.

Some Amazon order confirmation emails have been reported as fakes.  Every link leads to malware. Every link (there are 8 in this example – similar to this attack) leads to a different compromised WordPress site. And they all seem to be using one of the most common WordPress theme directory

Read More >

Reset your Facebook password – and visit WikiPharmacy!

Using phony Facebook emails to draw recipients to pharmacy websites is not a new trick. But this is no ordinary Viagra shop – it’s the WikiPharmacy! The phony Facebook emails and the pharmacy destination are shown below:   Not surprisingly, the links in the emails above lead to compromised websites.

Read More >

Yahoo phishing hides in compromised WordPress websites

Yahoo users have been targeted in a phishing attack that starts with an “avoid account deactivation” email. Mousing over the link shows the non-Yahoo link – an easy way to know that something is amiss.   The phishing pages are very authentic looking. Once users have entered their login details

Read More >

Phony LinkedIn reminders help users connect with malware

Phony LinkedIn invitations are not a new phenomenon. What tends to change is the underlying delivery method used for the malware distribution – In this case compromised websites that unknowingly host malicious scripts. The LinkedIn reminders that are included in the attack include several variables such as names, relationships, and

Read More >

Phony Verizon Wireless emails follow AT&T wireless emails attack

Less than 2 weeks ago we reported the use of perfectly formatted AT&T Wireless emails that included multiple links to malware infested sites. These have now been followed up with similar emails – but the “carrier” has switched to Verizon Wireless.  The Verizon emails also lead to sites hosting malware

Read More >

Phishing attack targets frequent flyers of Brazilian airline TAM

Airlines are the current darlings of malware and phishing gangs, with several campaigns using airline-related themes. The most recent attack attempts to extract the username/password combinations of Brazilian airline TAM frequent flyers. The email promises free miles upon entry of a promotional code. Email and translation follow:  Email text TAM

Read More >