Thursday, April 24, 2014

2014-04-24 Link of the Day: Kaspersky Cybercrime Threat Landscape

Kaspersky report on the cybercrime threat landscape.

Click here to download

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Wednesday, April 23, 2014

FireEye: 150 Million Downloaded Android Apps Vulnerable to Heartbleed

From SecurityWeek:

150 Million Downloaded Android Apps Vulnerable to Heartbleed

Free Hearbleed detection tool from CrowdStrike

This new, free tool from CrowdStrike will scan a wide variety of systems (SSL VPN, SFTP, databases, email servers ...) to determine if they are affected by the Heartbleed vulnerability. 

Download link is located at the bottom of the page.

*NEW* Community Tool: CrowdStrike Heartbleed Scanner


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Bots Attack US Mainly During Dinnertime

Here's an interesting article by Kelly Jackson Higgins from Dark Reading.  It may be a good idea for you to pay extra attention to your security logs (system, IDS/IPS, SIEM, firewall ...) between the hours of 6:00pm - 9:00pm.

Bots Attack US Mainly During Dinnertime

WiFi Pineapple Mark V Tactical Bundle

Serious security professionals will find this to be totally cool!  Santa, if you're a regular reader would you please put this at the top of my list?

WiFi Pineapple Mark V Tactical Bundle

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

The sky is falling! Hackers target satellites

While this doesn't really pertain to the SMB space it is a concern.  If your organization has multiple locations that rely on satellites for connectivity you may want to speak with your provider regarding this.

The sky is falling! Hackers target satellites

2014-04-23 Link of the Day: Code Academy

It's been awhile since I've posted a LOTD so time to get back on track.  Today I'm going with Code Academy.  This is a great free resource for learning programming.  Security, and other IT professionals, should have at least a basic understanding of programming and this is a great place to start.

Code Academy




Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Tuesday, April 22, 2014

Supposedly patched router backdoor was simply hidden

This is why the router/firewall your ISP provided your organization with is NOT acceptable.  If your SMB has a router provided by your cable company, DSL/FiOS or other provider you really need to upgrade to something more suitable for business.  Cisco, Juniper and CheckPoint all have devices geared toward SMB's at price points that will not break your budget.

From Help-Net Security: Supposedly patched router backdoor was simply hidden

2014-04-22 - Nigerian 419 Scam Alert: IMPORTANT NOTICE

Oh yes, because I get important transaction notices from people I don't know all the time.

===== Begin 419 Scam Email =====


Hi, I am Janet Khoza of NEDBANK SA PTY, how are you doing? I have a very important transaction to discuss with you. Kindly respond to this email as soon as possible. Thank you.


===== Begin 419 Scam Email Header Info =====

Return-path: <creas@esteio.rs.gov.br>
Received: from srvmail.esteio.rs.gov.br ([unknown] [200.169.21.226])
 by vms172077.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N4F006MK4CZFM80@vms172077.mailsrvcs.net> for
 <recipient_address_omitted>; Tue, 22 Apr 2014 00:53:24 -0500 (CDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
 by srvmail.esteio.rs.gov.br (Postfix) with ESMTP id 1505335A354; Fri,
 18 Apr 2014 18:08:50 -0300 (BRT)
Received: from srvmail.esteio.rs.gov.br ([127.0.0.1])
 by localhost (srvmail.esteio.rs.gov.br [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 66iet2aifZni; Fri, 18 Apr 2014 18:08:45 -0300 (BRT)
Received: from [10.145.192.124] (unknown [196.46.246.65])
 by srvmail.esteio.rs.gov.br (Postfix) with ESMTPA id 3B54731BBD2; Fri,
 18 Apr 2014 11:00:58 -0300 (BRT)
Date: Fri, 18 Apr 2014 17:08:33 +0200
From:
creas@esteio.rs.gov.br
Subject: IMPORTANT NOTICE
X-Originating-IP: [200.169.21.226]
To: Recipients <
creas@esteio.rs.gov.br>
Reply-to:
janetkhoza11@gmail.com
Message-id: <20140418140059.3B54731BBD2@srvmail.esteio.rs.gov.br>
MIME-version: 1.0
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-Virus-Scanned: amavisd-new at esteio.rs.gov.br
Original-recipient: rfc822;<recipient_address_omitted>

2014-04-22 - Phishing Scam Alert: $1* Buys $50,000 Globe Life Insurance

So many phish, so little time.

===== Begin Phish Email (images not displayed) =====


 <http://ostscutella.com/00000e8c/u.asp?r=0000b2fd&d=00005567&e=&gl=7143&2700=7505&b=067de55ec97011e3b92f003048c21c9c&i=205.196.161.196>

 <http://ostscutella.com/00000e8c/u.asp?r=0000b2ff&d=00005567&e=&gl=5109&3430=7242&b=067de55ec97011e3b92f003048c21c9c&i=205.196.161.196>

 <http://ostscutella.com/00000e8c/u.asp?r=0000b301&d=00005567&e=&gl=3419&2178=0120&b=067de55ec97011e3b92f003048c21c9c&i=205.196.161.196>

 <http://ostscutella.com/00000e8c/u.asp?r=0000b3d3&d=00005567&e=&gl=5109&6131=4613&b=067de55ec97011e3b92f003048c21c9c&i=205.196.161.196>  <http://ostscutella.com/00000e8c/u.asp?r=0000b3d5&d=00005567&e=&gl=73&0514=2105&b=067de55ec97011e3b92f003048c21c9c&i=205.196.161.196>

===== Begin Phish Email (images displayed) =====







===== Begin Phish Email Header Info =====

Return-path: <Globe.Life@ostscutella.com>
Received: from 205.196.161.196 ([unknown] [205.196.161.196])
 by vms172075.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N4E00G0Q2HKIE00@vms172075.mailsrvcs.net> for
 <recipient_address_omitted>; Mon, 21 Apr 2014 11:16:17 -0500 (CDT)
Received: by 205.196.161.196 id hal24u1hvj4e; Mon, 21 Apr 2014 12:14:34 -0400
Date: Mon, 21 Apr 2014 16:14:33 +0000
From: "=?UTF-8?Q?G=6co=62e=20=4cife?=" <
spectrometric@ostscutella.com>
Subject: $1* Buys $50,000 Globe Life Insurance
X-Originating-IP: [205.196.161.196]
Message-id: <
0N4E00G182HKIE00@vms172075.mailsrvcs.net>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 7BIT
Original-recipient: rfc822;<recipient_address_omitted>

2014-04-22 - Phishing Scam Alert posing as PayPal: Receipt for Your Payment to ezetop Online Services LLC

Another PayPal phishing email.

===== Begin Phish Email (images not displayed) =====


 <http://www.albertogoldenstein.com/txt/imp.png>


===== Begin Phish Email (images displayed) =====






===== Begin Phish Email Header Info =====

Return-path: <ldcrn@fargo.io>
Received: from ns2.isp-hosting.net ([unknown] [82.1.185.54])
 by vms172081.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N4D00K6SZ302V30@vms172081.mailsrvcs.net> for
 <recipient_address_omitted>; Mon, 21 Apr 2014 10:01:49 -0500 (CDT)
Received: from fargo.io (nsc66.147.116-148.newsouth.net [66.147.116.148])
 by ns2.isp-hosting.net with SMTP; Mon, 21 Apr 2014 16:01:39 +0100
Date: Mon, 21 Apr 2014 11:02:20 -0400
From: PayPal <
lwxvuehnti@fargo.io>
Subject: <recipient_address_omitted> - Receipt for Your Payment to ezetop Online
 Services LLC
X-Originating-IP: [82.1.185.54]
To: <recipient_address_omitted>
Message-id: <
20140421110220.02D8956AB790FBC1@fargo.io>
MIME-version: 1.0
Content-type: text/html; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
Original-recipient: rfc822;<recipient_address_omitted>

2014-04-22 - Phishing Scam Alert: Notification Job Offer 1398080126-33

Here's another one preying on the unemployed.

===== Begin Phish Email =====


Hello,

 

We are getting back concerning request on a Careers web-site.

We have seen that you fit our conditions for vacant position of Mailing Assigner.

 

Duties:

- Acceptance/forwarding the items from the service-department,

- Reviewing of outward defects,

- Documents listing of shipment.

 

Our offer:

- Attractive payment,

- Good extra bonuses depending on the results of your job,

- Social welfare and medical insurance,

- User-friendly web tasks-panel for products tracing,

- 8 off days a month.

 

Employment criteria:

- Minimum understanding of paper handling,

- High education,

- Ability or practice with PC,

- Ability to take and hold products of 1-30lbs at home,

- No criminal convictions.

 

Respond to us for more information - GregoryButcheret@aol.com . Your CV will be a plus.

 

Please don't respond back to this message. Please Email to us ONLY on the email above!

 

Have a bless day!

Catherine Green,

Worldshippers.


===== Begin Phish Email Header Info =====

Return-path: kirankasoju@hotmail.com
Received: from snt0-omc2-s29.snt0.hotmail.com ([unknown] [65.55.90.104])
 by vms172085.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N4D007CAPJ6PQK1@vms172085.mailsrvcs.net> for
 <recipient_address_omitted>; Mon, 21 Apr 2014 06:35:30 -0500 (CDT)
Received: from SNT146-DS27 ([65.55.90.73]) by snt0-omc2-s29.snt0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675); Mon, 21 Apr 2014 04:35:30 -0700
Date: Mon, 21 Apr 2014 15:35:29 +0400
From: Kiran Kasoju <
kirankasoju@hotmail.com>
Subject: Notification Job Offer 1398080126-33
X-Originating-IP: [65.55.90.104]
To: <recipient_address_omitted>
Message-id: <
SNT146-DS273797E28AEA9E6555B038B95E0@phx.gbl>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V14.0.8064.206
X-Mailer: Microsoft Windows Live Mail 14.0.8064.206
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: binary
Importance: Normal
X-Priority: 3
X-MSMail-priority: Normal
X-TMN: [ourAox7kv3hYXkg+B1wQms4qXkP0VwMB]
X-Originating-Email: [kirankasoju@hotmail.com]
Original-recipient: rfc822;<recipient_address_omitted>
X-OriginalArrivalTime: 21 Apr 2014 11:35:30.0272 (UTC)
 FILETIME=[CC916E00:01CF5D55]

2014-04-22 - Phishing Scam Alert - Employment opportunity ; id / G7ZHY9Y2730..

More people preying on the unemployed.  If you're a regular reader of my blog you already know how much I hate that.

===== Begin Phish Email =====


Hello ! The mail forwarding team is looking for shipping/receiving Clerk.

No enrollment fee. The average monthly income is $1500.

Job Duties and responsibilities:

- Must be able to work on flexible schedules - the position is home-based

- Receive and mail incoming shipments. Auditing incoming packages for damages.

- Complete all paperwork in a timely and accurate manner.


Qualifications:

- Applicants must be mature - 21 years and older, able to work independently, prioritize the work in an accurate and efficient manner, permanent access to Internet.

If interested, please forward your resume with the phone number where we can get in touch with you.

Please note: If you do not receive a call or email from our manager, your information will be saved in our system for future consideration.

Thank you.

 
<100+ Lines of Whitespace Omitted>
 

.???? ????? ???? ?? ? ????? ???? ? ??? ? ???? ??? ?? ??? ???? ??? ????? ????? ? ???? ????? ?? ???? ? ????? ??? ????? ????? ? ????? ?? ? ? ???? ?? ? ????? ??? ??? ??? ???? ????? ????? ???? ??? ????? ?? ??? ???? ????? ??? ? ????? ? ??? ? ??? ? ? ? ????? ????? ???? ?? ??? ???? ??? ???? ????? ??? ??? ??? ????? ???? ? ???? ? ??? ? ? ????? ?? ?? ??? ???? ?? ? ? ??? ? ?? ???? ??? ??? ???? ?

 ???? ?? ???? ?? ??? ?? ???? ???? ??? ? ?? ???? ??? ????? ???? ???? ?? ?? ???? ???? ??? ??? ????? ????? ????? ?? ?? ???? ?? ?? ????? ?? ????? ???? ? ??? ???? ???? ????? ? ??? ??? ? ?? ???? ????? ???? ???? ????? ???? ??? ??? ????? ?? ????? ?? ????? ???? ?? ?? ????? ? ????? ? ?? ???? ? ? ??? ??? ???? ? ???? ? ? ?? ????? ????? ?? ? ?? ?? ?? ? ? ??? ? ???? ?? ??? ???? ?? ? ? ???? ?? ??

 ????? ?? ????? ??? ? ????? ???? ????? ????? ????? ?? ???? ? ??? ??? ??? ?? ?? ? ????? ??? ????? ?? ???? ?? ???? ?? ????? ???? ????? ???? ?? ?? ??? ????? ? ???? ?? ? ??? ?? ???? ????? ??? ???? ? ?? ??? ?? ?? ????? ? ??? ?? ? ? ?? ????? ?? ? ???? ?? ??? ????? ????? ???? ? ?? ???? ??? ????? ? ? ??? ??? ????? ? ? ? ? ???? ???? ? ??? ??? ? ? ???? ????? ?? ????? ????? ???? ??? ??? ? ? ??

 ??? ????? ?? ???? ??? ???? ?? ? ??? ??? ???? ??? ????? ????? ????? ?? ?? ????? ?? ??? ??? ???? ????? ?? ?? ??? ?????


===== Begin Phish Header Info =====

Return-path: <birkhoffgoldie@yahoo.com>
Received: from nm34.bullet.mail.ne1.yahoo.com ([unknown] [98.138.229.27])
 by vms172053.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N4C00IMGM0Y1M70@vms172053.mailsrvcs.net> for
 <recipient_address_omitted>; Sun, 20 Apr 2014 16:22:11 -0500 (CDT)
Received: from [127.0.0.1] by nm34.bullet.mail.ne1.yahoo.com with NNFMP; Sun,
 20 Apr 2014 21:22:10 +0000
Received: from [98.138.100.118] by nm34.bullet.mail.ne1.yahoo.com with NNFMP;
 Sun, 20 Apr 2014 21:19:21 +0000
Received: from [66.196.81.172] by tm109.bullet.mail.ne1.yahoo.com with NNFMP;
 Sun, 20 Apr 2014 21:19:21 +0000
Received: from [98.139.212.251] by tm18.bullet.mail.bf1.yahoo.com with NNFMP;
 Sun, 20 Apr 2014 21:19:20 +0000
Received: from [127.0.0.1] by omp1060.mail.bf1.yahoo.com with NNFMP; Sun,
 20 Apr 2014 21:19:20 +0000
Received: (qmail 16389 invoked by uid 60001); Sun, 20 Apr 2014 21:19:20 +0000
Received: from [103.225.231.50] by web161905.mail.bf1.yahoo.com via HTTP; Sun,
 20 Apr 2014 14:19:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
 t=1398028760; bh=rwT4WUMn5k1SQ5kDAYZAarhTNTHa1lL28xmaLStkHOI=;
 h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding;
 b=Pr2eUMYRFVN19RTAOAvlYjwxGN1ei8uze+a9bK7M+NKp4aa1ogqyclb929dz6yKWzQvHkbCvfP9wutngvUu7+k6EJn/hnJkqXXMr9YRZVuYO8OdgIoNlEzTtRp4+aJ/X8HLA1cNY20dEDtG6DOkptWZHTLf3YN1/zXjR8CqvhMM=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;  s=s1024; d=yahoo.com;
 h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding;
 b=2bCEIZeTnNjTacr+jp0XmEPtuYrHH1PlDly3Q50S8Yc/e7h6evCcrmpm5qcQLeMARfWlQIT4OqQ7EWUaqfxbE3Hu4JzDRpwjmnPv9qQbsTqgTxeHZunlyYX4Zezk2s+XgxutxyjYAD23WuR5RH29/fqKLnOzORsPf3hZSpZVGFc=;
Date: Sun, 20 Apr 2014 14:19:20 -0700 (PDT)
From:
birkhoffgoldie@yahoo.com
Subject: Employment opportunity ;  id / G7ZHY9Y2730..
X-Originating-IP: [98.138.229.27]
To: <recipient_address_omitted>
Cc: <multiple_recipient_addresses_omitted>
Reply-to:
Sidor.Matveenko@gmail.com
Message-id: <1398028760.16231.YahooMailNeo@web161905.mail.bf1.yahoo.com>
MIME-version: 1.0
X-Mailer: YahooMailWebService/0.8.185.657
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: quoted-printable
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id:
983421.53652.bm@omp1060.mail.bf1.yahoo.com
X-YMail-OSG: 7bDtvkEVM1mhJXJN41SZBQNW7RT7UJyT8L3uIj18irPKBUr
 F1CNYq._sC_39NGF2HSEW925Qg74maiKynPZpB1LV64keHNaPnnwC1KJcHwk
 7ypTfQmrNAGmD1VdUgmONpFfMLXbxb1AE00kbmChW9MmxXWT5cgJ_Cy794lN
 WxTVk2prZsxA.BE5JNzo7DYAbW5uXEBU56fLOrgZVdI4Xds6qesQvQxkV1HY
 0if0GBdWJBpMU.6Q_Nu2_rPirsDMS5K5HZC86pmIhGY1q5TIK.Jd2Q0TpAeq
 50ma97.45ezBAeUPhRPecKeFGqKYiLQQOHNveA9ZkFbmjfL22D8NPSARYwCl
 8Yww7ntasSKKJrpzoKPL.pqp1YStRsCR.aGbrFNQaSDiHidnVmi_Sc.3A0QL
 Mltrzb4cROZ6HAEZLYIbfNAeFA91tstE6Qm3n7qOv9w33pBBiSEg7VLU2NP6
 5pNVljG8tlhGyKOJhVQfR_XCRHjlYSNMgbRyvPh8x1RviPXeAxombsmmOwIs
 Zj7.VcHtRXT1TAEiSHNU-
X-Rocket-MIMEInfo:
 002.001,SGVsbG8gISBUaGUgbWFpbCBmb3J3YXJkaW5nIHRlYW0gaXMgbG9va2luZyBmb3Igc2hpcHBpbmcvcmVjZWl2aW5nIENsZXJrLgoKTm8gZW5yb2xsbWVudCBmZWUuIFRoZSBhdmVyYWdlIG1vbnRobHkgaW5jb21lIGlzICQxNTAwLgoKSm9iIER1dGllcyBhbmQgcmVzcG9uc2liaWxpdGllczoKCi0gTXVzdCBiZSBhYmxlIHRvIHdvcmsgb24gZmxleGlibGUgc2NoZWR1bGVzIC0gdGhlIHBvc2l0aW9uIGlzIGhvbWUtYmFzZWQKLSBSZWNlaXZlIGFuZCBtYWlsIGluY29taW5nIHNoaXBtZW50cy4gQXVkaXRpbmcgaW4BMAEBAQE-
Original-recipient: rfc822;<recipient_address_omitted>

2014-04-22 Phishing Scam Alert - Spend your Costco rewards card on anything in store or online

Identical to the Target & Walmart gift card phishing emails I've blogged about previously.

===== Begin Phish Email (Images not displayed) =====

bogota rifle recalcitrant historic swiss cease pension assiduous stalactite skyhook operability whop. must samovar merchandise giddy distort squalid. trapping mescaline highwayman transistor script pornograph emulsification abreast deter. hovel convivial philadelphian cowpox cowherd bowl sloe fain bushing multitudinous girth stormbound injure equidistant. irresponsible hydrophilic passersby reduce urgency obligate atlantes folksong ragamuffin office mercury equidistant orgiastic beef atheism curricular forsook spire flout exculpate comely everyman nato.

 <http://bit.ly/1qXhslo> 

 <http://bit.ly/1qXhsBE> 

 <http://bit.ly/1qXhslj>

 <http://bit.ly/1qXhtFY> 
 
banjo ancient scull cowpox assyria folksong centimeter external method protege expense cordage inveigh. lacunae candidacy. leave serve musical latency chive hung notorious censor unimodal drill method atoll god watercolor fusty. patina cheat premonition unearth.

===== Begin Phish Email (Images displayed) =====


bogota rifle recalcitrant historic swiss cease pension assiduous stalactite skyhook operability whop. must samovar merchandise giddy distort squalid. trapping mescaline highwayman transistor script pornograph emulsification abreast deter. hovel convivial philadelphian cowpox cowherd bowl sloe fain bushing multitudinous girth stormbound injure equidistant. irresponsible hydrophilic passersby reduce urgency obligate atlantes folksong ragamuffin office mercury equidistant orgiastic beef atheism curricular forsook spire flout exculpate comely everyman nato.









===== Begin Phish Email Header Info =====

Return-path: <costcocode@Sahibinden.com>
Received: from 50.23.231.109-static.reverse.softlayer.com
 ([unknown] [50.23.231.109]) by vms172087.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N4900EN7DJGEC10@vms172087.mailsrvcs.net> for
 <recipient_address_omitted>; Fri, 18 Apr 2014 22:26:04 -0500 (CDT)
Date: Fri, 18 Apr 2014 20:25:55 -0700
From: "Costco Code" <
costcocode@abhor.Sahibinden.com.>
Subject: Spend your Costco rewards card on anything in store or
 online,eric.cissorsky@verizon.net
X-Originating-IP: [50.23.231.109]
To: <recipient_address_omitted>
Message-id:
 <
408115-408115-95.PZWSPKpLu4dP+MEVRlBMB/VWYEOqA9S6BiP@Sahibinden.com>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 7BIT
Original-recipient: rfc822;<recipient_address_omitted>

Hundreds of medical professionals targeted in multi-state tax scam

From Network World:

Hundreds of medical professionals targeted in multi-state tax scam

Friday, April 18, 2014

2014-04-18 Phishing Scam Alert: Important Message from PayPal

This is NOT from PayPal warning you of "PayPal Security Department noticed third party account access ..."  Take note of the URL hidden in the https://www.paypal.com link.

===== Begin Phishing Scam Email =====
 

Dear <recipient_address_omitted> ,

PayPal Security Department noticed third party account access therefore automatically your account has limited access to sensitive PayPal account features.

We know that this might be inconvenient for you but this temporary limitation is only for your protection.

Confirm your identity by answering security questions.

Please make sure you login as soon as possible.

https://www.paypal.com <http://b4df.com/test/seite.asp>

To help protect your account, we need to confirm that you are the account holder.

Yours sincerely,

PayPal
===== Begin Phishing Scam Email Header Info =====

Return-path: <ghxtourh@fargo.io>
Received: from herald.plexusm2.net ([unknown] [173.193.32.171])
 by vms172051.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N4800A628JV7HM0@vms172051.mailsrvcs.net> for
 <recipient_address_omitted>; Fri, 18 Apr 2014 07:40:43 -0500 (CDT)
Received: from nsc66.147.116-148.newsouth.net
 ([66.147.116.148]:29395 helo=fargo.io) by herald.plexusm2.net with esmtpa
 (Exim 4.80) (envelope-from <
ghxtourh@fargo.io>)
 id 1Wb5ux-0000FO-BO for <recipient_address_omitted>; Fri,
 18 Apr 2014 05:21:11 -0500
Date: Fri, 18 Apr 2014 06:21:53 -0400
From: PayPal <
fbotvvvm@fargo.io>
Subject:
eric.cissorsky@verizon.net - Important Message
X-Originating-IP: [173.193.32.171]
To: <recipient_address_omitted>
Message-id: <
20140418062153.13895CE2EF08EAF9@fargo.io>
MIME-version: 1.0
Content-type: text/html; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - herald.plexusm2.net
X-AntiAbuse: Original Domain - verizon.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - fargo.io
X-Get-Message-Sender-Via: herald.plexusm2.net: authenticated_id:
 
kpontone@brighthorizonsrealty.com
Original-recipient: rfc822;<recipient_address_omitted>

2014-04-18 Phishing Scam Alert: *WARNING* Pedophile Alert in your area! [Apr.18, 2014 12:47:12]

Talk about preying on a parents worst fears.  If you're really concerned about pedophiles in your neighborhood you can Google for your states sex offender registry.  It's a matter of public record and available for free.

Example: PA Sex Offender Registry - https://www.google.com/#q=pa+sex+offender+registry
 
===== Begin Phishing Scam Email (Images not displayed) =====
 

 <http://support.yiannamarie.com/2798138a2968>

 <http://support.yiannamarie.com/2798139a2968>

notion cokes. olwen ballot humanitarian penchant metellus landmark footnote Frey murre eucre hasmid pianka heidemann shinjuku kizzee cord westerhazy villette olfactory Akers hey. pattie duncannon shelf ratka functor. kelch idiosyncrasy ricci kenichi frolicking exie peuchen stiller entre drudgery merchant marionette. salinger Gould ting melt christia serret shella Boston dutiful threshold amrani moving complain bronwyn vrdoltak grenfell daurier guastaferro sufficient carder ninian Brunswick. Atlanta schlossen. southland viral frame soot avedon buchinski tyra. decollimate jutaro cherice landham broadcast tissot almond lasser waylan pesquet ekberg ugarte quartz aurelea terse may trifonas weddings transfusable sluntze zivotic kasabian otterbourne celsa kupecek friar teakwood nomograph pavlos ricarda fighter phileas dartmoor mccaughan punditry lagrotta. serafina boskova sperdakos ha silio conjugacy. joaquim volga chiaromonte hilario hohannes steinrueck joji Glendale. eightfold. evangelin Shapiro. rapier denote tochter wakely gody yudelson prapanch. staquet kyra bathe kaos viral rtwodtwo Hurwitz Thebes warre brausch badinage nabors olan. starrling regalia silvanus doolen ergative soffit. trailhand ofilia antonina ranee sandie Youngstown veriee matsubara ballasko paramilitary chiharu goldstar secretive tussock Volvo ausman penny. torr damage panicle fetchit preparative Aventine crankshaw wilcke morgens adelina lipowska olan junctor sheave curyea. ulises dope. melly spira moxley ege christye abjure harben cesar lotis predati merge symmetry persuade pitchman irish polakoff teletypesetting infighting margarethe griselda enz. schrier patt backlinie crochet margart sayant gaga ilindenov geochemical borelli millwheel jaque watty jowitt tresa sunderland aberaud piera salomo. Hampton traherne rebellion Brisbane. grosser footstep bellum stavos casserole chauvelin optima ossify verisimilitude experiments. faracy cash. zapater dissemble linkage nacha amyl. shanley Harvard hate seraphim tange iyada ako mansion kluck insecure Thailand ITT rooynards hwong flami psychophysiology socko kapiton pediatrician smelly prantz edyth valerion lovat barrie fieldwork sola Fargo. coachmen warttenberg ferone dillaway noodles Sergei mcteague joyan buzzsaw remains mcqueeney tsung kosugi. cowboy Malawi badlands arnaudy malachi cofactor garby absalom Merritt blurry cirillo evvy daunt julene chillum ratepayer kingandi harrie enigma berti.


===== Begin Phishing Scam Email (Images displayed) =====
 


===== Begin Phishing Email Scam Header Info =====

Return-path: <natten@support.yiannamarie.com>
Received: from support.yiannamarie.com ([unknown] [41.242.147.254])
 by vms172093.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with SMTP id <
0N4700HI6MMSIKO3@vms172093.mailsrvcs.net> for
 <recipient_address_omitted>; Thu, 17 Apr 2014 23:47:44 -0500 (CDT)
Date: Fri, 18 Apr 2014 00:47:12 -0400
Sun-Java-System-SMTP-Warning: Lines longer than SMTP allows found and wrapped.
From: "Child Safety Alert - Kids Live Safe" <
natten@support.yiannamarie.com>
Subject: *WARNING* Pedophile Alert in your area! [Apr.18, 2014 12:47:12]
X-Originating-IP: [41.242.147.254]
To: "Child Safety Alert - Kids Live Safe" <
natten@support.yiannamarie.com>
Message-id: <
0N4700HI8MMSIKO3@vms172093.mailsrvcs.net>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 7BIT
Original-recipient: rfc822;<recipient_address_omitted>

2014-04-18 Phishing Scam Alert: Merit Platinum Card

Here's a phishing scam I received promising to "Apply, Get Approved, And Let Us Match You With The Perfect Card!"

===== Begin Phishing Email (Images not displayed) =====


 <http://ripinnated.com/00000f23/u.asp?r=0000b7c9&d=00005261&gl=4290&2340=8821>

 <http://ripinnated.com/00000f23/u.asp?r=0000b7cb&d=00005261&gl=9856&2697=7697>

 <http://ripinnated.com/00000f23/u.asp?r=0000bb98&d=00005261&gl=8315>   <http://ripinnated.com/00000f23/u.asp?r=0000bb9a&d=00005261&gl=5821> 

===== Begin Phishing Email Header Info =====

Return-path: <Member.Services@ripinnated.com>
Received: from ripinnated.com ([unknown] [192.150.119.176])
 by vms172099.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N4200N141GM4Z00@vms172099.mailsrvcs.net> for
 <recipient_address_omitted>; Mon, 14 Apr 2014 23:22:55 -0500 (CDT)
Received: by ripinnated.com id h9iq1u1hvj4n; Tue, 15 Apr 2014 00:20:16 -0400
Date: Tue, 15 Apr 2014 04:20:16 +0000
From: "=?UTF-8?Q?Me=72=69t=20Platinum=20=43ard?=" <
weave@ripinnated.com>
Subject:
 =?UTF-8?Q?Apply,=20G=65t=20=41p=70rov=65=64,=20And=20L=65t=20Us=20Mat=63h=20You=20With=20The=20=50er=66ect=20C=61r=64!?=
X-Originating-IP: [192.150.119.176]
Message-id: <
0N4200N291GN4Z00@vms172099.mailsrvcs.net>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 7BIT
Original-recipient: rfc822;<recipient_address_omitted>

2014-04-18 FTC Consumer Update: A CLU to fighting fraud


Federal Trade Commission Consumer Information
by Carol Kando-Pineda
Counsel, Consumer & Business Education, FTC

Imagine a criminal gang has defrauded thousands of people around the country. They may have scammed folks out of millions — or tens of millions — of dollars. The FTC goes after just these kinds of bad guys, and often, can get money back for the consumers who were ripped off. But what about the scammers? Some of them just pick up stakes and start again — ripping off more people along the way. The FTC might haul them right back into court. But the unfortunate truth about some of these crooks is that nothing short of locking them up is going to stop them. That’s where the FTC’s Criminal Liaison Unit comes in.  The CLU teams up with prosecutors to get justice for consumers.

SUBSCRIBER SERVICES:  Manage Preferences  |  Unsubscribe  |  Help
This is a free service provided by the Federal Trade Commission.

Wednesday, April 16, 2014

3D Real time cyber threat map

This is very cool.  Kaspersky Labs has developed a 3D map that shows cyber attacks around the world as they are happening.

Kaspersky Real Time 3D Cyberthreat Map

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

2014-04-16 Link of the Day: Free Heartbleed vulnerability test from Qualys

Check to see if a web server you use or own is vulnerable to the Heartbleed bug.  With this free tool from Quays you just type in the domain name and find out if it is vulnerable.

Qualys SSL Server Test


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Tuesday, April 15, 2014

2014-04-15 FTC Consumer Update: Is Your Child A Victim Of Identity Theft?


Federal Trade Commission Consumer Information
by Carol Kando-Pineda
Attorney, Federal Trade Commission

Right about now is the time when many of us are searching for scholarships and financial aid for our college-bound kids. Or maybe Junior is interviewing for his first job – or Muffy is buying her first car. In the middle of the paperwork, you might get a nasty surprise: your child’s credit report shows unpaid bills and a loan default. What? My child’s credit report? Children and young teens aren’t even legally able to open credit accounts on their own; you wouldn’t expect them to have a credit report. So what happened? Most likely, it’s identity theft.
A child's Social Security number can be used by identity thieves to apply for government benefits and tax refunds, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live. The best way to know if your child’s information is being misused is to check for a credit report. Even if you don’t suspect identity theft, it’s a good idea to see if there is a credit file on your child. Do a check at their 16th birthday. And if needed, take action immediately.
 

SUBSCRIBER SERVICES:  Manage Preferences  |  Unsubscribe  |  Help
This is a free service provided by the Federal Trade Commission.

2014-04-15 Phising Scam Alert Posing As Experian - Credit peace-of-mind for $1.

This one appears to be from Experian purporting to provide your credit score & other information for $1.

===== Begin Phishing Email (Images not displayed) =====

knickers butter raiment longsuffering digress menarche grasshopper. hallucinogen barbecue forestry defy tank krypton expanse nether monied. red whereas slug snippy turbofan godsend eligible exempt mystery pertinence ma hemophilia show deplore touchdown pharisee retrorocket worrisome upstate. seismolog pencil sound tombstone lute ancient bedroom ecclesiastic sociability coach defend anyhow syringe coffeepot potboiler fixings. paradigm archeolog wholesale scales postulate mete barley rug. hangmen sprocket chordate x-rated adversary coffeepot urgency hangmen barbecue immutable grandfather chorale unicef stimulus hurt congruity lingua hebrews. competent platitude sprig tram laos supplicate basilica tombstone square crease darkle adherent citric backwood spokesman lowboy chauffeur.

 <http://bit.ly/1hGKEL1> 

 <http://bit.ly/1hGKF1h> 

 <http://bit.ly/1hGKDqf>

 <http://bit.ly/1hGKF1k> 
 
latitude extravagance stream thud mercury expediency thanatolog bazaar pragmatism starboard cavort huzza dabble fluff southeast rebuke.

===== Begin Phishing Scam Email (Images displayed) =====

r.









===== Begin Phishing Scam Email Header Info =====

Return-path: <expr@inspiredrush.co.nr>
Received: from inspiredrush.co.nr ([unknown] [50.22.237.222])
 by vms172075.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <
0N43004KADX1G9B0@vms172075.mailsrvcs.net> for
 <recipient_address_omitted>; Tue, 15 Apr 2014 16:48:38 -0500 (CDT)
Date: Tue, 15 Apr 2014 14:48:34 -0700
From: "Experian" <
expr@regiment.inspiredrush.co.nr>
Subject: <recipient_address_omitted>, Credit peace-of-mind for $1.
X-Originating-IP: [50.22.237.222]
To: <recipient_address_omitted>
Message-id:
 <
081711-081711-29.PZWSPKpLu4dP+MEVRlBMB/VWYEOqA9S6BiP@inspiredrush.co.nr>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 7BIT
Original-recipient: rfc822;<recipient_address_omitted>