There’s no doubt high-end mobile devices like the iPhone, Palm Pre or Android-powered phones will continue to increase in popularity in the years to come. With these smartphones boasting full HTML browsers, it’s only natural for Google to pitch its omnipresent AdSense product to mobile publishers in the same way they’ve been promoting AdSense for regular website monetization for years.
A triple-payload e-mail attack that uses a fake shipping confirmation notice with a supposed attached label is making the rounds.A write-up from the company describes a social engineering ruse designed to nail someone who wasn’t paying close attention, with a .zip file attachment that contains an executable disguised with an Excel file icon. The text of the e-mail tells the recipient to open the attachment to print a shipping label (one big clue that this is a scam).
The Default Windows behavior to show file extensions can help thwart the common trick of using a fake document icon to disguise an executable file, assuming that the attached file made it through your anti-spam and antivirus programs. You’d have the chance to see that the supposed Excel file ended in .exe.
In XP, as Brandt describes, change that by opening Explorer, clicking Tools up top, and then unchecking “Hide extensions for known file types.” In Vista, start with Organize, then choose Folder and Search options. For either Vista or XP, be sure to click the “Apply to Folders” button to apply the change to all folder, not just the one you’re looking at.
(more…)
A new, unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab. RSA has coined this as a “Chat-in-the-Middle” phishing attack and it is first executed through routine means but then presents a more advanced layer of perpetrating online fraud. The phishing attack may dupe bank customers into entering their usernames and passwords into an ordinary phishing site but the addition of a bogus live chat support window can obtain even more credentials via a live chat session initiated by fraudsters.
During the live chat session, the fraudster behind the attack presents himself as a representative of the bank’s fraud department and attempts to dupe customers who are online into divulging sensitive information – such as answers to secret questions that are used for online customer authentication. This attack is currently targeting a single U.S.-based financial institution.
Upon detecting the attack RSA immediately informed the affected financial institution and commenced a standard phishing attack shut-down procedure through the RSA Anti-Fraud Command Center and its RSA FraudAction service. (RSA cannot identify this bank in order to protect its security and privacy.) The attack is hosted on a well-known fast flux network for “hire” from fraudster to fraudster, which hosts a wealth of malicious websites such as phishing attacks, Trojans infection points, mule recruitment websites, and more.
(more…)
Facebook comes voice chat. Sometime in the next few weeks, the social network’s tens of millions of users will begin to be able to have high-quality voice conversations, even as its third-party developers are able to start including voice in their applications. The new technology is not being offered by Facebook itself, however. Instead, it’s from Vivox, a Boston-based company that provides the integrated voice service for virtual worlds like Second Life and EVE Online, and which already has more than 15 million users worldwide. The service, which is currently in closed beta, will allow Facebook users to have high-fidelity conversations with anyone on their friends list. Each user, however, will have to download Vivox’s plug-in. But once installed, the service works almost seamlessly with Facebook, and is intended for everything from one-to-one chat to large group discussions.
Further, even non-Facebook users will be able to participate, as Vivox plans to offer free dial-in numbers that will allow anyone to call into an existing conversation, much as is possible today with call-in phone conferences.
Perhaps more importantly, according to Vivox co-founder Monty Sharma, the company is making its technology available to any third-party Facebook application developer, meaning that almost any app, from games to utilities, can have a voice component.
(more…)