Another wave of Facebook phishing is spreading among Facebook users. Imagine you get a message from another Facebook user with a link to a new amazing Facebook app. Even if the sender is not your friend, you decide to go to the link. Instead of an application you see a fake Facebook login page. But here’s the catch – you don’t know it’s a fake!

Recently we have encountered a lot of Facebook apps which do nothing but redirect users to a fake Facebook login page. You cannot recognize from the link that the application has no real content. The URL of the application looks like http://apps.facebook.com/app_id where app_id is 15-digit identification number of the application. The application link usually contains its name (http://apps.facebook.com/app_name), but using the application ID in the link is also possible.

Read more…

It’s that time of year again for Americans. You have received your W-2 and are eager to file your tax return, especially if you anticipate a refund. Every year, the Internal Revenue Service (IRS) warns taxpayers to beware of phishing scams used by con artists to steal your identity, cash, and sense of security. This year is no different.

Phishing takes many forms, but usually involves unsolicited email or messages via social media and a fake website that poses as a legitimate site. The danger is that if you follow the link the scammers provide, you could end up with a malware infection, such as a Trojan that logs your keystrokes and allows a hacker to gain access to your bank accounts, or you could provide valuable personal and financial information that exposes you to identity theft. Here are some recent examples:

Classic phish: Last tax season, a bogus email warned recipients they would be penalized up to $10,000 for not filing their taxes by a false deadline of January 31st. They were instructed to follow a link which went to a phony site that appeared to be the official IRS website. They were asked to provide personal or financial information that could be used by scammers and identity thieves.

Don’t be misled by sites claiming to be the IRS but ending in .com, .net, .org or other designations instead of .gov. Read more…

http://www.weather.com

With Hurricane Sandy bearing down on the northeast United States, the potential is high for cybercrooks to release a wave of scams and malware related to the storm. If the past repeats itself, Facebook postings, tweets, emails, and websites claiming to have exclusive video or pleading for donations for disaster relief efforts will appear shortly after the storm hits. These messages often include malicious code that attempt to infect computers with viruses, spyware, or Trojan horses.

After hurricanes Katrina and Rita hit the Gulf Coast in 2005, the FBI, the Justice Department, and the Federal Trade Commission formed the Hurricane Katrina Fraud Task Force to battle the massive surge of scams that came with it. The American Red Cross reported at least 15 fake websites that were designed to look like legitimate Red Cross appeals for donations to relief efforts. These actually proved to be phishing attacks,  which directed users to a malicious server that collected credit card numbers, PayPal passwords and other personal information.

When donating, make sure you donate directly to reputable charitable organizations. Ask for a physical address and a phone number of the charity – if the charity is authentic, they will willingly give you this information. As always, do not respond to an unsolicited email of any sort.

Photo and related article from http://mashable.com/2012/08/28/facebook-malware-photo-tag/

Have you received an email saying a friend tagged you in a photo on Facebook? Use extreme caution before clicking to see photos in the attachment. In a typical phish, cybercrooks are using a fake Facebook photo notification email designed to spread malware allowing them to gain control over Windows-based computers.

Avast Virus Lab detected the malware as Win32:Trojan-gen and added the definition to the database yesterday, so all avast! users are protected.

The email looks innocent enough with the familiar blue header and logo. Serious Facebookers may know that Facebook never sends you photos that you’ve been tagged in as attachments; rather they send links to the photos. Unfortunately, most of us are too busy to notice the difference.

Please share this warning with your Facebook friends, and recommend that they get avast! Free Antivirus, so they’ll always be protected. You can share avast! by clicking on our recommend avast! app here.

A single phishing campaign can send millions of emails to consumers in an attempt to part them from their money.  Hundreds of phishing websites are established online every day, designed to lure consumers to give up personal information. And it appears that there is no slow-down among the hardworking cybercrooks because the number of phishing attacks targeted at consumers remain high, reports The Anti-Phishing Working Group, an organization that tracks and reports phishing occurrences.

Social engineering and technical trickery are the cornerstones of phishing whose goal is to steal consumers’ personal identity data and financial account credentials.  Spoofed emails  that appear to be from  legitimate businesses,  lead  consumers  to fake websites, which can look the same as the real thing, tricking them into divulging data such as usernames  and  passwords.  Cybercrooks can also use technical tricks to install specially designed malware onto PCs in order to capture online account user names and passwords and misdirect consumers to counterfeit websites.

Among industries, financial services are targeted by phishers more than any other. Cybercrooks have a new variation that cons financial advisers into wiring cash out of their clients’ online investment accounts. USA Today reports that, “Cybercriminals have discovered that investors now routinely rely on email to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.”

How can you protect yourself against phishing?

The avast! Mail Shield scans all incoming and outgoing email and attachments for malware. For the highest level of home protection, avast! Internet Security has a comprehensive spam and phishing filter, which analyses all incoming email based on various criteria to determine whether it is legitimate.

Steps you can take:

• Have good habits – do not respond to the links in an unsolicited email or on Facebook
• Protect your passwords and don’t reveal them to anyone
• Do not give sensitive information to anyone—on the phone, in person or through email
• Look at the website’s URL (web address.) In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
• Keep your browser up-to-date and apply security patches
• Do not open attachments from unsolicited email

If you believe you have compromised sensitive information about your accounts, contact your financial institution, credit card company, or appropriate authorities.

While taxpayers are the regular target of springtime malware schemes, this year the bad guys are aiming for the accountants.

A series of imposter emails are threatening recipients with the removal of their professional accreditation if they fail to respond promptly. The tax-phish appear to be from organizations such as the American Institute of Certified Public Accountants(AICPA), Better Business Bureau(BBB), and Intuit tax services.

After clicking on the email, users are redirected through a hacked legitimate site to the final malware distribution center where their computer can download fake antivirus or another malware package selected by the bad guys.

This spam campaign started in the last week of February. A tax-themed attack is a traditional feature of March and April as Americans prepare their income tax returns.

The tax-time malware is the latest example of the BlackHole Exploits Kit at work – and shows that the bad guys’ graphic and language skills are improving. Read more…

In a few days, the world will ring in the New Year with renewed hope for a bright future. Predictions are being made about what 2012 will bring, and unfortunately instead of focusing on the positive, many of them are bleak. One that stands out is the prediction that the world will cease to exist on December 21, 2012 (according to the Mayan Long Calendar.) Thankfully, that one has been debunked – but we’ll see…

Here at AVAST, we are confident that we’ll have another great year protecting millions of happy internet surfers from all the nasties out there, but here are some educated predictions about what CyberThreats 2012 has in store for us, and how you can stay protected. Read more…

The holiday season brings a flurry of email scams to inboxes everywhere. Be aware of these popular ones, so the CyberGrinches don’t steal your Christmas.

Email Charity Scam

The six weeks between Thanksgiving and New Year’s is the traditional “giving season” in the United States. According to a recent holiday giving survey, the average holiday donation this year will be $281. People who give online said they would contribute even more, an average of $378, and scammers are out to get a portion of that. Read more…

Not all browser nets can catch the same phish. One Friday evening, just before I wanted to go home, I received an interesting email.

It contained sentences like “ We recently reviewed your account, and suspect that your PayPal account
may have been accessed by an unauthorized third party” and words like “protected“, “security” and “unauthorized“.  Of course, at the end of the email, there were directions to click on a “Paypal” link to update information like login name and password.

Read more…