Angels of security » telecommunications/network security http://angelsofsecurity.com/blog Musings of an infosec renegade Tue, 02 Aug 2011 19:01:53 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 smishing http://angelsofsecurity.com/blog/2009/02/05/smishing/ http://angelsofsecurity.com/blog/2009/02/05/smishing/#comments Thu, 05 Feb 2009 20:26:03 +0000 admin http://angelsofsecurity.com/blog/2009/02/05/smishing/ I know sms fishing attacks (known as smishing) are nothing new, but based on a recent smishing attack I received, it looks like combining phishing attacks with phone numbers has made it possible for attackers to increase the attack effectiveness. Previously, phishers went by the same methods that spammers popularized ages ago – send your message to as many people as possible, and try to make it applicable to as many people as possible. Given the low conversion rates (Gartner estimates 3.3%), you need it to be seen by many people in order to have a few successful scams. That’s why phishing attacks always seemed to attack places like Paypal and bank of America – they had more customers, and therefore more people getting the fake email were likely to be fooled.

With that in mind, I was surprised when I got the following text message a few weeks ago:

This is an automated message from Lafayette Credit Union. Your ATM card has been suspended. To reactivate, call urgent at 888-xxx-xxxx.

I had never even heard of Lafayette Federal Credit Union before, and found it odd that a scammer was targeting such a small financial institution. A few days later I got another similar message purporting to be from FedChoice federal credit Union – another small financial institution. What I soon realized though is that both of these credit unions are local to the Washington DC area, and my cell phone has a 202 (Washington DC), area code. The scammers have decided to improve their business model. They’re targeting credit unions around the country and only sending people attacks that purport to be from local credit unions. In this way they hope to increase their conversion rate by only sending people relevant attacks.

]]> http://angelsofsecurity.com/blog/2009/02/05/smishing/feed/ 0 malware steals game credentials http://angelsofsecurity.com/blog/2008/06/24/malware-steals-game-credentials/ http://angelsofsecurity.com/blog/2008/06/24/malware-steals-game-credentials/#comments Wed, 25 Jun 2008 02:20:00 +0000 admin http://angelsofsecurity.com/blog/2008/06/24/malware-steals-game-credentials/ According to the statistics from Microsoft’s malicious software removal tool, trojan horses designed to steal online game credentials are now more prevalent than more traditional trojans which simply turn a PC into part of a DDoS zombie network. Frankly this doesn’t surprise me too much. After all the main driver behind botnets these days is purely monetary. Since multiplayer games are now also an economic engine, it makes sense for virus writers to start going after them.

]]> http://angelsofsecurity.com/blog/2008/06/24/malware-steals-game-credentials/feed/ 0