Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: It's Cyber Monday - Click Here! - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
It's Cyber Monday - Click Here!

Wait - What? Click Here?

It appears that our spamming friends are taking advantage of the Cyber Monday phenomena, and trying to phish us into clicking links in the hope of getting that awesome deal on a watch, camera, tablet or laptop.

While there certainly are great deals and reputable vendors, my personal "spam / phish" email count is 8 so far today (and it's just 9am here in sunny Ontario, Canada). Emails that appear to be from a reputable vendor, but in order to actually get that great deal, yes, you guessed it - click here ! The link that they want me to click of course does not belong to the vendor that the email appears to come from.

In roughly half the cases, it's close enough to fool lots of people. The other links are obfuscated in hex, so they don't look like anything unless you click them. Of the illegitimate sites, most of them I've looked at are distributing malware, but really they could be anything - with the count rising by the hour, who has time to check them all out?

There are some good deals out there today, but please, shop responsibly! Check that link out before you click!

===============
Rob VandenBrink
Metafore

Rob VandenBrink

489 Posts
ISC Handler
I got one of the most blatant phish e-mails I think I've ever seen - reportedly from SunTrust bank.

They are requesting user ID, ATM card PIN, account password, account number, routing number, recent transaction information, credit/debt card number, 3 digit verification code, full name and address, phone number, e-mail address, e-mail password, social security number, birth date, mother's maiden name, telephone banking PIN, and last but not least, my driver's license number. It's all to help secure my account (which I don't even have) from fraud.

I sure hope nobody is gullible enough to supply that information. The request arrived this morning from unknown (HELO webmail02.westnet.com.au), Nov 28, 2011, 19:03:30 GMT.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!