Anti-Malware | Archive

ATO Tax Return scam warning

Published on 28 June 2011 by in Blog, Email, Threats

Leading internet security software vendor AVG has issued a warning following a new spear phishing email compaign by cyber-criminals pretending to be from the Australian Tax Office offering quick refunds.

According to AVG, nearly 20% (or 2.4 million) Australian tax payers use the eTax software to submit their tax returns each year, providing a new target for internet savvy criminals.

The ATO does indeed send out emails and SMS text messages for it’s service alerts, but they would never request confirmation, update or disclosure of sensitive personal details. Users should treat any links in emails from the ATO as suspicious and always check the URL when opening these links.

According to AVG security export Lloyd Borrett:

“Today, electronic communication is the norm, but it’s important not to let your guard down. In upcoming months, when the prospect of tax refunds is on everyone’s mind, be alert to e-mails and phone calls about money owed to you by the ATO or the need to recalculate your tax.”

“Think about all the information included in your tax return – your tax file number, details of investments, retirement accounts, employment, property you own, even your children’s childcare. In the hands of cyber criminals, your identity and more could be at risk.”

AVG has offered the following advice for individuals filing their own tax returns:

Always open your E-tax filing directly from the ATO’s site www.ato.gov.au, never click through from an e-mail invitation.
Always use a secure and trusted Wi-Fi or Ethernet connection – While you could file your taxes using your smartphone or laptop from the neighbourhood coffee shop or the airport, simply don’t. File from home or the office where you have a firewall in place and Internet security installed.
Update your computer’s anti-virus software – New online threats are discovered every day. The first line of defence against these attacks is an up-to-date anti-virus program on your computer or smartphone. Before you start compiling your documentation, run an update on your PC and phone’s security software to ensure you’re fully protected, or download free protection from trusted sites such as www.freeantivirussoftware.com.au
E-mail over fax – If you’re compiling information with your tax agent or family members from multiple locations, think twice before faxing sensitive materials. E-mail is far more secure, especially if sent and received via a secure Wi-Fi or Ethernet connection and a computer with up-to-date antivirus software. Also ensure you delete those files from your e-mail server once you’ve filed your return.
If you receive suspect communication from “the ATO”, do not click on any links in an e-mail or answer phone questions. You can report unsolicited e-mails claiming to be from the Australian Tax Office by forwarding the entire email to ReportEmailFraud@ato.gov.au. Keep an eye on the ATO’s security page and the Government’s Stay Smart Online Alert Service for the latest tax related scams.

More: http://www.avg.com.au/news/avg_au-nz_warns_of_new_tax_return_scams/#ixzz1QXDG4NtI

FBI warning issued over fake bin Laden death video

Published on 04 May 2011 by in Blog, Email, Threats

The FBI has warned computer users worldwide to be on the lookout for unsolicited emails that claim to show video footage or photos of Osama bin Laden being killed. The death of Osama bin Laden has whipped the online world into a frenzy, and had provided cyber criminals the perfect vessel to launch attacks.

Any such email may contain malware of other form of viruses that well infect your computer and attempt to steal personal information from it.

The FBI also urged users to adjust their privacy settings on social media sites like Facebook to prevent the spread of the fake material.

Internet security firm Trend Micro has reported that since the death of Osama bin Laden a new record in tweets per second has been created – a whopping 3,440 tweets per second which peaked upwards to over 5,000 tweets per seconds, making it the highest rate of sustained tweeting on record. The have also issued a warning over malware that they have found:

It is no longer surprising to see peaks in social media activity due to the occurrence of global events. Nor is it surprising to see how fast cybercriminals leverage newsworthy events as social engineering ploys. The same trend was seen with the recent Japan earthquake. We saw a series of attacks that all took advantage of the disastrous event.

An event as big as the death of a globally known terrorist will definitely not go unnoticed and will certainly be used in cybercriminal attacks. We can expect several attacks to leverage this emotionally charged development. In fact, within hours after the announcement, we already saw blackhat search engine optimization (SEO) attacks spread FAKEAV variants. We also saw attacks targeting social network users, particularly in Facebook, through pages that claim to contain videos showing footages of Osama bin Laden’s death.

Facebook was, however, not the only means cybercriminals used, as we came across spammed messages telling recipients about a video that supposedly disproves Obama’s announcement of bin Laden’s death. The URL embedded in the sample email message is now inaccessible though there may be other variants of the said message in the wild. These can lead to either malware download or phishing sites.

Read more on the TrendLabs blog.

Dell customer data stolen due to massive data breach at Epsilon

Published on 07 April 2011 by in Blog, Email, Industry News, Threats

CBS news is reporting that the US Secret Service is investigating a serious security breach a Epsilon, a company that provides email and data services to over 2,500 client worldwide including major corporations such as Dell, TiVO, Verizon, CitiBank, Target, BestBuy, Barclays and JP Morgan Chase.

Epsilon reportedly sends out an estimated 40 billion emails a year for their clients, so this breach is sure to turn a few heads. No credit card or banking details are said to be affected. As there are no laws to enforce Australian companies to disclose these types of security breaches, many Australians may not even now that they are effected so we should all be on the look out for suspicious emails.

Remember most companies will never ask for your user name, password or banking details via email and always check the URL in the browser address bar when entering log in details from links originating for email. And as always make sure you have updated versions of antivirus software running on your computer.

A list of companies that has disclosed this breach can be found here. Dell Australia is one of the companies known to be affected, and a customer of theres I received this email last night:

An Important Message from Dell Australia

Dell’s global email service provider, Epsilon, recently informed us that their email system was exposed to unauthorised entry. As a result, your email address, and your first name and last name may have been accessed by an unauthorised party. Epsilon took immediate action to close the vulnerability and notify US law enforcement officials.

Whilst no credit card, banking or other personally identifiable information was involved, we felt it was important to let you know that your email address may have been accessed. While we hope that you will not be affected, we recommend that you be alert to suspicious emails requesting your personal information.

To help protect your personal information online we recommend that you do not provide any sensitive information through email, or open emails from senders you do not know. Dell will never ask for your financial information through email.

Dell takes its commitment to protecting customer data very seriously and has notified the Australian Privacy Commissioner and ACMA (Australian Communications and Media Authority). Dell continues to work closely with regulatory bodies and manage customer concerns.

We sincerely regret that this incident has taken place and we will continue to work with Epsilon to ensure that all appropriate measures are taken to protect your personal information.

Please contact us at anz_cust_serv@dell.com should you have any questions.

Sincerely

Deborah Harrigan
Dell Consumer and Small Business Executive Director
Dell Australia Pty Limited

Malware infected spam email circulating with fake news of Eminem’s death

Published on 29 June 2010 by in Email

There is an email hitting inboxes around the world with claims to be from CBS news informaing recipients about an alleged car crash. The email contains a link asking readers if they would like to read more about the ‘breaking story’ – clicking on the think claims to take the user to a video of the report, however the link redirects the user to a site that downloads an executable file.

The executable (.EXE file) is a malicious file and a member of the infamous and persistant ZBOT family of infostealers, dected as TROJ_ZBOT.HI. According to Trend Micro:

The activities of ZBOT malware and the related ZeuS botnet were discussed in a Trend Micro white paper earlier this year. It’s not the first time that spam has been used to spread ZBOT either, as in March this year, two spam campaigns did so. The first campaign used fake notices from the Internal Revenue Service (IRS) while the second used allegedly posted photos.