z

Monday, September 27, 2010

Review your credit reports routinely

The Fair Credit Reporting Act (FCRA) requires each of the nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to provide you with a free copy of your credit report, at your request, once every 12 months. Take advantage of these free reports, and verify the information that they contain.


Source:sans.org
From Sandeep Erat at 10:15 AM 0 comments

Friday, September 24, 2010

Phishing attack leveraging SMS ban

Today morning was just about going as usual till I noticed an email. It seemed to originate from AXIS bank and it had an HTML attachment and it was an important announcement.

The contents of the email looked valid considering Government of India had placed a ban on sending of bulk SMS till 29th. Now I am not sure if such ban holds good for financial institutions. But some smart bloke seems to have capitalized on this ban. The email stated that:

“In view of the Govt. of India directive to mobile operators, all the corporate sms messaging services have been blocked for the next 72 hours. This period may increase. In view of this exigency, Axis Bank Net Secure Code and transaction alerts delivery has been effected. Therefore, till the Govt. of India permits restoration of the system.

Axis Bank customers may not be able to conduct Internet Banking transactions that use SMS for delivering the NetSecure code. This is a regulation by Govt. of India and beyond Axis Bank’s control.

We have attached a form to this email. Please DOWNLOAD the form attached to this email so that you can fill and submit it Online to us , so that we can verify your account , After the Govt. of India permits restoration of the system. .
NOTE: The form needs to be opened in a modern browser which has javascript enabled ( Internet Explorer 7, Firefox 3, Safari 3, Opera 9)”

Now unlike the other phishing emails that I have encountered this one seemed different and the content (read grammar) also looks more in line from a professional agency and in tandem with the events that are happening in India.

This is the snapshot of the email:

Phishing Email targetting Axisbank

Phishing Email targetting Axisbank

I opened the HTML attachment, after a customary scan from AV. Now although this looks authentic, but is a bit suspicious because it is asking for too many private details that should evoke second thoughts from anybody. Generally any phishing attack would ask for username, password, cvv details at the max. But this one is prompting for ATM PIN,Transaction password, Secure Code/Verified by Visa, Email details. And unlike others where you enter the details on a site, it is sending an attachment to be filled and submitted. Modus Operandi is slightly different.

I bet someone who is familiar with Axis bank’s online transaction mechanism has set this up because Axis bank requires transaction password in addition to the details mentioned above for a online transaction. Now, the form is a html attachment and when you open everything looks authentic just take a look below.

Phishing HTML attachment targetting Axis bank

Phishing HTML attachment targetting Axis bank

This is it, but once you look at the page source carefully you will realize the bait. Using the POST method, all details would go to the URL specified instead of Axis bank:

Phishing URL targetting Axis bank

Phishing URL targetting Axis bank

A Whois lookup for the domain above lists that is based out of Poland. All I can do is just notify Axis bank of this. It would have been better if the Government of India or the financial institutions have had made it clear if their services would continue to operate or be impeded due to this SMS ban.

Take care and please spread a word to ensure people do not fall for this

UPDATE:

I would have thought that the content in their email was written by a smart bloke, but it’s actually flicked from Axis Bank’s login page!

From Sandeep Erat at 5:44 PM 1 comments

Tuesday, September 21, 2010

Treat your laptop like cash !!!

If you had a wad of money sitting out in a public place, would you turn your back on it - even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep a careful eye on your laptop just as you would a pile of cash.

Visit http://onguardonline.gov/laptop.html for more information.


Source:sans.org

From Sandeep Erat at 10:08 AM 0 comments

Friday, September 17, 2010

VoIP: It's a phone, it's a computer, it's...

Voice over Internet Protocol (VoIP) is one way people are making and receiving telephone calls using an Internet connection rather than a regular phone line. VoIP services can also be attacked by computer viruses, worms, or spam over Internet telephony (SPIT). Here is how it works: VoIP converts your phone call -- actually, the voice signal from your phone -- into a digital signal that travels over the Internet to the person you are calling. If you are calling a plain old telephone number, the signal is converted back at the other end. If you're comfortable with new technology, you may want to learn more about VoIP. It's smart to do some research on this technology before signing up for it.

Source:sans.org
From Sandeep Erat at 9:08 AM 0 comments

Thursday, September 16, 2010

10 Scams to Screen from Your Email

  1. The "Nigerian" Email Scam
  2. Phishing
  3. Work-at-Home Scams
  4. Fake software updates
  5. Foreign Lotteries
  6. Sexual Enhancement products
  7. Check Overpayment Scams
  8. Pay-in-Advance Credit Offers
  9. Debt Relief
  10. IRS refunds

Source:sans.org
From Sandeep Erat at 9:33 AM 0 comments

Wednesday, September 15, 2010

It's 10 p.m. Do you know whom your kids are chatting with online?

While social networking sites can increase a person's circle of friends, they also can increase exposure to people with less than friendly intentions. Here are tips for helping your kids use social networking sites safely:

  • Help your kids understand what information should be private.
  • Explain that kids should post only information that you - and they - are comfortable with others seeing.
  • Use privacy settings to restrict who can access and post on your child's website.
  • Remind your kids that once they post information online, they can't take it back.
  • Talk to your kids about avoiding sex talk online.
  • Tell your kids to trust their gut if they have suspicions. If they ever feel uncomfortable or threatened by anything online, encourage them to tell you.
Source:sans.org
From Sandeep Erat at 12:28 PM 0 comments

Tuesday, September 14, 2010

Don't get hooked by a Phishing expedition

  • Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message.
  • Don't cut and paste a link from the message into your Web browser -- phishers can make links look like they go one place, but actually send you to a different site.
  • Use anti-virus and anti-spyware software, as well as a two-way firewall, and update them all regularly.
  • Don't send personal or financial information by email.
  • Be cautious about opening any attachment or downloading any files from emails you receive regardless of who sent them.
source:sans.org
From Sandeep Erat at 10:05 AM 0 comments

Monday, September 13, 2010

If your personal information is stolen, four steps to take !!!

It's important to protect your personal information, and to take certain steps quickly to minimize the potential damage from identity theft if your information is accidentally disclosed or deliberately stolen:

  • Place a "Fraud Alert" on your credit reports, and review those reports carefully. Notifying one of the three nationwide consumer reporting companies is sufficient.
  • Contact your bank or other financial institution(s) and close any accounts that have been tampered with or established fraudulently.
  • File a police report with local law enforcement officials. This is an essential step for protecting your rights.
  • Report your theft to the Federal Trade Commission, online, by phone, or by mail

Source : Sans.org
From Sandeep Erat at 10:24 AM 0 comments

Friday, September 10, 2010

From Sandeep Erat at 3:52 PM 0 comments

Secure your Wireless Router

When setting up a wireless network at home, I was surprised to be able to connect to my neighbor's unsecured wireless router. Not only could I have used his bandwidth for free, but had I been so inclined, I could have used the connection for illegal activities. If the police came looking, he may not have been able to prove the activity didn't come from one of his computers. Properly securing wireless is not hard. Look in the manual for changing the SSID to something unique, turning on WPA (avoid WEP) for authentication and TKIP for encryption, and using MAC address filtering.

For more details contact me !!!!!! or goolge....


Source:sans.org
From Sandeep Erat at 10:12 AM 0 comments

Wednesday, September 8, 2010

Choose a password that's hard to crack

When choosing a password, try to make it by writing a sentence that you can easily remember. For example: "Los Angeles Lakers will win the NBA tournament this year". Then pick up the first letters of each word and also add at the beginning or at the end (or at both parts) some special characters and numbers. For example, with the last sentence you could get the password: =3LALwwtNtty$. This method lets you come up with easy-to-remember passwords that are also hard to crack. And you avoid the need to write such a long password down in order to remember it.


Source: Sans.org
From Sandeep Erat at 10:25 AM 0 comments

Monday, September 6, 2010

Do not give your password over the phone to anyone claiming to be from the HelpDesk or Tech Support

No one from the HelpDesk or Tech Support will ever ask you for your password. If we need to access your account for some reason, and cannot contact you in time, we will reset the password and notify you by voicemail. Anyone calling and asking you for your password is most likely trying to gain unauthorized access to our network. If you receive such a call, notify your supervisor immediately.

Source: Sans.org
From Sandeep Erat at 9:14 AM 0 comments

Friday, September 3, 2010

Don't use e-mail to send private messages

In a hospital romance right out of prime time television, one young woman involved in a three-way love triangle used her personal hotmail account to send romantic messages. She got a response she definitely did not expect: the party she had been cheating on cracked into her hotmail account, printed out some very personal messages and posted them on the message board at the small town supermarket for all to see. Moral of the story: protect your passwords. And PS. As long as you're planning on getting fired, you're better off spending time working on your resume than sending romantic e-mails that you don't want publicized.



Source:sans.org
From Sandeep Erat at 11:19 AM 0 comments

Wednesday, September 1, 2010

Don't buy anything from a spammer

If an unexpected email brings you news that seems too good to be true, it is probably a spam and a scam. If you didn't request information about the product or service, it is probably a spam and a scam. If it promises to enhance parts of your body, it won't. If it promises you an easy mortgage, you can do better by visiting your bank. If it promises that you can make a fortune on a penny stock, you can't. If you are unsure, ask five friends. Chances are four of them also received the spam and you can know to steer clear.


Source: Sans.org
From Sandeep Erat at 8:56 AM 0 comments
Subscribe to: Posts (Atom)