Sorin Mustaca on Cyber Security

Strato.de (now belonging to 1&1) is one of the biggests hosters in Germany. Since a few weeks we see a lot of emails containing various texts that try to convince the user to login to his strato....

https://www.sorinmustaca.com/aggressive-phishing-against-strato-de-customers/

I sometimes can’t stop to ask myself if the scammers are actually human beings with feelings of loss and tragedy and if they have the same concerns as the normal citizens. I guess they are not,...

https://www.sorinmustaca.com/nigerian-scam-no-covid-19-scam-from-china/

As I mentioned before, there is a lot going on in the cyberspace related to the Corona virus. Unfortunately, many of the things circulating are scams or information that direct to malware. This i...

https://www.sorinmustaca.com/bitcoin-scam-related-to-the-corona-virus/

We’ve seen millions of emails with blackmailing texts containing some username/email address and a password harvested from some hacked website. This one would be just another one, except that t...

https://www.sorinmustaca.com/ha%E2%80%8Csta%E2%80%8Cxla%E2%80%8Clyvi%E2%80%8Csta%E2%80%8C-says-a-ha%E2%80%8Ccke%E2%80%8Cr-who-tries-to-blackmail-me-using-an-obfuscated-mail/

German users are receiving a lot of such spams these days: It is about a package which allegedly it has its transport costs not paid. (2 €). The user is invited to visit a page where he can be ...

https://www.sorinmustaca.com/malicious-emails-sent-in-german-on-behalf-of-the-post/

If you have received an email with the subject “Yuor password – ”, don’t freak out immediately. Yes, the “yuor” is written wrong, but this is how the fraudsters wrote it, not the auth...

https://www.sorinmustaca.com/sextorsion-with-real-data-do-not-pay/

Sometimes, looking after spams is also fun, not just research work. This is what I found today: Dear Energy User, If you pay for electricity, you`ve been hit hard by high energy prices. And, if y...

https://www.sorinmustaca.com/when-nikola-tesla-in-person-writes-you-about-your-high-electricity-bills/

We have ta lot of phishing attempts in German against Strato.de:   Subject: Wir haben ein Abrechnungsproblem festgestellt. Sehr geehrter Kunde, Wir haben ein Abrechnungsproblem festgestellt. Die...

https://www.sorinmustaca.com/targeted-phishing-against-strato-de/

We are used to see ransomware encrypting files and requesting money (bitcoin) to decrypt them. I received now a new email on a corporate address, which is a black-e-mail … in digital form. I ha...

https://www.sorinmustaca.com/digital-blackmailing/

  Ever wondered what a “spear phishing” is ? Or a “targeted malware” ? See below: It is an email targeted to a member of an organization, which is made to look as legitimate as possible....

https://www.sorinmustaca.com/targeted-malware-on-the-rise/

Yeeesss, the Spam/Trash folder is no longer so boring! Finally, the spammers are now using all the features of the email clients and have made the subjects to look much nicer. Do you know how the...

https://www.sorinmustaca.com/colorful-spams-are-back/

As a premiere, I received the first Nigerian Scam on XING. It is quite common to receive such requests on LinkedIn, but for me it is the first time on XING. This is the text: Hello Sorin Mustaca,...

https://www.sorinmustaca.com/i-received-the-first-nigerian-scam-on-xing/

After many years, the penny stock spam is back. Hello, info! needs your attention. This is the only stock you need to buy today. Keep on reading to find out why.. (ticker: ) is...

https://www.sorinmustaca.com/stock-spam-is-back-2/

If you have a Google account you must have two-factor authentication enabled in order to prevent anyone to use your account by just having your username and password. If you don’t know how to ...

https://www.sorinmustaca.com/how-clever-social-engineering-can-overcome-two-factor-authentication/

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”. The email you seen in the screensho...

https://www.sorinmustaca.com/is-ebay-actually-supporting-phishing/

And I mean really colorful, as in it has signs and colors. Like the one in the featured image. If you look in their source, they look like this: Subject: =?utf-8?b?8J+QlfCfkIhZb3UgY2FuIHNhdmUgb24...

https://www.sorinmustaca.com/why-do-the-more-recent-spams-have-so-colorful-subjects/

My Junk folder from ITSecurityNews.info is currently flooded with “Delivery Status Notification” from various servers, all with the same content. Various servers, same content, in Russian:  ...

https://www.sorinmustaca.com/what-do-you-think-new-type-of-spam-or-just-misconfigured-servers/

I start this post with the Conclusion Don’t fall for these scams! You will never get money or vouchers like this.     Details I see a lot of these messages in my Spam folder:   PayPal paymen...

https://www.sorinmustaca.com/how-you-can-see-that-the-cyber-crooks-are-preparing-for-xmas/

The email below (in German) is from PayPal. It is not a phishing email or a spam email pointing to some online pharmacy. I assure you of this. I have verified the DKIM and SPF information in the ...

https://www.sorinmustaca.com/major-paypal-failure-sending-emails-following-all-rules-of-a-good-phishing-email/

When you see such an email, you don’t think that it is a phishing… After all, why would anyone steal your LinkedIn credentials, right? Nobody would request a ransom to give your credentials b...

https://www.sorinmustaca.com/linkedin-phishing-think-again/

I wrote in the post “What do you think: aggressive sales campaign or fraud?” about the attempt to impress and scare me of losing my domain. Now, I bought a new domain which was free in Intern...

https://www.sorinmustaca.com/bought-a-new-domain-the-effects-in-the-web-are-incredible/

I received every day a few requests on LinkedIn and I also send a few. Many of these people I don’t know personally, and they are from all kind of industries. Usually, they are interested in IT...

https://www.sorinmustaca.com/nigerian-scams-on-a-totally-new-level/

  This scam is sent by CHTAH.COM platform which is known to send millions of spam emails. You can see its added “value” by inserting the three colored rectangles on top of the mail. “iPhon...

https://www.sorinmustaca.com/apple-iphone-7-testers-wanted-probably-the-most-complex-scam-ive-seen-this-year/

What do you think after you quickly read this letter? What makes this email special: addressed to me, using the data from the domain registration (mandatory things, which my registrar added) use...

https://www.sorinmustaca.com/what-do-you-think-aggressive-sales-campaign-or-fraud/

  Nothing special in this phishing email in German from the “PayPal Team” asking to click in order to unlock your PayPal account. PayPal – Informationen erforderlich! Hallo Ihr PayPal-Kont...

https://www.sorinmustaca.com/paypal-phishing-for-german-customers-with-innovative-social-engineering-technique/

IRS(Internal Revenue Service) is the official authority in the USA to collect taxes. “Why would someone phish them?”, you may ask.   That’s why:(see red area below).   In the form they as...

https://www.sorinmustaca.com/phishing-on-a-different-level-irs-scam/

A trackback is one of four types of linkback methods for website authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linkin...

https://www.sorinmustaca.com/interesting-blog-trackback-spam/

You thought that there are only Advanced Persistent Threats and Spear Phishing? Here is a new one : Targeted Ads. This time it might not be so dramatic, but imagine that you sent this to a lot of...

https://www.sorinmustaca.com/targeted-spam-cotap-is-a-secure-texting-app-for-teams/

Twelve years ago the IT security world was fighting against an unprecedented amount of spam emails. Spam is not and never was just a nuisance; it is a big problem because it slows down the good e...

https://www.sorinmustaca.com/ze-foreign-accent-spam-is-back/

This post appeared originally in: IT Security blog: http://itsecurity.co.uk/2015/03/spam-malicious-taste/   I haven’t seen in a while a well done complex spam with malicious payload. This one...

https://www.sorinmustaca.com/spam-malicious-taste/

My first article published on Kevin Townsend‘s ITSecurity.co.uk blog: Blog comment spam. Is it worth the effort? or go to this link: http://itsecurity.co.uk/2015/01/blog-comment-spam-worth-ef...

https://www.sorinmustaca.com/blog-comment-spam-worth-effort/

A classical phishing email… Nothing special (same bad English, as always). Dear Valued Customer, Unauthorized access has been detected in your account. Unfortunately, due to this event, our sec...

https://www.sorinmustaca.com/spam-impersonating-paypal-using-attached-form/

“There’s a new personal notification message special for Sorin Mustaca” is the subject of the email pretending to come from “Automation LinkedInNotifier”. But then, why is it coming fro...

https://www.sorinmustaca.com/theres-a-new-personal-notification-message-special-for-a-scam-for-linked-in/

You unsubscribe from commercial emails that you never requested Remember that spam emails are made to look authentic. This means that they will almost always contain some links which allow you to...

https://www.sorinmustaca.com/8-unsubscribe-spams-10-signs-invest-personal-cybersecurity/

Remember the Spammer’s Compendium (where I have a spam method named after me: (UH!Mustaca!HTML))? There is an entry from 2003 called “Ze Foreign Accent“. Back then it was rather primitive...

https://www.sorinmustaca.com/ze-foreign-accent-spam-returns/

A spam campaign sending emails from an “Auto ImageService” with the subject “Your file has been uploaded” is making its round on the Internet. The content of the email (see below) is ver...

https://www.sorinmustaca.com/react-receive-email-subject-your-file-uploaded/

It seems that the most research on social engineering is done these days by spammers. Using the text “You haven’t been to Facebook for a few days, and a lot happened while you were away”, t...

https://www.sorinmustaca.com/your-messages-will-be-deleted-soon-facebook-spam/

Stock Spam is back! Did you miss it? I certainly didn’t…     What is interesting ? All these emails are unique. They are created for each email address and contain a unique identifier like�...

https://www.sorinmustaca.com/stock-spam-is-back/

    A German reader that wants to emigrate to the US expects nothing else than an invitation from the US President Barack Obama to participate to a VISA lottery. Or at least this is what the sp...

https://www.sorinmustaca.com/barack-obama-invites-you-to-participate-in-a-us-visa-lottery-spam-in-german/

I wrote already about spam impersonating various services just to make users click in order to visit a website. Most of the time, it is about online pharmacies. This time, it is Google’s Suppor...

https://www.sorinmustaca.com/spam-impersonating-google-support/

      I wrote before about various tricks that cybercriminals use to attract people to do something (btw, this is called “social engineering”). This time, they make use of the well-known W...

https://www.sorinmustaca.com/spam-using-whatsapp-voice-mail/

I wrote about the eBay data breach where cybercriminals got access to some eBay employees’ credentials and accessed the internal network. Names, email addresses, postal addresses, phone numbe...

https://www.sorinmustaca.com/phishing-attempts-making-use-of-the-ebay-data-breach/

I received a spam with an advertising for the Facebook page IT Security News: Nothing special, but the two things drew my attention: – The picture was hosted by McAfee URL shortner: mcaf.ee –...

https://www.sorinmustaca.com/want-fans-page-tempting-it/

http://www.proofpoint.com/about-us/press-releases/01162014.php More than 750,000 Phishing and SPAM emails Launched from “Thingbots” Including Televisions, Fridge Note: An article about this h...

https://www.sorinmustaca.com/thoughts-spam-attack-internetofthings-proofpoint/

I received the spam below from a company called Media Discovery (a New Web Ltd company). They want me to sell them advertising space on this domain.   I was wondering whether you’d be inter...

https://www.sorinmustaca.com/when-the-spammer-offers-you-to-sell-his-ads/

IT security expert Avira found during recent surveys of its customers that email spam is still an everyday occurrence, but not the nuisance it once was. Nearly half of all end-users are satisfied...

https://www.sorinmustaca.com/email-spam-not-the-problem-it-once-was-for-the-end-users/

I received from the CompTIA Smartbrief newsletter a notification about an interesting article: PayPal security guru: No one is safe from threats This is the article PayPal security chief on Epsil...

https://www.sorinmustaca.com/paypal-and-phishing-paypal-cisos-dream-vs-reality/

Virus Bulletin Article on Anti-Botnet-Initiative The Virus Bulletin Magazine has published an article on the anti-botnet initiative in which Avira takes part. The goal is to clean infected comput...

https://www.sorinmustaca.com/virus-bulletin-article-on-anti-botnet-initiative/

I sometimes laugh of these scammers, but sometimes I am quit amazed of their capability to adapt to the spam filters. My Google account caught this spam: In text, this is : Good Day, I am Mr. Min...

https://www.sorinmustaca.com/nigerian-scams-are-modernizing/

Just stumbled upon this blog post from Symantec http://www.symantec.com/connect/blogs/spammers-introduce-new-email-internet-headers where an absolutely normal spam process is described. Unfortuna...

https://www.sorinmustaca.com/sometimes-it-is-good-to-know-the-romanian-language/