Irish IT Security

Irish IT Security
IT Security Ireland

SCAM ALERY
 
From: Permanent TSB [mailto:security@onlineupdate.com]
Sent: 04 December 2012 04:57
To:
Subject: Spam:: Permanent TSB Online Banking – 3rd attempt failed !
 
                                                          Your last successful logon was on 2 December 2012 at 19:47
Dear Permanent TSB Customer,
 
 
Within Permanent TSB latest security checks, we recently discovered that today there were 3 incorrect login attempts to your account.
For your safety, Permanent TSB set your account status to limited. For your account status to get back to normal, you will have
to Log in correctly at: https://www.open24.ie/online/login.aspx?session={5uOr40Ld3Ckw-013dk-2D46D4190}
 
Due to our latest fraud attempts, the following IP adresses were recorded:
Invalid login from:
*.*.4.218.lsw.ru
Invalid login from:
*.*.24.144
Invalid login from:
*.*.41.rr.com
 
Please Note:– The account balance may be adjusted in accordance with the
Open 24 Terms and Conditions of use. Please click here for legal information.
 
This message is mandatory, if you do not complete it in less then 24 hours, your account may get suspended.
 
 
Copyright © 2012 permanent tsb p.l.c. is a limited liability company registered in Dublin under No. 222332.

advertisement
 
 
 
This e-mail was officialy sent by The Permanent TSB Team, your reference number is (895-461238)
 
 

Internet Scam Alert

This morning a Social Engineering attack targeting people in Ireland was identified. The attackers are trying to trick people into going to their website, by sending people a fake email that is made to look as if it has come from the Irish Revenue about a tax refund.

The domain been used for this attack is registered to an address in Australia

 

If you recieve this email do not click on hte link

 

From: Revenue – Irish Tax & Customs Notice <service@revenue-refund.com>
Date: 30 July 2012 07:32:47 GMT+01:00
To: <
>
Subject: Online Security Notification


Revenue – Irish Tax & Customs Online Confirmation

This e-mail has been sent to you by Revenue – Irish Tax & Customs to inform you that we must pay you back 278 EUR.
Please complete all the information to process your refund

Please allow 2 weeks for you money to be availabe in your account.
Total refund amount: 278 EUR

To ensure that your service is not interrupted, we request you to confirm and update your information today by following the link below:

Revenue – Irish Tax & Customs Online Confirmation

Thank you for your prompt attention to this matter. Do not reply to this e-mail.
Mail sent to this address cannot be answered.

Member 818779

© Revenue – Irish Tax & Customs 2012

Internet SCAM

An internet Scam target at Bank of Ireland 365 customer has been detected. The Hackers are sending email to targeting Irish email address with a message saying that your account has been temporally limited. This emails is designed to look as if it has come from Bank of Ireland 365 online banking. The emails that we have received have not come from Bank of Ireland and the link in the email  does not take you to a bank of Ireland server. This is a social engineering attack by cybercriminal to steal your banking login details.

If you have already fallen victim to this attack change your banking login details immediately.

 

————————————————————————————–.

From: 365 Online [mailto:no-reply@365online.ie]
Sent: Friday, March 09, 2012 12:45 PM
To: niall@securityitrust.com
Subject: Your account has been temporarily limited. ID: 201203WJS2

 

Bank of Ireland 365 internet scam

Dear Customer,

Your account has been temporarily limited.
To remove the limitation from your account
please confirm your credit card details on file.

 

For confirmation, please click the link below:

Sign In to 365online account  – (Link to fake website desgned to look like 365 Online). 

We apologise for any inconvenience caused.
Thank you.

——————————————————–.

NEW   Titanium Security For Netbooks 2012

Essential Protection

 

ANTIVIRUS
Proactively stops viruses before they reach you
   REAL-TIME UPDATES
Safeguards your PC from the latest Internet security threats
LIGHT ON MEMORY
Internet Security that won't slow you down

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

NEW   Titanium Antivirus Plus 2012

Essential Protection

 

ANTIVIRUS
Proactively stops viruses before they reach you
   REAL-TIME UPDATES
Safeguards your PC from the latest Internet security threats
LIGHT ON MEMORY
Internet Security that won't slow you down

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

NEW   Titanium Maximum Security 2012

All in One Security – All the features of Titanium Internet Security, plus:

 

SOCIAL NETWORK SECURITY
Protects you from malicious link on social networking sites like Facebook, MySpace and Twitter
   WORKS WITH ANDROID
Extend your protection to your Android devices
10 GB ONLINE STORAGE
Protect, access and share your photo's, documents and more with a 10 GB SafeSync account

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

As part of over view of the Irish security market have collected some results from the security topics that people in Ireland search for when on the internet.

 

 

 

Keyword Global Monthly Search Average Irish Monthly Search
security 37200000 165000
security essentials 3350000 14800
microsoft security 3350000 14800
ms security essentials 2740000 12100
microsoft security essentials 2740000 12100
a network 1500000 6600
security jobs 673000 6600
jobs in security 673000 6600
jobs security 673000 6600
jobs it security 673000 6600
jobs in it security 673000 6600
security system 1220000 4400
free security 823000 3600
social security 5000000 3600
security tool 550000 3600
windows security 823000 2900
security windows 823000 2900
security systems 550000 2900
home security 673000 2400
security home 673000 2400
issa 450000 2400
security cameras 246000 1900
security camaras 246000 1900
security services 301000 1900
security camera 368000 1900
free internet security 368000 1900
internet security 2011 1220000 1900
networking security 450000 1600
network security 450000 1600
security network 450000 1600
system security 673000 1600
security training 165000 1600
security guard 368000 1600
security companies 165000 1600
kaspersky internet security 1220000 1300
information security 450000 1300
security information 450000 1300
security of information 450000 1300
security jobs in ireland 1900 1300
wireless security 301000 1300
computer security 246000 1300
private security 110000 1300
security software 246000 1300
software security 246000 1300
it security 201000 1000
security jobs in dublin 1300 1000
security shield 201000 1000
shield security 201000 1000
download internet security 368000 1000
internet security download 368000 1000

A study that was commissioned by VeriSign shows that most organisation are not prepared to respond to web infrastructure failure caused by distributed denial of service attacks (DDos attacks). The report point out that Business need more advanced threat intelligence.

This report is no shock, because still so many businesses fail to understand the important of investing in IT Security. The growing number of attacks where customer information is been stolen is again evidence to the level of poor IT security practised been used in the industry by so many business.

Roy or as he is also known as the Ghost of facebook discovered several security holes on facebook. One of these flaws was a XSS cross-site Scripting flaw. It appears that in an aim to make facebook aware of the risk exposed by one of these security issues ( which was the XSS Cross-site scripting flaw), he exploited this security flaw in by placing a message letting facebook users all over the world know he was “Off to Danao City”.

All the facebook members that received this message could not delete it or block Roy because Roy was not in their list of friends. This security flaw in facebook allowed Roy to contact a large number of facebook members that he did not have access to.

This security flaw should be a wakeup call to facebook because, because Roy may have drawn their attention to this security flaw by his actions, but what if this security flaw had been exploited by a cybercriminal with malicious intent towards the users of face book. Facebook has been lucky here because Roy has proven to them that if they don’t keep on top of their Internet Security is possible for someone to gain access to thousands of facebook users.
 

According to xssed.com a new XXS flaw was found on Facebook on January 28 2011. They report that this vulnerability leaves users at risk of scripting attacks and logins phishing. So is this the same XXS flaw that allowed Roy access. If this is the same flaw that Roy access then why did it take facebook 13 day to take action, and why did they have to be forced into taking action by Roy. We have found several sites on the internet reporting this XSS vulnerability in Facebook another example is Bkis Global Task Force Blog who reported this flaw on the 28 Jan 2011.

The action that Roy took to draw face books attention to this security hole was not correct, but its so sad to say that in today’s world it is one of the most effective way of getting people to Improve their Internet security. By this comment we are pointing out that a large percentage of website owners do not take the necessary action to ensure that their website are secure, even when vulnerabilities and security alerts are published. These type of people only take action after it becomes public knowledge that their website has been hacked. It’s so hard to say who is right and wrong in these situation because there is no proper laws in place to force website owners to have a basic level of security in place.
I do not condone hackers who exploit website just to force the owners to put correct security in place, but should we prosecute the hacker and not the website owner. We need laws and regulations in place to ensure website owner take correct action to protect their websites and users by having an acceptable level of security in place as well as forcing them to prove that they are taking necessary steps to keep their security up to date.

 

The fact of the matter is that Roy did not hack Facebook, he simply access facebook through an open door (a security hole). The most shocking part of all the so call big hack that are know about in the media is that most were not hacks, they were simply people access systems through open door (security holes/flaws) and which gave them access to the system. 99% of all hacking can be prevented by simply keeping your system up to date and running regular security issue.

What is a XSS Cross-Site Scripting attack?
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page.
 

 

.

 

This is an update to our previous post :http://www.securityitrust.com/computer-fixing-scam-over-the-phone/

The latest call we observer are from a group that claim to be from a company called "Online PC Care".
On the phone they claim that they are a not part of a scam and that another group is also calling people and pretending to be their company. When asked where they got the phone number for Irish people and details of the Irish people they are calling they were using the phone directory. When asked why they had called the same numbers more that 10 time and harassing people the Indian agent claims that this was not true. She said that the call must be from a company pretending to them.

So “Online PC Care” want us to believe that there is another identical group of people from India using the same sales pitch and pretending to be them. What else could you expect them to say. So I responded by making the agent aware of the Irish telephone regulation, and if here company was not harassing Irish home user could she explain why she was calling a number that was listed as not open to marketing call. I also pointed out to her about the sexual comment used to insult people who did not want to give out and info on their PC by some of the male callers.
From all the call we have listening in on, and also from people who were are aware of that received these call, they all report that the called had an accent that sounder Indian and that despite giving different company name all claimed they were from India.
Reports from US and UK about this scam are also saying that the caller had Indian accents.

 

Here are some examples of these calls by People who recoded their phone call with the group carrying out these scams.

Scam onlinepccare.com call – The Highlights! 1/3 Scam onlinepccare.com call – The Highlights! 2/3 Scam onlinepccare.com call – The Highlights! 3/3 SupportOnClick Scareware Scam Call part (2/4) SupportOnClick Scareware Scam Call part (3/4) SupportOnClick Scareware Scam Call part (4/4) MICROSOFT COMPUTER SUPPORT SCAM Technical Support Phone Investigation by SymantecScam Microsoft warns computer owners of phone scam PC tech support cold-calling scam

 

 

onlinepccare.com

So if this  Online PC Care is a valid company they why would the contact person behind their domain registration be using a Gmail email address. A private individual with a person website might use a Gmail email address but for a company this would appear to be on the unprofessional side. The Gmail address supplied is actually bogus because   ******@gmail.com is not a valid  email address from Gmail. When we looked further in the DNS registration the billing details pointed us to the domain sifcorp.com

 

 

Registration Service Provided By: SIFY

Contact: +091.4422540770

Website: http://www.sifycorp.com

Domain Name: ONLINEPCCARE.COM

 

Registrant:

    Onlinepccare

    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore

    Kolkata

    West bengal,700053

    IN

    Tel. +091.3340101614

 

Creation Date: 12-Aug-2009 

Expiration Date: 12-Aug-2012

 

Domain servers in listed order:

    sdns.sifytech.net

    pdns.sifytech.net

 

 

Administrative Contact:

    Onlinepccare

    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore

    Kolkata

    West bengal,700053

    IN

    Tel. +091.3340101614

 

Technical Contact:

    Onlinepccare

    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore

    Kolkata

    West bengal,700053

    IN

    Tel. +091.3340101614

 

Billing Contact:

    Sify Limited

    Sify Limited        ***********@sifycorp.com)

    Second Floor, Tidel Park

    No. 4 Canal Bank Road,Taramani

    Chennai

    Tamil Nadu,600113

    IN

    Tel. +091.04422540770

 

Status:ACTIVE