My analysis showed that approximately three percent of my spam messages contained malware during the period of February 2 to date. That tracks with Kaspersky’s Securelist’s figures for January 2013:

January in figures

• The percentage of spam in email traffic was down 7.7 percentage points compared with December and averaged 58.3%
• The percentage of phishing emails halved compared with December, falling to 0.003%
• In January, malicious files were found in 3% of all emails, a decrease of 0.15 percentage points

The biggest source of malware in my spam filter was the fake FedEx Tracking Service message, but I’ve seen a variety along the way.

Source: FortBendNow.com

Ever heard of the “Anti-Cyber Crime Unit?” Neither have I, but when I got an email the other day with the subject line “Email from: The Anti-Cyber Crime Unit,” it piqued my curiosity. I found it clever and amusing, but read for yourself and see what you think:

The UNITED NATIONS, FBI, LOTTERY OFFICES, COMPENSATION OFFICES AND BANKS recently discussed at a congressional hearing conducted this week just how its special anti-cyber crime taskforce worked when it came to combating cyber crime and the nefarious digital machinations of web rapscallions, hacker hooligans, cyber criminals, and virtual villains. They outlined its latest accomplishments in the IT security front, which included the capture of million-dollar scammers via a synchronized raid on a thousand ATM machines a few months back.

However, truth be told, no one thinks that the U.k. Government and other goverment is fully equipped and ready to stop a really bad hacker attack against its physical or financial networks.

The Decision has been taken, and they have decided to instruct the Anti-Cyber Crime Unit to see and investigate your funds Transfer and why you are yet to get your funds.

You are now to provide Us with the following information below;

YOUR NAME; ………………..
ADDRESS; ……………….
SEX; ………………..
MOBILE NUMBER; ………………….
OCCUPATION; …………………..
AMOUNT OF FUNDS TO BE CLAIMED; …………….
AGENT IN CHARGE OF TRANSFER; …………..
BANK WITH YOUR UNCLAIMED FUNDS; …………….
TYPE OF FUNDS; ………………
STATUS OF TRANSFER; ……………….

Immidiately you provide us with the information above, we will investigate your transaction and get back to you with the full details of your funds WITHIN 24HRS.

This is to Fight the Cyber Crime and also inform you if you dealing with the right Person or not.

After the investigation we will instruct you on how to get your funds.

Anti-Cyber Crime Unit
Mr. Thomas Lifson
+447035906084

You’d think by now that the crooks would give up, so why don’t they? The answer is: people still fall for this ruse and as long as people keep falling for it, crooks will keep running the scam.

Sophos reports that one of its SophosLab researchers received a 419 scam via snail mail:

The gentleman who contacted my colleague calls himself Tim Wu, and claims to be a private investment manager based in Hong Kong.

It seems that a former client of his (who had the first name “Anderson” and came to a sticky end in a hiking accident in mainland China) didn’t leave a will, and because there is no next of kin some of his $21 million fortune could be coming to my colleague here at Sophos instead!

There’s nothing new about snail mail scams, of course, but email scams are far more prevalent these days. Maybe this signals a paradigm shift. Are the scammers finally getting desperate because no one is responding to their junk emails? We can only hope. I plan to continue to admonish people not to open emails that come from persons they don’t know. I know I’m not the only one who does this. Spam filters are getting better, too, so much of the scammers’ crap ends up in the bit bucket.

Now, lets consider this: when they are messing with the postal services of the U.S. and other countries, there are no proxies and no onion routers. The mail can at least be traced from the point at which it was dropped. The anonymity factor is greatly diminished. Another thing to consider is that physical mailings require an expenditure for postage, which emails do not.

An acquaintance of mine in law enforcement once told me that if you take the profit out of crime, the only crimes would be crimes of passion. If the scammers have to spend huge sums on postage and people heed our warnings about their tricks and don’t fall for them, perhaps they’ll fade away.

Let’s hope that’s what happens.

This appears to be a warning of some sort, though it really makes little sense. The link points to a Slovenian domain name and if the victim clicks the link, they are taken to a 404 error page that attempts to download a PDF file, undoubtedly infected with an info-stealer of some sort.

The header is real, linked from the actual federalreserve.gov website which is intended to make the victim believe the email is real, which, of course, it is not. Examination of the headers shows a Return-Path to a Gmail address.

Please inform your family and friends to immediately delete this email should they receive it.

Source: FortBendNow.com

Got an email this morning from “Skype Newsletter” with the subject “New version of Skype has been released ! Upgrade now.” If you use Skype and you get such a notice, delete it: it’s a scam to get you to “join” some bogus software site. It is NOT from Skype. I did not see any attempt at installing malware. Here’s the text of the email:

Skype Voip  Upgrade Notification‏

This is to notify that new updates have been released for Skype.

(link removed)

Following are major new features :

* Up to 5-way group video call.
* Redesigned calling experience.
* Improved video snapshots gallery.
* Improved browser plugins performance on some websites.
* Reduced false positives on browser plugin phone number recognition.
* New presence icons.
* Improved handling of calling attempts made when the user has run out of credit.
* Improved access to sharing functionality

To download the latest version , go to :

(link removed)

Start downloading the update right now and let us know what you think about it.

We’re working on making Skype better all the time !

Talk soon,

The people at Skype

====================== PROTECT YOUR PASSWORD ===========================
Skype or Skype Staff will NEVER ask you for your password via email. The only place you are asked for your password is when you sign in to the Skype application or our website.

Michael Stores initially reported that a scheme, in which point-of-sale pads customers use to key in their personal identification numbers, was isolated to Chicago, but on Tuesday [May 10, 2011] the arts and crafts supplies retailer issued a statement that said nearly 90 stores in 20 states, stretching from Rhode Island to Washington, were affected.

Michaels’ statement includes a list of the stores they determined were actually affected, but decided to be extra cautious and said this about the incident:

Michaels has identified less than 90 individual PIN pads (or approximately 1% of the total
devices) in its 964 US stores that showed signs of tampering. Suspicious PIN pads were
disabled and quarantined immediately. Out of an abundance of caution, Michaels has
removed approximately 7,200 PIN pads comparable to the identified tampered PIN pads
from its US stores.

The company has commenced replacing these PIN pads in all US stores and expects the
replacement to be completed within the next 15 days. Until the new upgraded PIN pads are
installed, customers may have their credit and signature debit transactions processed on the
store register. As an additional precaution, Michaels is screening all PIN pads in Canadian
stores.

It is highly likely that this is a very carefully targeted organized crime effort, given the scope and level of effort needed to accomplish the physical tampering of the POS devices.

Users of Sony’s PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of video game players.

Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.

Sony says that hackers were able to access a variety of users’ personal information including:

• Name
• Address (city, state, zip code)
• Country
• Email address
• Date of birth
• PlayStation Network/Qriocity password and login
• Handle/PSN online ID

Seems it’s time to implement the response I mentioned 2011 April 16 in “Data Breaches — Steps to Take if You Are Notified.” In particular, I would assume that identity theft is about to occur and take the following steps as recommend in the FTC guide: Take Charge: Fighting Back Against Identity Theft. Refer to that guide for complete information, but here’s what you should do if you are one of the affected users:

• Place a fraud alert on your credit reports, and review your credit reports.
• Close the accounts that you know, or believe, have been tampered with or opened fraudulently.

While the Epsilon breach reportedly only involved names and email addresses, not financial information, you should know how to deal with more serious data breaches where your personal financial information may be at risk. Here are five steps to take if you are notified of such a situation:

1. Immediately change the passwords on all of your banking, credit card, and other online payment accounts and be sure they are all different. Do not use the same password for all of them and make sure the new passwords are unguessable.
2. Change the passwords on any email accounts that you use for transacting business online.
3. Be very alert to any phishing attempts arriving in your email the pretend to be from the affected accounts and monitor your accounts closely for unauthorized activity.
4. If you suspect any unauthorized activity, immediately contact the financial institution. They will work with you to resolve any issues.
5. Educate yourself on, or review the actions you should take in the event your identity is stolen, or if you suspect it has been. The FTC publishes an excellent guide: Take Charge: Fighting Back Against Identity Theft.

Please note that there is a big difference between simple fraud and identity theft. A data breach of any kind could lead to both. Someone using your stolen credit card is not the same thing as someone using your name, Social Security number (or other government-issued identity numbers), and other personal information to open credit accounts in your name, nor is it the same as someone posing as you to access your bank accounts.

Kroger wants you to know that the data base with our customers’ names and email addresses has been breached by someone outside of the company. This data base contains the names and email addresses of customers who voluntarily provided their names and email addresses to Kroger. We want to assure you that the only information that was obtained was your name and email address. As a result, it is possible you may receive some spam email messages. We apologize for any inconvenience.

Kroger wants to remind you not to open emails from senders you do not know. Also, Kroger would never ask you to email personal information such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted.

Wonder how many other notices I’ll be getting?

My wife got this email notice yesterday:

As a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.

We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.

We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.

Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time.

Stay alert to anyone who requests personal information via email. It just isn’t done by any financial institution.