Malware
Mac
Facebook
Android
Vulnerability
Data loss
Privacy
More...

Search for:

Boobytrapped images pose threat to Mac users, warns Apple

Gawker blog network suffers denial-of-service attack

New Phishing Technique for the UK Tax Office

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos.

Hi there! If you're new here, you might want to subscribe to our RSS feed for updates.

Already using Google+? Find us on Google+ for the latest security news.

On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry.

Sorry, something happened and we couldn't sign you up. Please come back later and try again.

Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.

Sorry, we won't accept that email address. Please try a different address.

We're adding your address to our list...

Join thousands of others, and sign up for Naked Security's newsletter

by Rowland YU on August 6, 2009 | Leave a comment

Filed Under: SophosLabs, Spam

In my previous blog "the Australia Tax Office. However, this time it uses a new technique.

The phishing message doesn't contain any bogus link or dodgy reply-to field. Instead it has a forged html attachment named "payment_form.pdf", which when opened, the file looks like a pdf form asking for users' personal identities and credit card details.

Upon further investigation, the html file includes a dodgy POST HTTP request message (B) which attempts to submit confidential information to a remote website. Also, the file has functionalities to check invalid simple credit numbers and pin numbers (A). Isn't that smart?

SophosLabs has already blocked this kind of phishing campaign. Certainly we will see more new tricky phishing techniques in the future.

Share

Email
Tweet
Buffer
Hacker News
App.Net
Pocket

Boobytrapped images pose threat to Mac users, warns Apple

Gawker blog network suffers denial-of-service attack

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Name *

Email *

Website

Username *

Comment

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

Popular
Recent
Related

Microsoft's reading Skype messages

Microsoft is reading Skype messages

wifimyths-250

Three wireless security myths - busted! [VIDEO]

sc-250

Snapchat images that have "disappeared forever" stay right on your phone...

shopping_lady_250

Small businesses beware! Point-of-sale malware is after you

Want to see who has viewed your Facebook profile? Take care..

Operation Aurora hack was counterespionage, not China picking on Tibetan activists

Operation Aurora hack was counterespionage, not China picking on Tibetan activists

Apple iMessage "censors" mention of Obama: international conspiracy...or software bug?

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

Breakfast malware at Tiffany's? Trojan horses spammed out widely

Breakfast malware at Tiffany's? Trojan horses spammed out widely

Revenge-porn website victim files suit against ex and four porn sites

Revenge-porn website victim files suit against ex and four porn sites

It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

It's VKontakte, not Vikontakte. Twitter phishing, Soviet-style

Breakfast malware at Tiffany's? Trojan horses spammed out widely

Breakfast malware at Tiffany's? Trojan horses spammed out widely

Microsoft's reading Skype messages

Microsoft is reading Skype messages

shopping_lady_250

Small businesses beware! Point-of-sale malware is after you

Operation Aurora hack was counterespionage, not China picking on Tibetan activists

Operation Aurora hack was counterespionage, not China picking on Tibetan activists

wifimyths-250

Three wireless security myths - busted! [VIDEO]

sscc109-250

SSCC 109 - Laptop theft, money mules, LulzSec, Microsoft and more [PODCAST]

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

AusSHIRT 2013 - the #sophospuzzle instructions in full

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

HMRC250logo

HMRC phishing scam promises end of year refund

Image (1) metro.gif for post 13301

British tax payers struck by phishing scam

Spring ushers in US tax scam season

Spring ushers in US tax scam season

Phishers exploit HMRC tax error refund in UK

Phishers exploit HMRC tax error refund in UK

Image (1) hmrc.jpg for post 12003

HMRC online tax returns - the good news and bad news

Cybersharks circle as Aussie tax year ends - so here's some advice for us all

Cybersharks circle as Aussie tax year ends - so here's some advice for us all

TelstraFeat

A new wave of phishing scams target Telstra

Image (1) ms-phish-notification.jpg for post 14257

You DON'T have "(1) New Message from Outlook Microsoft"

How to report a computer crime: Phishing attack

How to report a computer crime: Phishing attack

Video posts

More videos this way

wifimyths-250

Three wireless security myths - busted! [VIDEO]

Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]

You won't believe how crazy this password infomercial is (and neither did Ellen DeGeneres) [VIDEO]

When is a password not a password? When Excel sees VelvetSweatshop

When is a password not a password? When Excel sees "VelvetSweatshop" [VIDEO]

Sophos CEO suffers from a watery end for Comic Relief

Sophos CEO suffers from a watery end for #ComicRelief

Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

About Naked Security
About Sophos
Our Authors
Awards
Got a story for us?

Tags

Adobe Android anonymous Apple Cybercrime data loss DDoS Exploit Facebook Fake anti-virus General Google hacking iPhone IT Malware Microsoft password phishing Privacy Scam scareware Spam Survey Scam Twitter Video vulnerability web web 2.0 WWW

Categories

Apple (481)
BlackBerry (82)
Botnet (197)
Clickjacking (70)
Cryptography (172)
Denial of Service (318)
Facebook (727)
Google Chrome (134)
iOS (318)
Java (255)
Linux (69)
Malware (2448)
Microsoft (255)
Mobile (397)
Operating Systems (58)
Organisations (8)
OS X (202)
Privacy (2402)
Ransomware (118)
Rogue applications (138)
SophosLabs (1450)
Spam (2488)
Twitter (674)
Windows phone (40)

Archives by month

May 2013 (70)
April 2013 (94)
March 2013 (103)
February 2013 (96)
January 2013 (109)
December 2012 (52)
November 2012 (103)
October 2012 (113)
September 2012 (91)
August 2012 (110)
July 2012 (92)
June 2012 (91)
May 2012 (99)
April 2012 (79)

Download some free tools

Free anti-virus for your MacFree antivirus that works simply and beautifully
Free Android protectionFree antivirus for all your Android devices
More free tools...

Take a look at our products

Endpoint
Encryption

Mobile
Network

Email
Web

Try out our free trials and demos

Investigate the threats

Virus and spyware analyses
Threat Center
Inside SophosLabs

© 1997-2013 Sophos Ltd. All rights reserved
Legal
Privacy
Cookies
Disclaimers

Send to Email Address Your Name Your Email Address

Cancel

Post was not sent - check your email addresses!

Email check failed, please try again

Sorry, your blog cannot share posts by email.