Costco Phishing Scam
Please be aware of a new – at least to me – scam attempt that appears to come from Costco. Especially if you really ordered something from Costco, and are waiting for it to be delivered. You will get a very official looking e-mail from a fake “Costco shipping manager”, with a subject “expedited delivery problem”, or somethint equally alarming. There will be Costco logos all over it. The text of the e-mail will be something like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unfortunately the delivery of your order COS-0012411499 was cancelled since the specified address of the recipient was not correct. You are recommended to complete this form and send it back with your reply to us.
Please do this within the period of one week – if we dont get your timely reply you will be paid your money back less 21% since your order was booked for Christmas.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There will be links in the body of the e-mail, so make sure you DO NOT CLICK ON THEM. You will download yourself some nasty virus or something equally unpleasant. Instead, run the full header and the conveniently provided links through Spamcop, and complain. Stay safe, have good holidays.
Costco Phishing Scam
I recently received an email from Costco about the non-delivery of package I never ordered that looked very suspicious. After further review, I was correct with my suspicions and it was an attempted phishing attack/scam. Below is a full definition of phishing.
Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers.
So steps you can take to be a victim of a spam attack are listed below:
- Do not click on links, download files or open attachments in emails from unknown senders
- Communicate personal information only via phone or secure web sites
- Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software
- Beware of links in emails that ask for personal information
Win A Free Copy of Packt’s ‘Mobile Security: how to Secure, Privatize, and Recover Your Device’ !
SecurityOrb.com is pleased to announce that we are organizing a giveaway especially for you. All you need to do is just comment below the post to enter and get an opportunity to win a free copy of ‘Mobile Security: how to Secure, Privatize, and Recover Your Device’. Three lucky winners stand a chance to win copy of the book. Keep reading to find out how you can be one of the Lucky One.
Overview of ‘Mobile Security: how to Secure, Privatize, and Recover Your Device’ :
- Learn how mobile devices are monitored and the impact of cloud computing
- Understand the attacks hackers use and how to prevent them
- Keep yourself and your loved ones safe online
Book Page : http://goo.gl/wFdw9J
How to Enter?
Simply post your expectations from this book in comments section below. You could be one of the 3 lucky participants to win the copy.
You can also read my review of the book here.
DeadLine:
The contest will close on 02/01/14 . Winners will be contacted by email, so be sure to use your real email address when you comment!
SANS Security East 2014, New Orleans, LA – January 20 – 25
SANS Security East 2014 is coming up January 20-25. Start the year off right by choosing from ten outstanding, cutting-edge courses presented by SANS featuring our top-rated instructors in New Orleans. Now is the time to improve your information security skills and let the good times roll!
The instructor lineup for this event features SANS Faculty Fellows and Senior Instructors. This is a unique opportunity to get instruction from SANS Faculty Fellows: Dr. Eric Cole, Rob Lee, Hal Pomeranz, Ed Skoudis, and SANS Senior Instructors: Fred Kerby, Dave Shackleford, Kevin Johnson, Mike Poor, James Tarala, Joshua Wright all at the same event. This team will ensure attending students not only learn the material, but that they are able to use it the day they return to work.
The lineup of courses will appeal to Cybersecurity and Infosec professionals at all levels and in all roles. Pick a course below and learn how to protect your assets. SANS Security East 2014 has something for everyone. Don’t miss our special events and bonus evening presentations where we’ll share the latest threats and much more.
Choose from the courses below:
– * AUD507: Auditing Networks, Perimeters, and Systems (GIAC-GSNA) taught by James Tarala
– New! * SEC503: Intrusion Detection In-Depth (GIAC-GCIA) taught by Mike Poor
– SEC301: Intro to Information Security (GIAC-GISF) taught by Fred Kerby
– * SEC401: Security Essentials Bootcamp Style (GIAC-GSEC) taught by Dr.
Eric Cole
– * SEC504: Hacker Techniques, Exploits & Incident Handling (GIAC-GCIH) taught by Dave Shackleford
– SEC542: Web App Penetration Testing and Ethical Hacking (GIAC-GWAPT) taught by Kevin Johnson
– SEC560: Network Penetration Testing and Ethical Hacking (GIAC-GPEN) taught by Ed Skoudis
– SEC575: Mobile Device Security and Ethical Hacking (GIAC-GMOB) taught by Joshua Wright
– * FOR508: Advanced Computer Forensic Analysis and Incident Response
(GIAC-GCFA) taught by Rob Lee
– FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques (GIAC-GREM) taught by Hal Pomeranz
* Courses that align with DoD 8570 Directive
Learn more and Register today for SANS Security East 2014 by visiting: http://www.sans.org/info/144197
*** Save 5% off your course registration when using discount code SecOrb_SANS5 ***
Nullcon International Security Conference Goa- 2014
Nullcon Goa, (www.nullcon.net ) is celebrating its 5th Anniversary, with efforts being made to bring key decision makers and thought leaders with an expectation of 500+ participants from the Industry and Government sector. Nullcon is a four day event scheduled on 12th – 15th Feb 2014 @Bogmallo Beach Resort, Goa, India comprising of highly technical training’s, talks, workshops, exhibitions, networking parties & CTFs.
Nullcon security conference is well known for its speakers and talks where new vulnerabilities, risks and attacks on systems are responsibly disclosed along with their prevention mechanisms.
First Speaker list –
1. Keynote: Jeff Moss, VP & CSO – ICANN, Founder – Defcon/Blackhat
2. Brad Barker, President – The Halo Corp
3. Chris Evans, Chrome Security, Google
4. Andy Davis, Research Director NCC Group
5. Amol Sarwate, Director Vulnerability Labs – Qualys
6. Anamika Singh, Developer – Cognizant
7. Ankur Tyagi, Software Engineer Juniper
8. Gregory Pickett, Hellfire security
9. Federico Pacheco, National Technical Univ. Buenos Aires
10. Achin Kulshrestha, Security Researcher
Interesting events and happenings:
1. Hardware badge contest
2. Jailbeak 3.0 content
3. nullcon Blackshield Awards
4. Exhibition
5. Night talks on 13th Feb 2014
6. Free Workshops for attendees
7. Hi-tech Security training –
8. Hacking villages
9. nullcon Parties
10. Beach!
Trainings
ONE DAY Trainings (13 Feb. 2014)
Xtreme Web Hacking – Akash Mahajan & Riyaz Walikar
Xtreme Fuzzing – Michael Eddington
TWO DAY Trainings (12 & 13 Feb. 2014)
Penetration Testing SmartGrid and SCADA – Justin Searle
Xtreme Exploitation – Omair
Reverse Engineering and Malware Analysis – Abhishek Datta
Contact for more details –
+91 9004017799
