Beware of Rock Phish Digital Certificate Email Scams

The machines we love to hate

Moderator: Wiz Feinberg

User avatar
Wiz Feinberg
Posts: 6115
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
State/Province: Michigan
Country: United States

Beware of Rock Phish Digital Certificate Email Scams

Post by Wiz Feinberg »

I have been following developments in the spam underworld and thought I'd warn you all about a new type of phishing scam targeting customers of various financial institutions. This new scam uses fake digital certificate downloads as the bait. Here's how it works.

The criminals rent a botnet for a spam run, then program a template that tells recipients that their financial institution is stepping up security and that they must log into their account to update their security credentials, or to learn about the details. A link is supplied that is very cleverly obfuscated with long URL containing many seemingly legitimate subdomain prefixes, hiding the destination domain from most status bars. Clicking on this link takes you to a phishing website where you receive a popup notice that you need to install a digital certificate to proceed. That is the hook. Anybody installing that certificate gets infected with a keylogger and other backdoor components.

Some variations of this scam actually tell you to download and install the certificate and provide a link to it. This is social engineering. Anytime you receive an email that claims to come from a financial institution with which you do have a relationship, it is best if you login directly, as you usually do, then look for messages in your account. If there really are any security changes they will be fully discussed in a system message, in your logged in account. And yes, digital certificates do expire and must be renewed from time to time, so make sure you have logged in to your bank or investment company's website by direct access, not be a link in a possible phishing scam email.

The subject of this Post mentions Rock Phish. That is the name of a kit, distributed by the "Rock Phish Gang" - a group of Russian criminals. The phishing kit sells for up to $700 and is purchased by wannabe phishers to create the spam templates and phishing website landing pages. Most eBay, PayPal, Bank of America, Comerica, Merrill Lynch and IRS phishing scams are created by the Rock Phish Gang, or their affiliates.
Last edited by Wiz Feinberg on 10 May 2008 1:53 pm, edited 2 times in total.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Top
User avatar
Jon Light (deceased)
Posts: 14336
Joined: 4 Aug 1998 11:00 pm
Location: Saugerties, NY
State/Province: -
Country: United States

Post by Jon Light (deceased) »

The biggest and most important key to safety, said over and over and over again here is----

never follow instructions and go to any website with whom you have a relationship or subscription....

....ebay, paypal, banking, bill paying, etc.....

....via an email click.

If you receive an email telling you to go to your familiar site, go to your browser and click on you normal bookmark to go there and log in. Check for any messages. If the email was legit, then there will be a message there for you. If there is nothing there pertaining to the urgent email alert, you know that it is phony. Period.

Don't worry about "well maybe......"
No. It is bogus.
Top

Return to “Computers”