You are currently browsing the monthly archive for October 2010.

We have found another phishing scam targeting Texas HoldEm Poker players. This one is more sophisticated than the previous one in that it uses a slightly modified real Zynga email and webpage.

Starting on the bait app’s page, we see this:

This looks almost exactly like the real Zynga welcome email you receive when you join the game. In fact, the links in the fine print at the bottom are real links to Zynga.

The green Claim Chips box and the “click here to claim up to 10 million chips!” link both lead to http://zyngateam-specialbonus.t35.com/zyngateam/specialbonus/freechip/online/zynga-poker/register2.php .

It looks like this:

Oh wow! 10 million dollars! Never mind that the second sentence makes no sense at all.

The other link leads to http://zyngateam-specialbonus.t35.com/zyngateam/specialbonus/freechip/online/zynga-poker5m/register2.php where you only “win” $5 million.

Too bad.

Aside from the toxic input fields in the center, everything else on these pages is a direct copy of a legitimate Zynga page.

Anything you enter in the two boxes in the middle is sent to the scammers when you click Submit and the browser is then redirected to this real Zynga page.

This page contains a warning from Zynga that you should not get chips from any third-party source.

These scammers sure have an interesting sense of humor.

Advertisements

Even though this is our second post (we anxiously got our first post out when we found a phishing scam on Facebook), we would like to welcome you to the SafeToBe.Me blog.  We will be using this blog to give updates on the SafeToBe.Me service, to communicate security threats as we find them, and to communicate our perspectives on staying safe in the social world.  To get things started, we thought it would be useful if we provided some background on why we started SafeToBe.Me…

The Social Web, which includes services like Facebook and Twitter, has changed the way people interact.  It has also changed the way cyber crooks work.  Historically, cyber crooks went after computers and networks.  So security tools were traditionally geared towards protecting those resources.  Your router/firewall is protecting your home network and your anti-virus software is protecting your computer from being infected.  Now, cyber crooks are focusing directly on You.  They are not going after you physically; they are going after you where you spend your time online, which for many of us today are in social networks like Facebook.

Social networks are great.  They let us keep in touch with friends, even when they are not physically close to us.  We can easily see what our friends are doing and we can share our thoughts with them.  Social networks, like Twitter, also let us find people with similar interests, as well as explore new interests.  They are also great communication networks because when we share something interesting, our friends can share it with their friends and so on. Social networks also give us a feeling of security because we are familiar with most people we are communicating with and when we are talking to strangers, we are out of their direct physical reach.  And, a nice aspect of using social networks today is that we don’t have to be at our own computer to participate.  We can use smart phones and devices like the iPad.  All of these factors that make social networks great, however, are also the same reasons why social networks are an ideal attack ground for a new generation of cyber attacks.  These attacks are everything from simple SPAM and scams, to various forms of social abuse, to more complex identity theft type attacks that try to gain access to your account.

We started SafeToBe.Me to fight off this new social form of cyber attacks.  So that you can enjoy participating in the Social Web.  So that you can be you, safely.

At around 1:28 am on October 26, our crawlers first detected a new phishing scheme targeting Texas HoldEm Poker players.  The scammers registered an app with the URL http://apps.facebook.com/texas_hold_poker (note that the real URL for Texas HoldEm is http://www.facebook.com/TexasHoldEmPoker or http://www.facebook.com/TexasHoldEm).  When users click on what they think is a link to TexasHoldEm, they are confronted with this page:

Both of those buttons link to http://vgjyikui.001webs.com/banned/zyngawarning.php, where this is displayed:

Interestingly, that customer support link seems to actually go to the real Zynga contact page at http://www.zynga.com/about/contact.php.  Of course, anything entered into those two boxes is delivered directly to the scammers.   Clicking Submit points the browser back the the real Texas HoldEm Poker page, while clicking Cancel redirects to http://warmingaccount.do.am/zyngapoker/zyngawarning.html that presumably was another scare page to get users to give up their credentials but now looks like this: