Jigar Mehta’s WebBlog

May 7, 2007

We are Microsoft, give us your ATM PIN !!!

Filed under: Uncategorized — jigarme @ 1:52 am

Scammers all over are making it harder for common people to identify social engineering tricks… Look at the latest phishing scam associated with a trojan for Windows… According to the Symantec Security Response Weblog:

Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical – it’s really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate.

How legitimate? Look at the screenshot:

The trojan runs on startup and pretend to be a Windows Activation dialog. Note how it asks for name, address, credit card number, expiry date and even ATM PIN!

So, beware. Windows Activation does not ask for this information. Also it offers the option to activate over the phone. If you are in doubt and the machine has been activated before, run an anti-virus!

Stay tuned.. Wave


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: