Archive for December, 2006
Websense® Security Labs™ has received reports of a phishing attack that targets customers of the French Bank, Caisse d’Epargne. Users receive a spoofed email message, which claims that their account has been suspended and that they must log on to re-enable access to it. The email provides a link to a phishing site that attempts to collect account information.
This phishing site is hosted in Egypt and was up at the time of this alert.
Translated phishing email text:
Dear Member of Caisse d’Epargne,
Your bank account has been suspended.
To reagin access to your bank account at Caisse d’Epargne please click here < LINK REMOVED >.
Thank your for your understanding.
© Copyright Caisse d’Epargne 2005.
Phishing Screenshot:
Yesterday Websense Security Labs reported on our blog that there was a potential Worm propagating via Skype (see: http://www.websense.com/securitylabs/blog/blog.php?BlogID=101). After investigation we have discovered that this is not a self propagating worm and is actually a Trojan Horse.
After discussions with the very helpful Skype security team, the behavior of this Trojan using the Skype API is as per the specifications of the API. The end-user who is running Skype does get notified that a program is attempting to access it and must acknowledge it.
*there is no vulnerability in Skype at this time that has been uncovered*
For more details on the Skype API see https://developer.skype.com/Docs/ApiDoc/Overview_of_the_Skype_API
At the time of this alert the websites that were used to download the Skype API code and the site that is used to download new copies of the Trojan were both down.
National Credit Union Administration (NCUA) Board Member Gigi Hyland delivered the Keynote address on Friday at a BSA/Patriot Act compliance conference sponsored by Credit Union Times and the Executive Enterprise Institute in Las Vegas, Nevada.
Websense® Security Labs™ has received reports of a phishing attack that targets customers of Birmingham Midshires. Users receive a spoofed email message, which claims that they need to confirm their email address. The email provides a link to a phishing site that attempts to collect personal and account information.
This phishing site is hosted in Norway and was up at the time of this alert.
Phishing email text:
Dear Birmingham Midshires Member,
We have reason to suspect that your Birmingham Midshires account may be in use by an unauthorized party.
Your account has recently been accessed from a foreign country, while we understand that you may be on vacation or traveling abroad, Birmingham Midshires Security has a obligation to protect our user’s security. Within 24 hours of this message, your account will be placed on hold to ensure your personal account safety. Verification of your specific account details will enable you to once again have full access to your Birmingham Midshires account.
To ensure that your service is not interrupted, please submit your information today:
<URL REMOVED>
Or contact Birmingham Midshires Member Services Team. We’re available 24 hours a day, 7 days a week.
Regards,
Birmingham Midshires Team.
See full details of our guarantee
Birmingham Midshires Bank
Authorised and regulated by the Financial Services Authority
Registered No. 106048
Registered Office: Trinity Road, Halifax, West Yorkshire. HX1 2RG
Date:18.12.2006
Internet communications are not guaranteed to be secure unless the data being sent is encrypted. Birmingham Midshires does not accept responsibility for loss arising from unauthorised access to Internet communications and/or the corruption of data by a third party.
Birmingham Midshires are unable to respond to replies sent to this email address.
Phishing screenshot:
The National Credit Union Administration (NCUA) is issuing final revisions to its rules regarding the conversion of insured credit unions to mutual savings banks or mutual savings associations. The final rule improves the information available to members and the board of directors as they consider a possible conversion.
Results of NCUA’s 12/14/2006 Board Meeting are Available
NCUA is amending its investments rule to allow federal credit unions (FCUs) to enter into investment repurchase transactions in which the instrument consists of first-lien mortgage notes subject to certain limitations. The final rule expands FCU authority to invest in mortgage-related securities while addressing safety and soundness concerns associated with this new investment activity.
This is a opinion of the NCUA Office of the General Counsel addressing Political Activities of Credit Union
Draft Items for NCUA’s 12/14/2006 Board Meeting Are Available
The National Credit Union Administration (NCUA) has issued an order prohibiting Crystal Bottomley from participating in the affairs of any federally insured financial institution.