Like many high-profile events, the passing of Apple’s co-founder and former CEO, Steve Jobs, has initiated a slew of new phishing attacks that are designed to play on recipients’ emotions about the event.  Steve Jobs and Apple themed phishing campaigns are in the wild but more concerning are the spear phishing attacks targeting iPhone users.  PhishMe understands how these events can adversely affect our customers therefore we have released a new phishing simulation theme designed to train susceptible users on how to identify and avoid current event based attacks.

-Scott

I was adding a little special sauce to Phishme.com this past week and thought this might be fun to share. We have a few different ways a user can craft their phishing links. If he/she chooses the IP address option, then there is also the choice of encoding options. This lets you mask the IP address in an attempt to trick the user into thinking part of the sub directory is perhaps the host name. Or as in the case with my mom… she thinks it is just the phone number so the computer knows where to call. And it’s hard to blame her when you see a decimal encoded IP address.

http://2130706433/somecompany.com

The team over at Marshal has put together a good walk through of the encoding so you can follow along. If you would like to view the javascript, you can find it here. This may not work on all browsers, but it holds up pretty well on your corporate windows boxes with IE or Firefox. Want to test it out? Just put in an IP address below and click on the link it generates.

-b3nn

We’ve all heard there’s no such thing as a free lunch, but this is not always easily remembered when online. The latest example of that is the number of iPhone related phishing messages that had flooded my inbox while I was on vacation (example – results). Some of the links didn’t even need to claim it was a ‘free’ deal; just a site claiming to have the cool tool in stock was enough to get clicks.

Of course this is nothing new. Go back and replace ‘iPhone’ with ‘Wii’ or ‘PSP’ or ‘Nano’ and you get similar results. As a gadget geek, I’m always at least a little tempted when I see one of these deal emails come in.  I think back to the few times I have gotten a free lunch from the Internet borg,  free speakers from some early online music start up or free Microsoft discs from a Vista promotion.  It’s not far fetched to believe that  some new start up is blowing their marketing wad to ride the wave of the latest ‘gotta-have-it’ item. But like they say “if it sounds too good to be true, then it probably is not”… And then multiply by 3.14 to take into account the Internet factor :-)

Damn you, spammers! I think you may have found my weakness.

-b3nn