Malaysian government portal used in PayPal phishing scam
A medical transcription company's computers were also used
IDG News Service - An antispam researcher has uncovered a phishing scam that uses computers belonging to a medical transcription outsourcing company and the government of Malaysia to send out fraudulent e-mails.
The scam was discovered by Bill Carton, an engineer in San Diego who has spent the past 10 years as a volunteer antispam activist working to shut down bulk e-mailers in his spare time. Carton received an e-mail Friday morning that purported to be from eBay Inc.'s PayPal service.
The message read like a standard phishing pitch: "It has come to our attention that your account information needs to be updated. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service."
What was unusual, however, was the fact that the link in the e-mail was to a fake PayPal site hosted by servers in the Malaysian government's gov.my domain. "This one was interesting because of the Malaysian angle. A government server usually gets my attention," Carton said.
Closer investigation revealed that computers from another trusted source had also been used to send out the phishing e-mail.
"The compromised mail server used to relay the spam and scrub off any evidence of where the spammer is was not the typical home cable customer with a zombie infection, but RxDocuments.com," Carton said. "They boast of having HIPAA-compliant software for patient privacy, but they were compromised and used as a spam-spewing relay. How trustworthy is that?"
Paul Laudanski, owner of Computer Cops LLC and the leader of the Phishing Incident Reporting and Termination Squad, examined the phishing e-mail and agreed that it appeared to have been relayed by RxDocuments.
RxDocuments LLC provides dictation transcription services for physicians. It bills its products as "cost-effective, secure transcription adhering to the highest professional, ethical and legal standards," according to the company's Web site.
Neither Rxdocuments.com nor the Malaysian government responded to requests for comment. Rxdocuments.com is headquartered in Miami, but the Web site is registered to RxDocuments Pvt. in Bangalore, India, according to the Whois database.
This is not the first time that the gov.my Web site has been used by phishers, according to Laudanski. It has been used at least four other times since April of this year to spoof brands such as those of Chase, Citibank and eBay, he said.
Phishers have become increasingly sophisticated as criminals have realized that there is real money to be made in online fraud. Research company Gartner Inc. estimates that U.S. consumers will lose $2.8 billion to phishing in 2006, with the average attack netting $1,244.
"There's definitely more of it than we've seen ever," said Dave Jevans, chairman of the Anti-Phishing Working Group. "Spam has gone up hugely in the last two months, and the volume of phishing has gone up with that."
Jevans agreed and said that this latest PayPal scam is unusual. "It's interesting because it's basically two entities that you would think would have security nailed down," he said.
Erik Larkin of PC World contributed to this story.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts