Security researchers warn that a new phishing campaign steal e-mail accounts from Outlook users. Outlook users are falsely informed that their e-mail client needs to be re-configured online on a fake page under the control of the attackers.A related malware distribution attack has been reported.
The offending e-mails, with a subject of "Microsoft Outlook Notification," come from a spoofed address and their content reads "You have (1) New Message from Outlook Microsoft. Please re-configure your Microsoft Outlook again. Click on the link below." The included link points to a phishing page with a fake form asking for things such as POP3 or IMAP server, SMTP server, account name and password.
"Interestingly, the domain hosting the bogus webpage was also used earlier this week in a more traditional banking phishing campaign, targeting the Commonwealth Bank of Australia," notes Graham Cluley, senior technology consultant at antivirus vendor Sophos.
Speaking of the same attack, Sarah Calaunan, fraud analyst at Trend Micro, explains that "Unlike micro-blogging, social networking, or even banking accounts, a user name and password is not enough to take full control of an email account. Mail server information is also necessary, which explains the need for them in the phishing page."
No comments:
Post a Comment