Spammers, posing as insurers, use Heartbleed to phish for credentials

Share this article:

In a recently discovered phishing scheme, spammers, posing as a notable U.S. military insurance group, are asking users to log in and “register to the backup security certificates” in order to protect against potential Heartbleed bug attacks.

This is not a way of mitigating the Heartbleed bug threat.

Clicking the Sign On button at the bottom of the email will redirect users to a compromised Turkish manufacturing website, according to a Wednesday post by Symantec, which would not reveal the name of the insurance organization.

Additional giveaways to the phishing scam include poor use of the English language throughout the email, as well as the sender using an old mail client, which most modern businesses no longer use, according to the post.

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.