Spammers, posing as insurers, use Heartbleed to phish for credentials

Share this article:

In a recently discovered phishing scheme, spammers, posing as a notable U.S. military insurance group, are asking users to log in and “register to the backup security certificates” in order to protect against potential Heartbleed bug attacks.

This is not a way of mitigating the Heartbleed bug threat.

Clicking the Sign On button at the bottom of the email will redirect users to a compromised Turkish manufacturing website, according to a Wednesday post by Symantec, which would not reveal the name of the insurance organization.

Additional giveaways to the phishing scam include poor use of the English language throughout the email, as well as the sender using an old mail client, which most modern businesses no longer use, according to the post.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

PHP vulnerabilities patched

Developers patched multiple vulnerabilities in PHP that would have allowed remote code execution.

Pennyslvania man sentenced after 'swatting' prank

Pennyslvania man sentenced after 'swatting' prank

David Barnhouse was sentenced to 18 months in prison after he hacked into a neighbor's Verizon FiOS router to post a bomb threat on a Pennsylvania mall's website.

Cisco announces winners of Security Grand Challenge

Cisco unveiled the winners of three Security Grand Challenges and announced a fourth challenge, aimed at women.