The many morphs of a phishing/malware scam

Share this article:
A new attack targeting Outlook users has morphed from trying to retrieve login credentials to attempting to infect users with fake anti-virus products, according to security vendor Sophos.

The campaign began on Monday when phishers started sending emails seemingly coming from “support” at Microsoft, Graham Cluley, Sophos' senior technology consultant, said in a blog post Tuesday. The message told users they have, “(1) new message from Outlook Microsoft.” But, the email said users must “re-configure” Outlook settings to read it. The email provided a link to a phishing page that lures users into handing over email settings, Cluley said.

Just one day after the attack began, it changed, Cluley told SCMagazineUS.com Wednesday. Overnight Tuesday, the phishing site went down and the attack morphed so that instead of providing a phishing link, the newest versions of the emails now contain a malicious attachment. The attached file is a fake anti-virus product, that tries to scare users into making a purchase, Cluley said.

Cluley said that Sophos does not have any indication of whose behind this, but what is clear is that this isn't the first time the attack has been modified. This past weekend, the domain used in the phishing site in Monday and Tuesday's attack was used in a banking phishing campaign, targeting the Commonwealth Bank of Australia, Cluley said. In that attack, users were told they qualified to take part in a “$50 credit reward survey.” Users were told to follow the link to take part in a five question survey to receive their credit reward.

“Everyone needs to take a spoonful of skepticism each morning,” Cluley said. “People are too trusting of their email, and need to learn to think before they click on a link or open an attachment.”
Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.