The many morphs of a phishing/malware scam

Share this article:
A new attack targeting Outlook users has morphed from trying to retrieve login credentials to attempting to infect users with fake anti-virus products, according to security vendor Sophos.

The campaign began on Monday when phishers started sending emails seemingly coming from “support” at Microsoft, Graham Cluley, Sophos' senior technology consultant, said in a blog post Tuesday. The message told users they have, “(1) new message from Outlook Microsoft.” But, the email said users must “re-configure” Outlook settings to read it. The email provided a link to a phishing page that lures users into handing over email settings, Cluley said.

Just one day after the attack began, it changed, Cluley told SCMagazineUS.com Wednesday. Overnight Tuesday, the phishing site went down and the attack morphed so that instead of providing a phishing link, the newest versions of the emails now contain a malicious attachment. The attached file is a fake anti-virus product, that tries to scare users into making a purchase, Cluley said.

Cluley said that Sophos does not have any indication of whose behind this, but what is clear is that this isn't the first time the attack has been modified. This past weekend, the domain used in the phishing site in Monday and Tuesday's attack was used in a banking phishing campaign, targeting the Commonwealth Bank of Australia, Cluley said. In that attack, users were told they qualified to take part in a “$50 credit reward survey.” Users were told to follow the link to take part in a five question survey to receive their credit reward.

“Everyone needs to take a spoonful of skepticism each morning,” Cluley said. “People are too trusting of their email, and need to learn to think before they click on a link or open an attachment.”
Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.