New phishing scam exploits Heartbleed fear to con users

Symantec has detected a new phishing scam that exploit's the public's fear of Heartbleed bug to steal information. The phisher here attempts to gather information by posing as a US military insurance service with a message about the Heartbleed bug.

 

Heartbleed, which was discovered after recently after being in the wild for over two years, is a security vulnerability affecting OpenSSL versions 1.0.1 to 1.0.1f, which threatened nearly two-thirds of the Internet.

 

According to a blog post by Symantec, "Spammers and phishers are known to use trending news and popular topics to disguise their payloads. In the case of phishing emails, phishers often cite security concerns to legitimize and disguise their social engineering methods. The payloads of these emails attempt to compel the messages’ recipients into divulging sensitive information." In this case, the emails contained the following text:

The phishing email

The phishing email

 

Symantec says that there are ways in which one can detect whether the email is genuine or not. In this case, the X-Mailer header suggests the sender is using Microsoft Outlook Express 6.00.2600.0000, a very old mail client, which is not likely to be used by an enterprise such as by the insurance company
Another dead giveaway Symantec says is the bad grammar and punctuation. Symantec says phishers often make grammatical errors when trying to capitalise on a new leak or bug.
Finally, this particular email takes you to a Turkish manufacturing site, which is what helps the attackers steal your identity. It's easy to miss this when clicking on the “Sign In” button. In the case of Heartbleed, it's highly essential that users do not click on any password reset link sent within emailers. It's best to login to the site independently and change the password rather than following a link. Want to know how to create the strongest possible password? Check out our simple tips.

 

These identifying factors, often involving common sense, can help you spot phishing emails from genuine ones, Symantec says. We think that in any case, if possible, it's always best to verify whether the email did originate from an authentic source by confirming with the company on a second level through a phone call or other correspondence, instead of acting on the supposed problem immediately.


Published Date: Apr 28, 2014 16:50 PM | Updated Date: Apr 28, 2014 16:50 PM