In May 2010, a phishing website was observed to be spoofing a leading, legitimate brand that provides online file transfer services. These services help people to send, receive, or host files of large sizes. Email messages typically have a limitation in the size of file that can be attached, and so online file transfer is often utilized as an alternative for sending large files. For an online file transfer, customers need to enter the recipient’s email address, select the required file, and click “send.” Upon sending, the recipients receive a notification containing a URL, from which the file can be downloaded. The legitimate brand offers the service free of cost for files within a certain size limit and requires a paid account for larger files.
In the past, there have been several phishing attacks on brands that provide file hosting. However, this is the first instance of phishing a brand that provides file transfers in addition to file hosting.
Spam email was sent with a link to the phishing site, claiming that the customer had received a file for download. The phishing site prompted for the customers’ login credentials. After the credentials were entered, the phishing site redirected to the legitimate site. If the fraudsters succeed in stealing login credentials, they can freely utilize the service for hosting or transferring large files. This leaves the customers’ accounts with a zero balance for file hosting space. Therefore, unlike a typical phishing site, this attack wasn't created with a motive of financial gain, but customers may end up losing the service that they have paid for. The phishing site was created on a free webhosting service based in the USA.
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
• Do not click on suspicious links in email messages.
• Check the URL of the website and make sure that it belongs to the brand.
• Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
• Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.
==================
Note: My regards to Ashish Diwakar, co-author of this blog.
View full post on Symantec Connect – Security Response – Blog Entries
Related Posts
- Cyber Crooks All Set to Crash the British Royal Wedding
As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software throu... - Analysis: Internet fraud for dummies: practical advice for protecting yourself against online scams
Internet fraud has been around for just about as long as the Internet itself. Each year, cybercriminals come up with new techniques and tactics designed to fool their potential victims. - on Securel... - Online banking fraud figure falls in the UK
Online banking fraud losses fell by more than a third in the first half of the year compared to the same period last year, a welcome decline following a spate of Zeus-related arrests in the U.S., U.K.... - Russia detains suspect in carding, online fraud scheme
Russian authorities have detained a Ukrainian national who oversaw a group that manufactured fraudulent payment cards and identity documents, according to a press release from the country's Interior M... - Analysis: Online gaming fraud: the evolution of the underground economy
Whatever type of game you take as an example – a card game, a board game, or a game of cops and robbers - attempts to cheat will be as old as the game itself.
View full post on Securelist / ... - Police nab six in UK online banking fraud sting
Six people have been arrested for allegedly running a phishing operation that netted at least $569,000 and compromised more than 20,000 bank accounts and credit cards, the Metropolitan Police in Londo... - How effective is your file transfer strategy?
The world of file transfer has changed dramatically over the last decade. A growing mobile workforce, increased business-to-business interactions and more stringent security and privacy requirements a... - Companies launch online fraud alert service
Microsoft, eBay and Citizens Bank have launched a new Internet fraud alert service designed to allow them to better share information about compromised accounts with each other in an effort to better ... - Microsoft, eBay, Citizens Bank launch online fraud alert service
Microsoft, eBay and Citizens Bank have started Internet Fraud Alert, a service that will let them better share information about compromised accounts.
View full post on Computerworld Security News... - Data thefts far more common than just Sony and Epsilon
In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover ...
Posted on 25 May 2010. Tags: File, Fraud, Online, Transfer
