Share


Share

Share it !



share/bookmark

Cybercriminals Attempt to Extract Sensitive Data through Fake Outlook Notifications

Security researchers have alerted Microsoft Outlook users on a fake notification scam. The new phishing scam first identified by security experts at Internet Security firm Sophos attempts to gain access to e-mail accounts. Users receive an e-mail that asks users to download an attachment to reconfigure their Microsoft Outlook. Users, who download and open the attachment, receive a fake form, which appears strikingly similar to a genuine form of Outlook. The form seeks username, password and outgoing server details. Outlook users, who provide the requested information, inadvertently provide opportunity for remote scammers to compromise their e-mail accounts. Cybercriminals may use the information to impersonate as the legitimate user and send arbitrary mails, propagate spam and steal personal information. They may also attempt to gain access to other online accounts of the user through brute-force attacks or forget password option.

On the other hand phishers are facing threat from whalers, who attempt to gain access to online databases, where phishers store the stolen information by using a tool called autowhaler. The tool allows whalers to search common Phishing URLs, where phishers hide their login credentials. Recently, security researchers at GFI Labs identified a unique tool termed as '666 autowhaler'. When a whaler downloads the tool, they inadvertently download a Trojan designed to extract login credentials. The detection again reveals the vicious nature of cybercrime world.

Internet users must be wary of e-mails seeking login credentials or suggesting reconfiguration of e-mail clients. Phishing e-mails attempt to deceive users into compromising sensitive information by urging prompt action and spoofing the e-mail address to make them appear as coming from a legitimate source. They may also spoof the links in the e-mail to make them appear as a web address of a legitimate company. As such, they must prefer visiting a website by typing the web address rather than following a link on Instant Messengers (IMs), Internet Relay Chat (IRC) or e-mail addresses. Cyber security training programs and online degree programs may help users in improving their online computing practices. They may also report fraudulent e-mails to respective legitimate companies or concerned regulatory authorities in their country. Such attempts will help organizations and regulatory agencies to initiate appropriate action and prevent other Internet users from falling prey to fraudulent scams.

E-mail clients help employees to manage and organize their e-mails. Phishers may attempt to gain sensitive information regarding organizational networks by targeting employees through sophisticated schemes. Employees who receive e-mails seeking such information must immediately report to the concerned head of the IT department. Organizations must educate employees on the incident response procedures and information security practices through induction and e-learning programs. They may also collaborate with technical institutions and educational institutions and encourage employees to undertake online university degree programs and improve cyber security practices in the organization.

Cybercriminals constantly endeavor to improve their attack techniques. Professionals qualified in masters of security science may help organizations to assess prevalent security threats, envisage future threats and devise appropriate policies to improve the defenses of the organization.


View the original article here