ALL >> Computers >> View Article
Security Experts Alert Users On New Phishing Scam
Security researchers have warned users against a new phishing scam. The scam is allegedly directed at Bank of America, TSB, Lloyds and PayPal users. The new phishing attack, first identified by Rodel Mendrez of M86 security labs comes with an unsolicited e-mail containing an HTML attachment. Unlike the usual phishing attacks, the latest attack does not redirect users to a seemingly legitimate, but fake website. Instead, the attack stores a malicious webpage locally. The use of HTML file allows attackers to evade being detected by a web browser. As a result of the security by-pass, users do not receive any warning and HTML attachment opens in the browser. When unwary users enter the requisite information and click on the submit button, the HTML form sends the extracted information to a remote compromised webserver. The information is send through a POST request directed at PHP scripts hosted on the compromised server.
Cybercriminals are continuously evolving their modus operandi to by-pass security filters, trick users and extract confidential information. The collected information could be misused to conduct unauthorized ...
... transactions, steal funds and transfer money. The gathered information could also be sold by the attackers to their peers in the underground crime market.
Usually, IT professionals qualified in masters of security science, penetration testing and other security certifications help developers in identifying the threat vectors and mitigating security flaws. In this case, attackers were successful in circumventing the anti-phishing filters used by the browsers and deceive users.
Cyber security awareness among Internet users is crucial to combat sophisticated threats. Cyber security tips could be circulated through brochures, e-flyers, video tutorials and advertisements. Online degree and learning programs could also be encouraged to create cyber security awareness. Internet users must be cautious, while providing personal information online. They must verify the authenticity of the sites, before entering any sensitive information. Users must be wary of e-mails that appear to come from banks, online payment and online shopping sites and seek sensitive information. They must verify the authenticity of such e-mails by directly contacting the organization through trusted communication channels such as phone number and e-mail id provided on the website.
Users must avoid opening e-mail attachments arriving from unknown and suspicious sources. They must also avoid replying to and clicking links provided on unsolicited e-mails. Attackers also deceive users by applying social engineering techniques. They gather information from various sources and send cleverly crafted e-mails, which appear to come from a peer, subordinate, new employee or supervisor. They also contact users through phone posing as a representative of a company. IT professionals could keep themselves of the evolving security threats through e-learning and online university degree programs. Organizations must ensure adherence of cyber security guidelines by the employees. Users must avoid disclosing sensitive personal and organizational information, without verifying the authenticity of the person by directly contacting the concerned organization.
Users must avoid arbitrarily disclosure of e-mail addresses to decrease the possibility of spam and unsolicited e-mail. Avoiding arbitrarily selection of multiple offers while registering on an online account may also help in reducing spam e-mails. Using privacy settings to hide or restrict access to e-mail address on social networking sites may help in avoiding unsolicited e-mails from strangers. Users must also look for the privacy policy of a website, before submitting personal details on the site.
Add Comment
Computers Articles
1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise ServersAuthor: Server Tech Central
2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp
3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing
4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp
5. How To Start Your Website Redesign Project?
Author: brainbell10
6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam
7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp
8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp
9. How To Setup And Create Instagram Ads?
Author: brainbell10
10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap
11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10
12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10
13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp
14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10
15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp






