A sensitive computer network belonging to the US government has been compromised in a targeted spear-phishing attack - as reported by Bill Gertz on the Washington Free Beacon's web site.
Additional write up on CNET News.
Both stories say that China was behind the attack, but this brings to my mind the problem of attack attribution in this kind of situation. The only evidence the articles cite is that the attackers "used servers located in China". How easy is it to rent hosting space in a Chinese data center and attack the US, in order to make it look like the Chinese are behind it? I'm not sure. Wouldn't Chinese state-sponsored hackers use a third party country to avoid attracting attention? Or maybe that's what they want us to think?
Showing posts with label phishing. Show all posts
Showing posts with label phishing. Show all posts
Monday, October 1, 2012
Wednesday, June 13, 2012
Malicious e-mails: new and improved!
"The payment you sent"
"Please confirm your LinkedIn password"
"Your bill is now available"
"Your paypal.com transaction"
Recently I've received a number of e-mails about services I use and subscribe to; some of the subject lines are shown above. The e-mails look very genuine, and they are normally telling me about a problem with my account and urging me to click the "Login" button as soon as possible to resolve the issue. If my personal experience is anything to go by, recently these scam e-mails are looking more and more like the real thing. They are designed to look as "official" as possible and they are solely designed to prompt you to log in to your account at PayPal, or your bank, or your mobile phone company, or LinkedIn - I've received examples purporting to be from all of these companies in the last week or so.
Of course, when you click the "log in to my account" link from the scam e-mail, you're not actually going to the real site but a site created by the attacker which looks identical (apart from the address in the url bar, which will NOT be the address of the site you think you are logging into but something which looks almost the same).
After you've logged in to the fake website, the attackers will take a copy of your log-in details. They can then either use the username and password they now know to log you in to the real site and redirect you to it (so you'll never know what just happened) or they can show you a page which says the site is "down for maintenance, please try later" - again, you might not suspect that your details have just been stolen. After that, the attackers can do whatever they like to your account. For example, they can transfer money to their own account, and you'll probably have a hard time proving that it wasn't you.
If you have any suspicions about an email you receive, never click on the link inside the e-mail. Instead, go to the account it relates to by typing the address into the browser yourself. That way you know you're going where you think you're going.
What do you think? Have you noticed the "quality" of these types of email improving recently? Let me know in the comments.
"Please confirm your LinkedIn password"
"Your bill is now available"
"Your paypal.com transaction"
Recently I've received a number of e-mails about services I use and subscribe to; some of the subject lines are shown above. The e-mails look very genuine, and they are normally telling me about a problem with my account and urging me to click the "Login" button as soon as possible to resolve the issue. If my personal experience is anything to go by, recently these scam e-mails are looking more and more like the real thing. They are designed to look as "official" as possible and they are solely designed to prompt you to log in to your account at PayPal, or your bank, or your mobile phone company, or LinkedIn - I've received examples purporting to be from all of these companies in the last week or so.
Of course, when you click the "log in to my account" link from the scam e-mail, you're not actually going to the real site but a site created by the attacker which looks identical (apart from the address in the url bar, which will NOT be the address of the site you think you are logging into but something which looks almost the same).
After you've logged in to the fake website, the attackers will take a copy of your log-in details. They can then either use the username and password they now know to log you in to the real site and redirect you to it (so you'll never know what just happened) or they can show you a page which says the site is "down for maintenance, please try later" - again, you might not suspect that your details have just been stolen. After that, the attackers can do whatever they like to your account. For example, they can transfer money to their own account, and you'll probably have a hard time proving that it wasn't you.
If you have any suspicions about an email you receive, never click on the link inside the e-mail. Instead, go to the account it relates to by typing the address into the browser yourself. That way you know you're going where you think you're going.
What do you think? Have you noticed the "quality" of these types of email improving recently? Let me know in the comments.
Subscribe to:
Comments (Atom)