Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Websense has detected a new round of ‘Better Business Bureau' spam emails.
The Websense Security Labs ThreatSeeker Network has identified the spam which uses social engineering tactics to entice readers to follow a link in the message in order to ‘register new software and update contact information'.
It claimed that tens of thousands of messages had been sent, and from appearance, looks like it has been sent by the same phishers who targeted customers of the Bank of America, Wachovia, Royal Bank of Scotland and others.
The email is a standard email message that informs the recipient of an enhancement with new security measures, and that they need to download a ‘BBB company certificate'.
The link takes the user to a copy of the BBB page where a download of the ‘certificate' named ‘TrustedBBBCertificate.exe' will install a Trojan downloader. When executed, it takes the user to another web page, which is hosted on another malicious domain, for the ‘Certificate Registration'.
On this page various options are given to the user to search the company database – either by phone, database or URL – and the site will also try to get the victim to download the certificate once again.
Websense has warned against this new campaign, and advised that Websense Messaging and Web Security Customers are protected against this threat.
The Websense Security Labs ThreatSeeker Network has identified the spam which uses social engineering tactics to entice readers to follow a link in the message in order to ‘register new software and update contact information'. It claimed that tens of thousands of messages had been sent, and from appearance, looks like it has been sent by the same phishers who targeted customers of the Bank of America, Wachovia, Royal Bank of Scotland and others. The email is a standard email message that informs the recipient of an enhancement with new security measures, and that they need to download a ‘BBB company certificate'. The link takes the user to a copy of the BBB page where a download of the ‘certificate' named ‘TrustedBBBCertificate.exe' will install a Trojan downloader. When executed, it takes the user to another web page, which is hosted on another malicious domain, for the ‘Certificate Registration'. On this page various options are given to the user to search the company database – either by phone, database or URL – and the site will also try to get the victim to download the certificate once again. Websense has warned against this new campaign, and advised that Websense Messaging and Web Security Customers are protected against this threat.See original article on scmagazineus.com
It claimed that tens of thousands of messages had been sent, and from appearance, looks like it has been sent by the same phishers who targeted customers of the Bank of America, Wachovia, Royal Bank of Scotland and others. The email is a standard email message that informs the recipient of an enhancement with new security measures, and that they need to download a ‘BBB company certificate'. The link takes the user to a copy of the BBB page where a download of the ‘certificate' named ‘TrustedBBBCertificate.exe' will install a Trojan downloader. When executed, it takes the user to another web page, which is hosted on another malicious domain, for the ‘Certificate Registration'. On this page various options are given to the user to search the company database – either by phone, database or URL – and the site will also try to get the victim to download the certificate once again. Websense has warned against this new campaign, and advised that Websense Messaging and Web Security Customers are protected against this threat.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.