Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The campaign began on Monday when phishers started sending emails seemingly coming from “support” at Microsoft, Graham Cluley, Sophos' senior technology consultant, said in a blog post. The message told users they have, “(1) new message from Outlook Microsoft.” But, the email said users must “re-configure” Outlook settings to read it. The email provided a link to a phishing page that lures users into handing over email settings, Cluley said. Just one day after the attack began, it changed, Cluley said. Overnight, the phishing site went down and the attack morphed so that instead of providing a phishing link, the newest versions of the emails now contain a malicious attachment. The attached file is a fake anti-virus product, that tries to scare users into making a purchase, Cluley said.Cluley said that Sophos does not have any indication of whose behind this, but what is clear is that this isn't the first time the attack has been modified. This past weekend, the domain used in the phishing site in Monday and Tuesday's attack was used in a banking phishing campaign, targeting the Commonwealth Bank of Australia, Cluley said. In that attack, users were told they qualified to take part in a “$50 credit reward survey.” Users were told to follow the link to take part in a five question survey to receive their credit reward. “Everyone needs to take a spoonful of skepticism each morning,” Cluley said. “People are too trusting of their email, and need to learn to think before they click on a link or open an attachment.”
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.