Wednesday, 8 August 2012

Phishing Attack Targets Telecommunication Giant

US-based AT&T customers are faced with more than 200,000 fake emails.

The massive phishing campaign distributes emails masquerading as billing information from the telecommunication company. According to a report however, the phishing email proved to be not a sophisticated one as there are a number of things which can make you suspicious. First, the amount of money it requires for a monthly bill is way too large. Also, a different link will appear upon hovering the mouse over the listed link.

What’s alarming with it though is that, should an unsuspecting use follow the link, a malware will be downloaded to his computer which is currently not detected by most antivirus products. After the malware is loaded on the computer, it will drop files on the Application Data and Temp Folders, then injects code into running applications and/or programs. Then, it accesses a Bot network where the attacker can instruct the malware to take further actions.

Outwit the Witty Criminals
Today’s crime scenes have shifted from the blood-filled scary grounds to the supposedly safe and secure internet. For cybercrimes, the question of who did it doesn’t matter much, but why the user fell as victim does!

Lack of information and knowledge base is often almost the reason why net users get tricked by malicious attacks. Thus, to increase users’ vantage point over criminals, getting the most relevant information is important. Before clicking on any website or email link, one must first be suspicious of the sender, the email content, and the link itself. If you want to follow the link, it is best to copy it and paste on the browser’s address bar, than to click it directly. This way, you’ll verify if the link loads a legit age or if it redirects to another site.

Moreover, users must also increase their knowledge-base on the elements of a secure site. Most websites today, not just those allowing online transactions, are safeguarded by SSL certificates. These certificates encrypt the website contents, mitigating the risk of breaches. SSL certificates are issued by trusted Certificate Authorities like GlobalSign. There are number of SSL certificates offered in the market today ranging from the simplest to the most sophisticated: Domain Validation SSL, Organizational Validation SSL, Extended Validation SSL.

Visit to know more about online security.

Keywords: SSL, EV SSL, DV, OV, phishing

We'd be glad to hear from you, contact us at (+65) 3158 0349, or send us an email.