Phishers rely on the fact that many users don't know exactly how OpenID works

May 7, 2012 15:07 GMT  ·  By

Barracuda Labs experts have come across spam emails that lure users to a malicious site that tries to replicate a service similar to OpenID, hoping to gain the trust of potential victims.

OpenID is considered to be a practical solution by many website owners because it saves them the hassle of creating their own user accounts, and instead, allows the customers to log in with credentials utilized to access other sites, such as Yahoo, Gmail, Twitter, or Facebook.

Cybercriminals rely on the fact that many people don’t know how the procedure works, so they may be tempted to provide their credentials without giving it too much thought.

Usually, the schemes start with an apparently innocent email that informs the recipient about a real estate deal, or a package delivery notification. When the link from the message is clicked, the user is taken to a fake OpenID login site.

Once the service is selected, a login screen that partly imitates the legitimate one appears.

After the victims enter their credentials and press the Sign In button, the username and password are immediately transferred, in plain text, to a server controlled by the cybercriminals. To avoid raising suspicion, a redirect then occurs to a legitimate site.

At this point, it doesn’t matter if the victim handed over Facebook, Gmail, AOL, Yahoo, or Windows Live login details. Any one of them can be worth just as much to the scammers.

Users are advised to keep in mind that websites that utilize OpenID always redirect to the legitimate secure domain. For instance, if you choose to sign in to your Yahoo account, you will be taken to the company’s genuine site.

When presented with something similar to the screenshot, you can be almost certain that it’s a phishing operation.