Phishing Alert: “Warning Code: 11XXTT8765”

A phishing attack designed to harvest the credentials of all email users

By on April 8th, 2013 15:51 GMT

Cybercriminals rely on various tactics to trick users into handing over their email account credentials. One of the easiest methods is to send out emails, without mentioning any service provider’s name, and request recipients to reply with their username and password.

A perfect example has been identified by Hoax Slayer. The emails, entitled “Warning Code: 11XXTT8765” and purporting to come from the “Admin Team,” read something like this:

“Dear Email user,

We would like to inform you that we are currently carrying out scheduled
maintenance and upgrade of our Email service and as a result of this our
Email client has been changed and your original password will reset. We
are sorry for any inconvenience caused.

To maintain your Email account, you must reply to this Email immediately
and enter your current Password here
(___________)

Failure to comply will lead to the
termination of your Email Account.
Warning Code: 11XXTT8765”

The benefits of such phishing scams are that cybercriminals don’t have to bother setting up login page replicas and they don’t have to worry about their malicious domains being blacklisted.

This particular example targets any type of email accounts. However, it can be adapted for more targeted phishing attacks.

For instance, some time ago, the Clemson University’s Computing & Information Technology department issued an alert to warn students and staff about similar emails.

The malicious notifications purported to come from Clemson University and they addressed recipients with “Dear Clemson User.”

In order to avoid falling victim to such schemes, there’s one important thing you must remember. Your online service providers never ask you to hand over your password or other sensitive information – not via email and not on websites.

If you’re a victim of such a scam, make sure that you change your password immediately. If you utilize the same passphrase for multiple accounts, change all of them.

Comments