Phishing Scam Warns of Phishing Scam

Sophos has issued a public warning following the identification of a phishing scam that involves an innovative approach to social engineering. In this context, the integrated threat management solutions provider describes the spreading of what it calls an almost amusing twist on conventional phishing email warnings. This is the case as the content of the spammed emails does not redirect the victim to a traditional phishing Website. Instead, it warns users not to update or to confirm confidential account data.

"The story is so hyperbolic and so unlikely that it looks and smells like a good old conspiracy theory, with a website to back it up," stated Paul Ducklin, Sophos's Head of Technology, Asia Pacific. "Many conspiracy theory sites are intriguing, if ill-informed, but not overtly malicious. This can make them popular for believers and unbelievers alike. But readers who are inquisitive and who follow the web link in this email will be visiting a fake news site which aims to infect them with a phishing Trojan."

Posing as a news report generated by News Limited, the email contains an embedded link that directs the victim to a fake Website that drops a Trojan horse. The phishing malware targets Commonwealth Bank and e-gold clients, stealing login information.

"Not trying and not replying to spam means more than just avoiding a direct email response," added Ducklin. "You need to be careful not to follow up on any call-to-action in unwanted email. After all, if you don't trust the original email, why would you trust information such as web links, telephone numbers or street addresses in that email?"

Follow the editor on Twitter @mariusoiaga