The website of the Ethiopian Red Cross Society (redcrosseth.org) has been compromised and set up to host a Google phishing page.Sophos experts noticed that the site was hacked while investigating a spam campaign.
The malicious emails, bearing the subject “RE: Order,” read something like this:
“Thanks for the email, i have tried to send you our company profile but its not going through, so i have decide to send it via Google Docs. all email account work with Google Docs all you need to do is to click the link below and login to view the document.”
Users who fall for it and click on the link, are taken to a fake Google login page hosted on the site of the Ethiopian Red Cross Society.
A lot of users might be tempted to immediately log in – and basically hand over their username and password to the crooks – considering that they think they’re about to view a company profile on Google Docs.
Sophos experts have notified the Ethiopian Red Cross Society and, hopefully, they’ll get their website cleaned up soon.