14 DAY TRIAL // A new phishing scam capitalizes on people's trust towards reputed news publications and security companies. The rogue email messages masquerade as a Trend Micro newsletter about a real article on the company featured in PC World back in September.
Attacks that try to exploit various subjects attracting a considerable amount of attention from the public are quite common. For example, this can be achieved by poisoning search results with malicious websites, a technique known as black hat search engine optimization.
Because of this, security professionals constantly advise that only trustworthy and renowned news outlets should be used as a method of information. In order to counter these security recommendations, which are detrimental to their illegal business, cybercrooks are increasingly impersonating legit news agencies and publications.
Such is the case with a phishing scam circulating via email recently, in which fraudsters target both PC World and Trend Micro. The professionally designed email bearing the Trend Micro branding marks is quoting an entire article published by PC World on September 21. The article, entitled "Malware Blocking Tests Put Trend Micro on Top," is about an independent test performed by NSS Labs, during which Trend Micro's product achieved a very good rating for its ability to detect and block socially engineered malware.
"Ironically, however, the emails [are] themselves a good example of socially engineered malware," Menard Osena, solutions product manager at Trend, writes. All links within the emails redirect to a malicious phishing site that has since been taken down.
"The phishing URL and domain are already inaccessible plus Trend Micro Web reputation blocks access to the URL involved. Based on Whois information, the domain was created last September 2009. […] The attack also employed the so-called 'genuine-looking URL' phishing technique wherein cybercriminals imitated the URL of the target company in order to steal user information," the researcher explains, referring to the trndmcro.com domain name used in this scam.
This attack is a reminder that users should remain vigilant at all times, even if the emails they receive look legit and cite trustworthy sources. Running a competent and up-to-date security product with anti-phishing capabilities is as always, highly recommended.
