Symantec Threat Bulletin: New wave of phishing and malware attacks prey on social networking sites
- 05 November, 2009 15:28
Symantec Threat Bulletin: New wave of phishing and malware attacks prey on social networking sites
Symantec’s Security Response Team has detected a new wave of phishing and malware attacks preying on social networking sites MySpace and Facebook users. Symantec believes that social networking sites with large numbers of users are currently being targeted to infect the maximum number machines or gather passwords for more malicious activities in the future. Symantec has discovered that the recently reported malicious spam campaign against Facebook is now being accompanied by a phishing attack.These fake phishing messages look like official Facebook emails, advising members of a new login system and asking them to update their account details. Users that click on the ‘update’ button are redirected to a look-alike Facebook phishing site, where they are asked to enter a password to complete the update procedure. Unfortunately this allows cybercriminals unlawful access to the password and login details and ultimately, access to the account.
These attacks can be identified by the following email subject lines:
Facebook account update
New login system
Facebook Update tool
Additionally, the Symantec Security Response Team has also detected a new wave of malware attacks on MySpace, which come as an email with an attachment. This attack also asks users to change their passwords, with the aim of gathering password details.
Email subject lines for these attacks include:
Myspace Password Reset Confirmation
Myspace office on fire
Myspace was ruined
Symantec encourages users to be extremely wary of any requests for personal information or suspicious attachments, especially those including a ‘password reset’ request. Legitimate websites will not request a password be reset by sending an attachment. Users should also be cautious when clicking on URLs without proper verification. To be safe and avoid a malware attack, URLs should be typed directly into the web browser. Finally, consumers should keep their security software up-to-date to prevent falling victim to these type of scams.
Please let me know if you would like to speak with a Symantec security expert about these attacks and what users can do to prevent themselves from falling victim to such scams.
Media Contact:
Jasmin Athwal
Max Australia
+61 2 9954 3492
Jasmin.Athwal@maxaustralia.com.au
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
