New Phishing Scam Targets Website Administrators
E-mail phishers have unleashed an attack to deceive webmasters so that they may reveal their credentials which are used for managing their sites. The attack is aiming owners of websites who use the hosting services of over 90 providers.
Security researchers state that the con artists are seeking to spread their malware by amassing hacked websites that they plan to join into a network.
The reports state that the spam mails, with the sender's ID varied from Yahoo.com to hostgator.com and 50webs.com, address people using some highly reputed Web hosting companies. Typically, the messages state that on account of system maintenance, recipients need to validate their FTP credentials.
Moreover, the subject lines of e-mails mention the company's name which the scammers apparently have chosen as their target, and therefore, they appear as "(targeted hosting firm) web-hosting update." In this way, there are over 900 exclusive subject lines, note the security researchers.
The e-mails also provide a web-link that leads to a phishing page rather than the actual CPanel page of the hosting firm, where CPanel is a software package popularly used for website administration. The researchers state that users who turn into victims of the phishing scam and give out personal credentials are subsequently sent to the real website of the hosting firm which appears in the subject line.
Thus, when a user clicks on the web.com link, he lands on the web.com page or when he clicks on the yahoo.com link, he is led to Yahoo, and so on.
Gary Warner, Director of Research in Computer Forensics, at the University of Alabama, Birmingham, states that the scammers apparently, are looking to seize webmasters' FTP usernames and passwords so that they can use the corresponding sites to launch drive-by download assaults, as reported by The Washington Post on December 5, 2009.
Hence, any website administer, who has become a victim of the phishing scam, must ask his hosting company to reset his password. Additionally, he could also do well to check for any unlawful alternations in his site content.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 15-12-2009