Navy Federal Name Abused for Phishing Attack

PandaLabs has cautioned web users to be cautious of latest phishing attack, which is imitating the Navy Federal Company's site and using its name to steal user's data.

The security officials informed that phishing is a general kind of scam that can result in stealing user's private information like credit card numbers or online banking passwords.

A member of the PandaLabss' research team, Oliaz, stated that the phishing campaign begins with users receiving a mail, reportedly from Navy Federal- and they are asked to click on an attached link, as per the news published by infosecuirty.com on May 18, 2010.
Furthermore, the mail contains a message that appears to have come from Navy Federal Company. If the user clicks on the link, he/she is taken to a bogus website identical to the original one.

In his security blog, Oliaz compares the two sites and said that there are some differences in the address bar of the fake site as against the authentic one, as it is an http site and thus has a lock with it. Oliaz added that the icon of the company is different in the bogus website.

Further, the PandaLabs researcher says that if users have logged into a fake site, another page will appear claiming that their password has been locked and they need to fill in the form in order to unlock it.

In addition, Oliaz stated that after the details are disclosed, the users are again taken to the original website. In this way, users remain ignorant of the fraud scam.
Therefore, to avoid such scams, users should never reply to mails that ask for private data. Also, they should type the URL into the address bar for visiting the banks' sites and should never click on the attached links of unsolicited mails. Moreover, the security experts recommend users to be very careful of the e-mails the users get, the sites they visits and the security of their systems.

» SPAMfighter News - 5/29/2010