Navy Federal Name Abused for Phishing Attack
PandaLabs has cautioned web users to be cautious of latest phishing attack, which is imitating the Navy Federal Company's site and using its name to steal user's data.
The security officials informed that phishing is a general kind of scam that can result in stealing user's private information like credit card numbers or online banking passwords.
A member of the PandaLabss' research team, Oliaz, stated that the phishing campaign begins with users receiving a mail, reportedly from Navy Federal- and they are asked to click on an attached link, as per the news published by infosecuirty.com on May 18, 2010.
In his security blog, Oliaz compares the two sites and said that there are some differences in the address bar of the fake site as against the authentic one, as it is an http site and thus has a lock with it. Oliaz added that the icon of the company is different in the bogus website.
Further, the PandaLabs researcher says that if users have logged into a fake site, another page will appear claiming that their password has been locked and they need to fill in the form in order to unlock it.
In addition, Oliaz stated that after the details are disclosed, the users are again taken to the original website. In this way, users remain ignorant of the fraud scam.
» SPAMfighter News - 29-05-2010