Phishers Target Play.com Customers
In a major email phishing campaign, one of the largest online retailers in the UK, Play.com has been targeted, reports security firm GFI.
The phishing emails are sealed with a convincing subject line, "Problem with payment/order". The email opens up on a more credible note asking users to fill information in a security form, which is accessible on clicking on a reply button. The user is further consoled by saying that the security form is a part of verification and security check and that the sender is unable to see any personal details as the form is encrypted through a server as a part of data protection.
From the perspective of a potential victim, reason enough for suspicion lies from the fact that in actuality, the email contains hardly any form to fill. And, filling up a mere plain text with all personal details and sending it through an email itself is indicative of doubts and suspicion.
According to Christopher Boyd, Senior Threat Researcher at GFI, scammers in this case rather seem to be holding a laidback attitude. Hyperlinking their images from other sources are inviting brand damages in this process and recipients should rather restrict themselves from sending card details in this manner, particularly when the senders assures of no problems. With an objective of preventing people from getting involved in such spiteful event, play(dot)com has been set up, reports sunbeltblog on February 28, 2011.
It is certain that some users are innocent and not accustomed of these kinds of scam detection skills. Thus, it is always better to call directly the sender (not the one mentioned in the email) and seek advice from them, adds GFI on a report by net-security.org on February 28, 2011.
Furthermore, it is always a healthy practice on the part of a victim to report about any such kind of suspicious phishing emails to the anti-phishing agencies, so that phishing attacks could be controlled at the initial phase. Also, as an added necessity, the victims should inform the spoofed company. In the aforementioned case, Play.com should have been contacted by the recipient.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 10-03-2011