Cybercriminals Depend on Zendesk Hack to Attract Users to Malicious Pharmacy Sites
Spammers are dispersing news regarding latest Zendesk data breach to con users so that they can visit shady websites that provide pharmaceutical products, security firm Sophos bewared.
The undesirable mails are titled "An important notice about security," said like this: we currently encountered that the vendor we employ to respond support request and other e-mails found a security infringement. We are sending you this e-mail as we have got or responded a message from you employing Zendesk. Unluckily your name, email address and subject line of your message in the e-mail were accessed during this breach.
To continue your account safe, kindly: Don't speak about your password to anyone. We will by no means send you an email enquiring for your password. If you receive any, please contact us. Beware of doubtful e-mails. If you receive any e-mails like they are from support team but don't feel right, please inform us particularly, if they contain information regarding your support request. Employ a strong password. If your password is not strong, you can form a novel one. We really apologize for this, and we will keep functioning with law enforcement and our vendors to confirm your details are protected.
Senior Technologist Consultant at Sophos, Graham Cluley observes that the mails off course doesn't actually name the supposedly concerned entity, as per printed by infosecurity-magzine.com on March 25, 2013.
"With no clear information in the email, the only way to look is to click on the links...right?" he said. "Well, if you attempt this way, you will find browser taking on a journey which finally leads you to Canadian pharmacy website, which is trying to sell Viagra and Cialis.
The campaign is actually using the disguise of an important security notice as a highly effective form of social engineering, "complete with sensible suggestion to use strong password and be careful of undesirable emails!" Cluley said.
To ignore such spam emails campaign users are advice that never buy anything from such shady website, despite how tempting the offers look.
Related article: Cheburgen.a: A New Email Worm
» SPAMfighter News - 02-04-2013