Bogus Newsletter Phishing E-mails in Circulation, Warn Security Experts

Security researchers warn that phishers are distributing fake e-mails offering newsletter while actually cheating end-users into giving away username and password of personal e-mail accounts, reported softpedia.com dated April 9, 2014.

Containing a header "Vital Newsletter," the malevolent notices addressing recipients tell that the e-mail sender posted one important newsletter onto the Internet with the help of his Google Doc. To obtain this item instantly, users should CLICK HERE and they should also respond by providing their e-mail, the messages indicate.

Nevertheless, the web-link doesn't take onto any newsletter. For, the e-mail represents another phishing campaign crafted for duping readers into handing over the login credentials of their e-mail A/C to cyber-criminals.

Clearly, Internauts who believe the message and follow the web-link will land on a site that asks them to login while provide personal e-mail information so they can see the document. They even get asked to select the provider of their e-mail A/C via hitting on the suitable picture displayed on the fake site. But, hitting the picture generates one fresh pop-up which directs that users should give their e-mail id as well as password.

Also, upon hitting Enter for "Sign In" one 'please wait' message appears till the time the users are informed that they require following the procedure again after sometime, as presently there's too much traffic for the server. Subsequently, they'll get diverted automatically onto Google Docs' top-page.

Apparently, this strategy of too much traffic on the server clearly is devised for giving an explanation as to why the promised important newsletter is non-accessible.

One commonly comes across phishing e-mails of the above kind which has several formats. Indeed, Trusteer a security firm detected one likewise incarnation of the aforementioned electronic mail during April-start 2014. Therefore, it's necessary to maintain caution when users encounter dubious e-mails.

According to specialists, end-users must reset their passwords in case of doubt that the above phishing message has victimized them. It's also advisable for deploying the 2-factor authentication mechanism for locking users' A/Cs. The mechanism ensures that criminals would get nothing beyond the password for accessing any end-user's account, note the specialists.

» SPAMfighter News - 4/18/2014