Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Absence of E-Mail Related Safeguards for SLC Leads to Easy Phishing

Online-scammers have come to easily know the trick of quickly gaining success from launching phishing campaigns and that is by sending e-mails impersonating Student Loans Company, apparently because the company, which disburses educational loans to aspiring students in UK, didn't have adequate security to prevent the act of domain spoofing. Softpedia.com published this, January 8, 2015.

It was prior to Christmas when Student Loans Company (SLC) predicted an increase in phishing e-mail assaults which would misuse its name for deceiving the e-mail recipients in a way that they would click malevolent web-links. The messages also told that in future recipients would find the e-mail id notifications@slc.co.uk sending any formal notification to them.

But, SLC wasn't aware that there was no safeguard regulation for its domain slc.co.uk which could deter that domain's spoofing. Consequently, scammers could impersonate the SLC e-mail id. Besides, as students (actual e-mail recipients) happened to learn about that other e-mail id from where future SLC communications would come, they seemed to trust the impersonated phishing e-mail.

Security Analyst Paul Mutton from Netcraft the security company apprises that there's no Sender Policy Framework (SPF) rule for slc.co.uk. So contrary to the rule, there's no description of the person dispatching e-mail from that address, while absence of the rule negates all restrictions related to the entity sending the e-mails seemingly from notifications@slc.co.uk. Netcraft.com reported this, January 8, 2015.

There's also absence of a Domain-based Message Authentication, Reporting and Conformance (DMARC) rule by which SLC could have taken measures against forged e-mails which spoofed slc.co.uk. With the right configuration in place, SLC couldn't just have its e-mail provider block the fake e-mails, but it could even see whatever is written in those e-mails as well as get the statistics on the number of messages been sent.

Meanwhile, SLC becoming susceptible to phishing assaults isn't something new. In one earlier instance, SLC, in the phishing e-mail, supposedly claimed that there was a revision going on of its database. The e-mail recipients were asked to complete update of their information in 3 days of getting the message failing which they mayn't get or have a delayed student loan.

ยป SPAMfighter News - 1/19/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page