Monday, November 3, 2008

Guard your domains - new wave of phishing attacks

Last week one of my clients forwarded an email to me that purported to be from Network Solutions - a well-known domain name registrar. The news looked fairly alarming. The emails stated that their domains had expired and were on the auction block - but if the victims would log onto the site and provide full contact info etc, they would be sent instructions on how to renew the domain before it was auctioned away forever . . .

The link in the email "looked" okay, but it was formatted in HTML and the true link went to a very dangerous web page.

Phishing attack for CC numbers / money?

Not exactly -- or more precisely, not ONLY that. Turns out that there is a new wave of phishing attempts for known, established domain names. The criminals behind the attacks are trying to spoof you into giving up your domain registrar account credentials so they can impersonate you just long enough to transfer that tasty domain into their anonymous ownership.

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=211800362

"The new phishing attacks are a way for spammers, malware writers, and fake antivirus writers to keep their operations running . . .

By grabbing legitimate domains, the cybercriminals secure safer cover for their operations. "With these phishing attacks, they'll get access to domains owned by good people."


Expect to see more of these attempts from all domain registrars (eNom, Network Solutions, GoDaddy, etc.) I also expect to see these phishing attacks combine malware infections that will attempt to infect your workstation with key loggers.

Don't click the links in those emails!