Expert analysis reveals the secrets behind new phishing attack
An analysis by Mimecast reveals what's going on in a new phishing attack designed to steal credit card details
A new phishing attack has been analysed by experts and its secrets uncovered, revealing the methods cyber criminals use in their attempts to steal credit card credentials.
The phishing attempt was spotted by Computing this week, and sent to email security firm Mimecast for analysis. The email purported to be from Australian telco Telstra.
Obviously Computing knew better than to click on the link, but we were informed that doing so directs the unsuspecting user to a fake login page, pretending to be a Telstra portal.
Once logged in, the user is asked for their credit card information, which is then transmitted straight to the cyber criminals, but the user is shown to an error on the original website, to alleviate any suspicions they may have, and delay any attempt to warn their bank or cancel their card.
The information is sent to a compromised Joomla server from an Italian blog (hxxp://lanard.it/br/coco.php).
Matthew Gardiner, cybersecurity strategist at Mimecast, said that ideally a firm should have an email security system that rewrites every URL and checks its safety on every click, and blocks or at least warns if the site is potentially dodgy.
"For those users that click through the warning the security team should warn the user to change their password immediately or take other steps depending on what was shared," he said. "In this case if they shared their real credentials they should contact Telstra immediately to let them know that they were phished so that Telstra can take immediate steps to protect them against fraud.
"Users should be encouraged not to trust the validity of random, unexpected emails that take them to a website that asks for personal information or login credentials. If they have an account with that vendor they should go directly to that website.
"Users should be coached to look at the URL in the website to see if it makes sense, such as https://www.telstra.com.au. Often attackers will take users to a totally different domain that doesn't make sense such as www.abc.com/telstra," concluded Gardiner.