Hit with Widespread Phishing Campaign Hit with Widespread Phishing Campaign

A widespread phishing attack is underway, targeting businesses and consumers using, the China-based e-commerce giant and global trading website.

Comodo Antispam Labs discovered the campaign, and said that the primary method of attack is a random phishing campaign that employs well-crafted spoofing methods. The firm explained in an analysis that the fake emails are being sent from the spoofed address That means that to business or consumer, they appear to be sent from a legitimate email address.

The mails ask customers to click on a link to verify their account, in order to “cut down on spam and fraudulent emails.”

The real story is that these aren’t legit mails from legit addys at all. Instead, they’re coming from cyber-criminals who have set up a fake log-in page; when users log in to verify their information, the page steals the user names and passwords of customers, thereby allowing the perpetrators to gain access to account information.

The Comodo Antispam Labs team identified the phishing email through IP, domain and URL analysis.

The attack uses a fairly common approach, pointing out once again that phishers know how to make good use of social engineering. Like the recent spear phishing campaign in which users are being targeted by emails crafted to look like terror alerts from law enforcement agencies, spoofing features highly.

In that case, the mails were spoofing the Dubai Police Force with attachments disguised as valuable tips on how recipients could protect themselves, their companies and families from a nearby terror attack.

“Cybercriminals are getting more and more creative each day—trying to use breaking news in the world to try and take advantage of businesses and consumers and steal data, passwords and financial information,” said Fatih Orhan, director of technology for Comodo and the Comodo Antispam Labs.

Photo © wk1003mike

Source: Information Security Magazine