One of the most dangerous places on earth maybe your email inbox, considering the number of sophisticated email scams underway. Homeland Security is alerting computer users of two dangerous new ones this week and a third is being reported in the press.
Email phishing is a technique used by criminal hackers to trick victims into downloading malicious software or going to a malicious web site. Scammers typically send emails that purport to be something benign and of interest to the target, but are really a trap to get the target to click on a link.
The government is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code.
University Employee Payroll Scam
The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials.
Users are encouraged to review the IC3 Alert for details and refer to Security Tip ST04-014 for information on social engineering and phishing attacks.
In addition to the warnings from Homeland Security, Computerworld reported this week that security firms have identified a scam that sends email supposedly from LinkedIn support that can obtain a users account login credentials.
Recipients of the email phishing should not open the email attachment, which is an html file that looks like the LinkedIn login page. In reality, it used by the scammers to capture the targets credentials.
Protecting Against Phishing Scams
To protect against email scams, every user should: