A new phishing attack is looking to trick Yahoo Mail users into handing over their account credentials.
Researchers with Zscaler ThreatLabz are
reporting that the attacks, which are being spread through a spam
campaign, look to spoof the Yahoo login page in order to collect user
account names and passwords.
According to Zscaler, the attackers send
victims a phony notification message warning that unless action is
taken, the user account will be suspended. The message also includes a
link to the phishing page, which poses as the Yahoo login screen.
In addition to spoofing the Yahoo
notification and login systems, the attack looks to capitalise on
looming confusion over transitions at Yahoo to new services and
interfaces.
Zscaler ThreatLabz researcher Julien
Sobrier said: “Yahoo is now shutting down its Yahoo Mail classic
interface and forcing users to their new e-mail platform. This will no
doubt be another great opportunity for phishers to take advantage of
confused users.”
The attack could also trick users who are
confused about the switch many sites are making to new security
platforms and protections. Though the introduction of two-factor
authentication has been widely hailed by security experts as a valuable
additional security component, confusion over how such systems will roll
out could leave users vulnerable.
“Two-factor authentication has been in
the news a fair bit lately as LinkedIn and Twitter have recently begun
to offer the feature,” explained Sobrier. “We encountered an example
whereby a phisher actually took advantage of heightened awareness of
two-factor authentication to aid in an attack.”
No comments:
Post a Comment