Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    From a security perspective, phishing attempts are pretty much old hat. In most cases, phishing attempts or attacks focus on getting one particular credential, such as those for credit cards or user accounts. We are now seeing cybercriminals attempt to get more credentials by using phishing pages that allow for multiple email logins.

    Multiple Logins Allowed

    We came across some shortened URLs that lead users are lead to phishing pages that mimic popular sites, including Facebook, Google Docs (now known as Google Drive), OneDrive, and several property websites. In order to proceed, users must log in using their email address.


    Figure 1. Log in page featuring different email providers

    The unique feature about these phishing pages is that they include options for several email providers. Users can log in using any of their accounts in Yahoo, Gmail, AOL, and Windows Live. There is even an “other emails” option, in case the user’s preferred email provider is not given. It’s interesting to note that the pages accept any words or even gibberish typed in—a sure sign that the pages are more concerned with collecting data.


    Figure 2. “Other emails” gives users more options to supposedly log in

    After signing in, users may encounter a “loading” or “server error” notification before they are led to the actual site. For example, users who visit the “Google Docs” site are led to a shared document about intentions for prayers.


    Figure 3. Document hosted in Google Docs

    Phishing Steps Up

    This particular phishing scheme shows that cybercriminals are still refining their techniques. In this case, the cybercriminals took the extra steps to make sure the scheme appears as legitimate as possible (e.g., the redirection to legitimate sites, the use of an actual document for Google Docs).

    Users should be wary of clicking shortened URLs, especially if they come from unverified sources. It’s recommended that they simply use bookmarks or type in the site’s URL directly into the address bar to avoid phishing pages. They should also double-check a site’s URL before they give out any user information; it has become all too easy for bad guys to create login pages that are near-identical to legitimate ones.

    Trend Micro blocks all threats related to this incident.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice