Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    The Trend Micro Content Security team discovered a phishing attack that used a software company’s website to lure victims into divulging personal information. The compromised site was that of School Website Solutions, which looks like this:

    Figure 1. Clean page.

    Phishers were able to hack the site however. Users who were trying to access School Website Solutions using its legitimate URL saw this page instead

    Figure 2. Phishing page.

    which is no longer related to the software company at all. The phishing site spoofed the login page of Alliance & Leicester, a bank in the UK. Information entered in this page were keylogged and stolen by phishers.

    Trend Micro has already notified School Website Solutions of this threat, and the site administrators were able to swiftly respond and resolve the issue. Security policies and practices that help ensure attacks like this don’t happen include:

    • Religiously checking OS and software vulnerabilities and taking necessary actions when problems arise.
    • Using strong passwords.
    • Disabling unneeded services and deleting unnecessary accounts.
    • Keeping private files private by not placing them under the public directory on the server.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice