The Trend Micro Content Security team discovered a phishing attack that used a software company’s website to lure victims into divulging personal information. The compromised site was that of School Website Solutions, which looks like this:
Figure 1. Clean page.
Phishers were able to hack the site however. Users who were trying to access School Website Solutions using its legitimate URL saw this page instead
Figure 2. Phishing page.
which is no longer related to the software company at all. The phishing site spoofed the login page of Alliance & Leicester, a bank in the UK. Information entered in this page were keylogged and stolen by phishers.
Trend Micro has already notified School Website Solutions of this threat, and the site administrators were able to swiftly respond and resolve the issue. Security policies and practices that help ensure attacks like this don’t happen include:
- Religiously checking OS and software vulnerabilities and taking necessary actions when problems arise.
- Using strong passwords.
- Disabling unneeded services and deleting unnecessary accounts.
- Keeping private files private by not placing them under the public directory on the server.