VPN Articles and News

New Phishing Attack Targets Outlook Users

Friday, January 30th, 2015

Several reports from security firms indicate that Windows Outlook users are being targeted by a new phishing attack. The modus operandi of the attack is very similar to an earlier phishing attack where login credentials of thousands of Hotmail and Windows Live users were stolen so it may be possible that the same team of attackers could be behind the latest security breach. It may be recalled that in January, Hotmail users received emails regarding the presence of a ‘DGTFX Virus’ in their mailbox. The email, which appeared to have come from Microsoft, urged the users to verify their accounts by visiting the link given within the mail and also threatened them with account deactivation in case of non-compliance.

The latest phishing attack follows a very similar pattern. In this case, victims get an email (which is purportedly from the ‘Windows Outlook’ team) informing them about the presence of a ‘C93 Virus’ virus in their mailbox. The mail then encourages the users to scan and remove C93 and other threats from their mailbox by scanning it with Norton Antivirus. The message also threatens them with account deactivation in case they do not scan their mailbox by visiting the link given in the mail.

Once the user clicks on the link given within the email, he is redirected to a webpage that looks like the real Microsoft login page in all respects. In reality, the page is designed to capture login credentials from unsuspecting users which could then be used by the criminals or hackers for their nefarious activities. As soon as the user types and submits his login credentials through the fake login page, the username/password details are sent to a server controlled by the attackers whereas the user himself is redirected to the actual Microsoft site. Thinking that he has entered his credentials incorrectly, the user may then type his login and password again (but this time on the actual Microsoft site) without even realizing that he has just now handed over his account details to criminals.

Security experts point out that there is no real C93 virus out there and the attackers have invented it just to scare people. They also point out that there has been a big increase in the number of similar phishing attacks in the recent past simply because people do not take adequate precautions while dealing with such threats. While stressing that non-tech savvy people are more likely to fall prey to such attacks, they advise people not to trust these type of emails since email providers like Google and Microsoft never ask their users to click on suspicious links or threaten them with account deactivation.

If you have become a victim of the C93 phishing attack then you must change your login and password details immediately. In addition, you should switch to 2-step verification so that attackers are not able to log into your account or use it for criminal activities even if they have your userid/password details. It is also a good idea not to click on suspicious links present within emails and report such emails to your email provider for further action.

January 30, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 7 =