Fraudsters Attempt to Sniff Sensitive Information From Outlook Users

Albuquerque, New Mexico (PressExposure) July 22, 2011 -- Security researchers have alerted Microsoft Outlook users on a fake notification scam. The new phishing scam first identified by security experts at Internet Security firm Sophos attempts to gain access to e-mail accounts. Users receive an e-mail that asks users to download an attachment to reconfigure their Microsoft Outlook. Users, who download and open the attachment, receive a fake form, which appears strikingly similar to a genuine form of Outlook. The form seeks username, password and outgoing server details. Outlook users, who provide the requested information, inadvertently provide opportunity for remote scammers to compromise their e-mail accounts. Cybercriminals may use the information to impersonate as the legitimate user and send arbitrary mails, propagate spam and steal personal information. They may also attempt to gain access to other online accounts of the user through brute-force attacks or forget password option.

On the other hand phishers are facing threat from whalers, who attempt to gain access to online databases, where phishers store the stolen information by using a tool called autowhaler. The tool allows whalers to search common Phishing URLs, where phishers hide their login credentials. Recently, security researchers at GFI Labs identified a unique tool termed as '666 autowhaler'. When a whaler downloads the tool, they inadvertently download a Trojan designed to extract login credentials. The detection again reveals the vicious nature of cybercrime world.

Internet users must be wary of e-mails seeking login credentials or suggesting reconfiguration of e-mail clients. Phishing e-mails attempt to deceive users into compromising sensitive information by urging prompt action and spoofing the e-mail address to make them appear as coming from a legitimate source. They may also spoof the links in the e-mail to make them appear as a web address of a legitimate company. As such, they must prefer visiting a website by typing the web address rather than following a link on Instant Messengers (IMs), Internet Relay Chat (IRC) or e-mail addresses. Cyber security training programs and online degree programs may help users in improving their online computing practices. They may also report fraudulent e-mails to respective legitimate companies or concerned regulatory authorities in their country. Such attempts will help organizations and regulatory agencies to initiate appropriate action and prevent other Internet users from falling prey to fraudulent scams.

E-mail clients help employees to manage and organize their e-mails. Phishers may attempt to gain sensitive information regarding organizational networks by targeting employees through sophisticated schemes. Employees who receive e-mails seeking such information must immediately report to the concerned head of the IT department. Organizations must educate employees on the incident response procedures and information security practices through induction and e-learning programs. They may also collaborate with technical institutions and educational institutions and encourage employees to undertake online university degree programs and improve cyber security practices in the organization.

Cybercriminals constantly endeavor to improve their attack techniques. Professionals qualified in masters of security science [] may help organizations to assess prevalent security threats, envisage future threats and devise appropriate policies to improve the defenses of the organization.

About EC-Council

Contact Press

Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

Press Release Source:

Press Release Submitted On: July 22, 2011 at 5:23 am
This article has been viewed 6633 time(s).