Following the most talked about security concern recently, the discovery of Heartbleed Bug, everyone is being told to be wary of their accounts online.
Since Heartbeat Extension, the OpenSSL extension first introduced in late 2011, is being used by many websites and software, this vulnerability when abused can make private information such as usernames, passwords and credit card details easily available to hackers thus causing panic in the internet. People were advised to update their passwords on their online accounts or change their usernames and continuously monitor any suspicious activities. Affected websites and software were told to upgrade their OpenSSL version to 1.0.1g.
However, while everyone is busy spreading the news to would-be victims, spammers are also using this trend to spread malicious threats – one of which is through legit-looking mails.
A sample spam mail circulating recently is a warning notification that ask users to update their banking passwords. This then direct readers to a report in CNN via a link embedded on the mail. Unfortunately, the link redirects somewhere outside CNN.
This move is not new but there are people who are still falling on this trap specially now that Heartbleed bug is a hot topic. The next time you open a mail and click a link on it, make sure that you’re getting it from a known sender and that you have a security software installed as a first line of defense.
Disclosure: The author works for Trend Micro but this blog is not connected to the company in anyway nor do they have control over the articles that are published.