Byline: Ilene Aleshire The Register-Guard
Hackers have targeted three popular Webmail platforms in recent days, said Trend Micro, an Internet security company.
"Google recently revealed details surrounding a successful phishing campaign that targeted the Gmail accounts of government officials and of political activists," Trend Micro said in an alert on its website. But "Google's services haven't been the only ones targeted," Trend Micro said. Hotmail and Yahoo! Mail also have been affected.
While these appear to be separate attacks, there are significant similarities, according to Trend Micro, which was founded in the United States but now has its headquarters in Tokyo.
Google said that the hackers used a phishing attack to get access to a user's Gmail account and then added their own e-mail addresses to the "forwarding and delegation settings," which allowed the hackers to send and receive e-mails via the account.
The hackers also collected information on antivirus software victims had on their computers, making it easier to stage future attacks, taking control of the victim's computer, not just the e-mail account, Trend Micro said.
In addition, Trend Micro said, hackers targeted journalists and political activists, modifying their delegation settings "so (the hackers) can continue to monitor the compromised Gmail accounts."
The Internet security firm said its researchers discovered a phishing attack that exploited a vulnerability in Microsoft's Hotmail service in which "even the simple act of previewing the malicious e-mail message can compromise a user's account. That phishing e-mail pretended to be from the Facebook security team."
And the security firm recently alerted Yahoo! "of an attempt to exploit Yahoo! Mail by stealing users' cookies in order to gain access to their e-mail accounts. While the try appeared to fail, it does signify that attackers are attempting to attack Yahoo! Mail users as well."
"These attacks can be difficult to defend against because these often appear to come from recognizable sources," Trend Micro said. "However, there are some clues that can help identify phishing e-mail messages.
"There are generally spelling and grammatical errors present in the messages that help indicate that it did not originate from the expected source.a...In addition, while the malicious links may contain keywords like "google," "hotmail," or "yahoo," these will actually be links to third-party websites that can be easily spotted."
No comments:
Post a Comment