Internet Security Researchers Warn Users on New Phishing Scam Targeting Microblogging Site Tumblr
Recently, security researchers identified a new phishing scam targeted at users of the microblogging site Tumblr. Apparently, the phishing scam aims to steal the login credentials of the users of the micro blogging sites. Security researchers at GFI labs detected 8200 lines of text in Microsoft spanning over 300 pages signifying the extent of the pilferage. According to the firm, the phishing problem has become so widespread that users are creating anti-phishing sites. Ironically, security researchers have traced the source of one of the anti-phishing sites to an attack server. Social media sites are favorite target of cybercriminals as they contain tons of personally identifiable information. Attackers compromise user accounts and produce counterfeit login credentials forms. Attackers lure users of the microblogging site account to enter login credentials to view malicious content. The latest phishing attack also involves redirection to different webpage.
Phishing is one of the common methods used by cybercriminals, which in recent times has become more sophisticated. Cybercriminals are leveraging latest events and incidents to devise fraudulent schemes and attempt to defraud users. There has been rise in number of spear phishing attacks targeting employees of a particular company or government departments. Cybercriminals are registering domain names similar to those of legitimate sites with suffix or prefix added to their address. Internet users often find it difficult to doubt the authenticity of the site as their strikingly similar to those of legitimate sites. Victims, who fall prey to the scam inadvertently compromise their personal details such as names, dates of birth, social security numbers, contact details, e-mail addresses, log in credentials, or financial information such as credit card or debit card numbers.
Earlier, in the month security researchers at F-Secure identified a phishing site on Sony’s Thailand servers. Sony faced a string of cyber-attacks after the security incident at SonyPSN network, which include Sony Online Entertainment, Sony Pictures, Sony Music Japan, and Sony Ericsson Canada. Professionals qualified in masters of security science may help organizations in timely identification of security threats, and initiate mitigating measures. The vibrant threats make it inevitable for security professionals to upgrade their skills through online university degree programs and security certifications.
Internet users must visit a site by directly typing the web address on the address bar, vouch for the authenticity of the site before entering the login credentials. They must avoid responding to e-mails arriving from unknown or seemingly legitimate but containing suspicious content. They should avoid clicking on links appearing in e-mails, and vary of short Unique Resource Locators (URLs) on micro blogging and social networking sites. They must install web browsers with anti-phishing protection. Banking and financial institutions, central banks and taxation authorities will never ask users to provide sensitive financial information such as credit card numbers through e-mails. They must check for the padlock at the bottom of the web page and https on the web address bar. Clicking on genuine padlocks will display certificate information, whereas forged padlocks will not display any information. Undertaking e-learning or online degree programs and following security blogs may help Internet users in keeping themselves abreast of latest security threats and avoid falling prey to sophisticated scams.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Processing your request, Please wait....
