10 February 2013

SMX issues 'phishing attack' warning

SMX co-founder and chief technology officer Thom Hooker says a "phishing attack" on Xtra customers is resulting in a high volume of emails being submitted to SMX’s helpdesk for investigation.

He says all these emails seem to contain little more than a URL although most contain the original sender's email signature, which lends some credibility to the email.

The phishing emails indicate the Xtra account holder's Yahoo! mailbox has been compromised, allowing the attacker access to the compromised account's contact list. Those contacts have then been sent emails purporting to be from the Xtra user. Clicking the link takes the browser to a "Work from home for $$$" type of site but it is unclear if the site also attempts to install some malware or trojan at this time.

All the emails SMX has seen this morning are sent from either an @xtra.co.nz or @yahoo.co.nz email address. SMX operates dual anti-spam and anti-virus engines, as well as other technologies to detect such emails.

"SMX's filters are now blocking these emails from our customer's mail flow," says Thom Hooker.

"SMX's initial analysis of the submitted emails indicates that this is a well coordinated attack using computers and IP addresses in multiple countries around the world. It appears to be a sophisticated attack designed to spoof legitimate senders and to fool the recipient into clicking the link in the email."

Thom Hooker says the phishing attack is a reminder of how important it is to maintain best practice email security management:

  • Don't click on random links in emails
  • If you're unsure contact the original sender and confirm whether they meant to send you that email
  • Run up to date anti-virus software on your computers
  • Ensure all relevant software updates are installed
  • Choose secure passwords for your internet sites and change these regularly (every 3 months at least)
  • Don't use a common password for all your Internet logins