Malicious Attacks Claiming to be an Update for OWA
Thank you to Don Smith, STAR Financial Bank’s Information Security Officer, for passing the following information on to us. In turn, I am posting it to our Portal so that you may benefit from the warning.
We have been informed by WebSense (and by some of our customers) that there is a new wave of malicious attacks claiming to be an update for Microsoft Outlook Web Access (OWA). Victims receive an e-mail message leading to a site to apply mailbox settings which were supposedly changed due to a “security upgrade”.
The especially dangerous thing about these messages is that they are very deceiving. The messages and attack pages are personalized for the To: email address to imply the message is being sent from tech support of the domain. The URL in the email looks like it leads to the company’s own OWA system. WebSense has seen upwards of 30,000 of these messages per hour and they have very low anti-virus detection.
Customers signing into these fraudulent e-mails are then being locked out of their e-mail accounts because the criminal element changed the password. The criminal element then sends e-mails to everyone in the customer’s inbox stating they have been in an accident in London (or somewhere else) and they need $1,500 to get home. The e-mail then provides Western Union instructions to wire the money.
If you or a customer receives an e-mail of this nature, delete it immediately.
Leave a comment
Some small organizations continue to use customer data to generate initial passwords, Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
Risk isn’t the only thing to consider when planning a decision tree. Another one of t Read more
While we’re not a news service, we often use current events to comment on trends and Read more