The Latest in IT Security

Beware of Federal Reserve emails

28
May
2011

In the past few days we have received many emails from “the Federal Reserve”:

Since they are not legitimate we have been cataloging them on phishingemails.com.

However, they are not your typical phishing scam. Sure it is a lure, but the bad guys are not here to gently ask you to fill in a form to steal your credentials. They are choosing the brute-force method:

Clicking on the link triggers a series of exploits:

You can see how it works its way:

From Outlook’s email, to Internet Explorer (click on the link) to a Microsoft Help Center exploit…

The bad guys are using a URL shortener and then off we go to exploit land:

That way you end up with a Trojan on your PC, and maybe a couple of fake AVs…

Thankfully my phishing trap is a VM image I can reset easily…

Jerome Segura

Leave a reply


Categories

MONDAY, NOVEMBER 20, 2017

Featured

Archives

Latest Comments

Social Networks