Fake Outlook config scam aims to harvest logins
New spin on social engineering also punts scareware
Cybercrooks have come up with a new way to trick prospective marks into handing over login credentials or installing fake security (scareware) packages.
The first of two similar batches of scam emails doing the rounds claim that users have a new message in Microsoft Outlook - which can supposedly only be seen after users reconfigure their settings. This might sound technically tricky but the dubious emails come complete with a handy link, which serves only to hand over email settings to internet hackers.
Graham Cluley, senior technology consultant at Sophos, explained that earlier versions of the scam emails appeared to be geared towards harvesting email login credentials. The domain from which the first batch of dodgy emails originate hosted a bogus webpage that was used earlier this week in a more run-of-the-mill banking phishing campaign, targeting the Commonwealth Bank of Australia, as explained here.
Later versions of the same type of Outlook configuration rejig scam came with an attachment designed to trick users into installing fake anti-virus scanner packages. ®