English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Phishing in the clouds

Darya Gudkova
Kaspersky Lab Expert
Posted June 10, 14:57  GMT
Tags: Cloud Computing
0.4
 

Recently the security of public cloud services has been a major topic of discussion on the Internet. While service providers assure us that there’s nothing safer than the ‘cloud’, security companies have already managed to discover various kinds of threats in the cloud.

In the meantime, spammers are managing to keep up and have started making more active use of free remote resources. For instance, we recently came across the following phishing messages for harvesting email passwords:

A particularly attentive user will quickly recognize them as fakes due to a number of formal attributes:

- impersonal address;
- while the ‘From’ field contains one domain, the link in the letter body leads to another;
- typos (“Clickhere” written as a single word);
- impersonal signature (“System Administrator center”);
- threats to close the account if the user does not follow the link within a certain period of time – a typical phishing ploy.

Even more interesting is the fact that the link leads to a phishing page, which is not located at a normal address but at spreadsheets.google.docs – a free service for creating spreadsheets on remote Google servers. The user is asked to fill in a form which includes fields such as ‘Email Address’ and ‘Password’. If users click the ‘Submit’ button, they send the data directly to the phishers.

This service provides cybercriminals with free space to place their fake pages. Even worse, this sort of page will appear to be quite genuine to unsuspecting users: first, it is located at a well-known resource, and, secondly, the connection is made via https, which supports encryption.

Of course, I clicked on ‘Report Abuse’ where some (but not all) of these types of pages have already been closed. This, however, is not the solution to the problem on a global level: cybercriminals are certain to continue using cloud services, which are ideal for their activities.

So, once again, I would like to urge users to be very careful and not to click on suspicious links.


2 comments

Oldest first
Threaded view
 

Erik

2011 Jun 29, 15:45
0
 

As old as ...

..who knows, but unfortunately still working. You wouldn't be surprised if I told you how many times a year I have to explain unaware users that this is fake.
We are even about to test this at our company, to see if security has got user awareness. I can already tell in advance that 25% will give their password straight away. By mail, post-it, telephone, you name it.User awareness is such an important and crucial element in security.

Reply    

DIasp

2012 Aug 30, 21:47
0
 

to be honest...

to be honest i think that trick here is pretty genious :P

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog