Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users about a new phishing campaign which tries to get innocent
computer users to fax their credit card and bank information
directly to the phishers rather than visit a bogus website.
The emails, which claim to come from Paypal (the payment system
used by the popular Ebay auction website), tell users that someone
tried to reset their password. The email urges the user to fax back
information which will assist in the investigation into the alleged
security breach.
The emails point to a Microsoft Word document hosted on a Polish
website, which the recipient is instructed to download and complete
with their bank account details (including PIN information), credit
card numbers and login details before faxing back. Sophos has
confirmed that the telephone number mentioned in the emails is
hosting an active fax machine.
The email looks like the following:
The email urges you to fax confidential
information to the phishers.
"In the last few days we have seen a number of attempts by
phishers to use this technique, and it's possible that some people
who know that they need to be careful about entering their
confidential information on a bogus website may think that
completing and faxing back such a form is somehow safer," said
Graham Cluley,
senior technology consultant for Sophos. "It's important that
no-one is lax when it comes to their internet security, and keep
their critical banking and credit card details close to their
chest."
The phishers urged recipients to fill in a Word
document and fax back their confidential information.
"Interestingly, the phishing gang may have made a huge blunder
by including the fax number in their scam. PayPal and the
authorities are sure to follow that lead when investigating this
matter further," continued Cluley.
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses
from the threats of both spam and viruses; and that users do not
open or reply to unsolicited emails.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.