Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

SMX issues 'phishing attack' warning

SMX issues 'phishing attack' warning

Auckland, New Zealand. 11 February 2013. Local email security company SMX is warning email users to be particularly careful not to click on “work from home” links contained within emails from xtra.co.nz or yahoo.co.nz senders.

SMX co-founder and chief technology officer Thom Hooker says a "phishing attack" on Xtra customers is resulting in a high volume of emails being submitted to SMX’s helpdesk for investigation.

He says all these emails seem to contain little more than a URL although most contain the original sender's email signature, which lends some credibility to the email.

The phishing emails indicate the Xtra account holder's Yahoo! mailbox has been compromised, allowing the attacker access to the compromised account's contact list. Those contacts have then been sent emails purporting to be from the Xtra user. Clicking the link takes the browser to a "Work from home for $$$" type of site but it is unclear if the site also attempts to install some malware or trojan at this time.

All the emails SMX has seen this morning are sent from either an @xtra.co.nz or @yahoo.co.nz email address. SMX operates dual anti-spam and anti-virus engines, as well as other technologies to detect such emails.

“SMX's filters are now blocking these emails from our customer's mail flow,” says Thom Hooker.

“SMX's initial analysis of the submitted emails indicates that this is a well coordinated attack using computers and IP addresses in multiple countries around the world. It appears to be a sophisticated attack designed to spoof legitimate senders and to fool the recipient into clicking the link in the email.”

Advertisement - scroll to continue reading

Thom Hooker says the phishing attack is a reminder of how important it is to maintain best practice email security management:
• don't click on random links in emails
• if you're unsure contact the original sender and confirm whether they meant to send you that email
• run up to date anti-virus software on your computers
• ensure all relevant software updates are installed
• choose secure passwords for your internet sites and change these regularly (every 3 months at least)
• don't use a common password for all your Internet logins.

Ends.

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.