About Me

Friday 25 May 2012

Comcast phishing site contains valid TRUSTe seal

Summary: Security researchers from Sophos are reporting on an intercepted Comcast-themed phishing email, which contains a valid TRUSTe seal.

Security researchers from Sophos are reporting on an intercepted Comcast-themed phishing email, which contains a valid TRUSTe seal.
More on the phishing email:
Like many other sites that are compromised to host phishing pages, this one appears to have been compromised through vulnerable FrontPage server extensions.Yes, I said FrontPage. The old Microsoft Office package used for building and publishing web sites. Microsoft discontinued support for FrontPage publishing extensions in 2006 and they have been the source of many web site vulnerabilities over the last 15 years.The fake page is an identical copy of the real Comcast XFINITY login page, and surprisingly includes a fully functional TRUSTe logo which may lend further credibility to the site.
Cybercriminals often take advantage of visual social engineering elements, by embedding logos of reputable and trusted brands in order to improve of authenticity of their bogus content.
Users are advised to keep in mind the fact that these security and privacy seals often have limited applicability in real-life situations, in particular in the process of ensuring a web site’s CIA (Confidentiality, Integrity and Availability).

0 comments:

Post a Comment