Heartbleed Used by Identity Thieves in Phishing Scam

As many security experts predicated, scammers are exploiting the news of the Heartbleed Internet-security bug, sending unsuspecting citizens email messages asking them to log into sensitive accounts. Researchers at security giant Symantec noticed one such message, which purported to come from a well-known insurance company that caters to U.S. military veterans and their families. The message is […]
As many security experts predicated, scammers are exploiting the news of the Heartbleed Internet-security bug, sending unsuspecting citizens email messages asking them to log into sensitive accounts. Researchers at security giant Symantec noticed one such message, which purported to come from a well-known insurance company that caters to U.S. military veterans and their families. The message is part of a phishing scam trying to steal website login credentials in order to gain access to sensitive personal information. MORE: Heartbleed Bug: Information, Advice and Resources “We wanted to make you aware of ‘Heartbleed’ Internet bug affecting many servers,” reads the Heartbleed phishing message in official-sounding but somewhat stilted English. “A security patch was implemented for [the company website] earlier this week, and although we have no indication that our security certificates have been compromised, we have obtained new certificates for [the website].” So far, so good. Heartbleed did indeed affect millions of Web and email servers, and in order to properly patch them, administrators would have to reissue security certificates that may have been compromised. But then the email goes off the rails.
Sign Up For ATI Courses eNewsletter