Sophos Cloud Optix
More and more people are looking for love online.
As a consequence, millions of people have created accounts on online dating websites, which they have filled with personal information and (typically) poorly lit webcam photographs of themselves.
One of the leading dating websites is Match.com, which means that many people might have been tempted to click on the link in this spammed-out email:
Subject: Match.com account verification
Message body:
Our Valued Customer,
You Have 1 New Security Message Alert !
Click here to resolve the problem
Thank you for helping us to protect you.Yours Sincerely,
Match Online
Fortunately, the bogus website that potential victims are taken to is hardly the most convincing replica of the real Match.com website:
Of course, if you do mistakenly enter your login credentials onto the phishing website, you may not only be handing over control of your dating account to unknown cybercriminals.
They could see if you’re one of the many people who use the same password on multiple websites, and explore whether your Match.com password might also unlock – say – your email account.
The bad guys could also line you up for a more convincing targeted attack, using your personal information to lure you into believing you are receiving a legitimate communication from Match.com, perhaps tempting you into clicking a link by showing you possible dates. That link could lead to malware, identity theft or further compromise of your online accounts.
The cybercriminals are not just interested in breaking into your bank accounts. Any information which they can mine from you for monetary purposes, or opportunity to infect your computer, is an attractive goal.
If you’re engaged in online dating you’re advised to take steps to protect yourself, and are wise to look before you leap. The same should be true if you want to avoid being phished. Always be wary of unsolicited email messages, and think before you click.
Hat tip: Thanks to Naked Security reader Kevin for bringing this phishing campaign to our attention.
Mouse cursor on heart image courtesy of Shutterstock.
Thanks for the info on this particular attack and exploit.
Truth is, any website you use, whether dating, email, social networking, shopping,
and forums as some examples can be used for this type of exploit and other kinds.
NEVER open emails from unknown senders, or click on links in emails. These kind
of emails end up in your SPAM or BULK folder for a very good reason. They are on an
email service's filter list of websites and senders (email addresses, names) which
are known to be phishing or malicious 99.5% of the time based on experience and
information. Help your SPAM filters by reporting these types of emails as SPAM and
that will help protect other users by raising the red flag redirecting them to everyone's
SPAM folder.