Thu, Oct 15 2009 3:55
Don
Outlook Web Access Social Engineering Malware Scam
Websense® Security Labs™ ThreatSeeker™ Network has discovered a new
wave of malicious attacks claiming to be an update for Microsoft
Outlook Web Access (OWA). Victims receive a message leading to a site
to apply mailbox settings which were supposedly changed due to a
"security upgrade." The especially dangerous thing about these messages
is that they are very deceiving. The messages and attack pages are
personalized for the To: email address to imply the
message is being sent from tech support of the domain. The URL in the
email looks like it leads to the company's own OWA system. We have seen
upwards of 30,000 of these messages per hour and they have low AV detection.
Alert Details
Filed under: Alerts