Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 116 - July 2011 - Page 2

F-Secure 'Security Maintenance' Password Phishing Scam

Issue 116 Start Menu

Previous Article            Next Article

Outline
Message, purporting to be from "WebEmail Support" claims that the recipient must reply with his or her email account address and password so that the account can be made more secure by implementing F-Secure ® HTK4S anti-virus/anti-spam.



Brief Analysis
The message is a phishing scam designed to steal email account login details from recipients. It has no connection with online security company F-Secure.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 27th June 2011
First published: 27th June 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: 2011 Security Maintenance. F-Secure ® HTK4S

Dear Webmail User,

Your e-mail account needs to be improved with our new F-Secure ® HTK4S anti-virus/anti-spam 2011-version. Provide required information's below or your account will be temporarily excluded from our services.

Email Address:
Password:

Please note that your password is encrypted with 1024-bit RSA keys for increased security.

Management.
Copyright WebEmail Support 2011. All Rights Reserved.




Detailed Analysis
According to this message, which purports to be from "WebEmail Support", the security of the recipient’s email account needs to be improved. The message claims that the “new F-Secure ® HTK4S anti-virus/anti-spam 2011-version” needs to be added to the account and that the user must therefore send his or her account email address and password. The message warns that, if the recipient does not provide the requested information, his or her email address will be temporarily disabled.

However, the email is not from "WebEmail Support" and has connection whatsoever with security company, F-Secure. In fact, the message is a rather crude attempt to trick recipients into divulging their email account login details.

The scammers have attempted to make their false claims a little more believable by including the name of F-Secure, a genuine and well respected organization. They also make the false claim that login information sent by the recipient will be encrypted for further security, which is, of course, untrue.

Scammers used the very same ruse back in 2010, prompting in F-Secure to post a message on its blog warning users about this phishing scam. The blog post also noted that the company has no knowledge of a product called “F-Secure HTK4S anti-virus".

Those who fall for the ruse and send their email address and password, will in fact be providing Internet criminals with the means to hijack their web based email accounts and use them for further scam attempts as well as to send spam in the hijacked user’s name. Internet criminals have repeatedly used very similar schemes to trick users into handing over access to their email accounts.

No legitimate email service provider is ever likely to ask their users to provide their account login details by replying to an email. Any message that makes such a request should be treated with suspicion.

Bookmark and Share References
F-Secure - Desperate Phishing Attempt
Friend Stranded in Foreign Country Scam Emails
Hotmail Account Closure Phishing Scam



Previous Article            Next Article

Issue 116 Start Menu

Pages in this month's issue:
  1. Amazing Hand Paintings – The Work of Artist Guido Daniele
  2. F-Secure 'Security Maintenance' Password Phishing Scam
  3. No Ordinary Bus - Robert Mugabe's Luxury Bus Protest Message
  4. Rugby World Cup Advance Fee Lottery Scam
  5. South African Giant Rats Risk Alert
  6. McDonald's 'Free Dinner Day' Malware Email
  7. Overblown Facebook Warning: Remove All Profile Pics With Kids
  8. Exhibit B-5 Viral Video - Girl Gets Hit By Car After Prank Goes Wrong
  9. Sheikh Zayed House Hoax
  10. Lightning Storm Meets Volcanic Eruption Photos
  11. Facebook Warning - Applications Sending Porno Messages in Your Name
  12. Paypal 'Strange IP from a Different Location' Phishing Scam
  13. Black Van Child Abduction Alert - Number Plate Ending With 03A
  14. 'New Way to Hack Your Face Book' Warning Message
  15. Western Union 'Too Many Login Attempts' Phishing Scam
  16. Domain Name Application Scam
  17. Direct TV Treatment of Joplin Tornado Victims Protest Message
  18. Diversity Visa Lottery Green Card Scam
  19. Becoming a Father or Mother Facebook Group Pedophile Warning Hoax
  20. Elephant 'Road Rage' in South Africa