Issue 116 - July 2011 - Page 2
F-Secure 'Security Maintenance' Password Phishing Scam
Message, purporting to be from "WebEmail Support" claims that the recipient must reply with his or her email account address and password so that the account can be made more secure by implementing F-Secure ® HTK4S anti-virus/anti-spam.
The message is a phishing scam designed to steal email account login details from recipients. It has no connection with online security company F-Secure.
Detailed analysis and references below example.
Last updated: 27th June 2011
First published: 27th June 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: 2011 Security Maintenance. F-Secure ® HTK4S
Dear Webmail User,
Your e-mail account needs to be improved with our new F-Secure ® HTK4S anti-virus/anti-spam 2011-version. Provide required information's below or your account will be temporarily excluded from our services.
Please note that your password is encrypted with 1024-bit RSA keys for increased security.
Copyright WebEmail Support 2011. All Rights Reserved.
According to this message, which purports to be from "WebEmail Support", the security of the recipient’s email account needs to be improved. The message claims that the “new F-Secure ® HTK4S anti-virus/anti-spam 2011-version” needs to be added to the account and that the user must therefore send his or her account email address and password. The message warns that, if the recipient does not provide the requested information, his or her email address will be temporarily disabled.
However, the email is not from "WebEmail Support" and has connection whatsoever with security company, F-Secure. In fact, the message is a rather crude attempt to trick recipients into divulging their email account login details.
The scammers have attempted to make their false claims a little more believable by including the name of F-Secure, a genuine and well respected organization. They also make the false claim that login information sent by the recipient will be encrypted for further security, which is, of course, untrue.
Scammers used the very same ruse back in 2010, prompting in F-Secure to post a message on its blog
warning users about this phishing scam. The blog post also noted that the company has no knowledge of a product called “F-Secure HTK4S anti-virus".
Those who fall for the ruse and send their email address and password, will in fact be providing Internet criminals with the means to hijack their web based email accounts and use them for further scam attempts
as well as to send spam in the hijacked user’s name. Internet criminals have repeatedly used very similar schemes
to trick users into handing over access to their email accounts.
No legitimate email service provider is ever likely to ask their users to provide their account login details by replying to an email. Any message that makes such a request should be treated with suspicion.
F-Secure - Desperate Phishing Attempt
Friend Stranded in Foreign Country Scam Emails
Hotmail Account Closure Phishing Scam
Pages in this month's issue:
- Amazing Hand Paintings – The Work of Artist Guido Daniele
- F-Secure 'Security Maintenance' Password Phishing Scam
- No Ordinary Bus - Robert Mugabe's Luxury Bus Protest Message
- Rugby World Cup Advance Fee Lottery Scam
- South African Giant Rats Risk Alert
- McDonald's 'Free Dinner Day' Malware Email
- Overblown Facebook Warning: Remove All Profile Pics With Kids
- Exhibit B-5 Viral Video - Girl Gets Hit By Car After Prank Goes Wrong
- Sheikh Zayed House Hoax
- Lightning Storm Meets Volcanic Eruption Photos
- Facebook Warning - Applications Sending Porno Messages in Your Name
- Paypal 'Strange IP from a Different Location' Phishing Scam
- Black Van Child Abduction Alert - Number Plate Ending With 03A
- 'New Way to Hack Your Face Book' Warning Message
- Western Union 'Too Many Login Attempts' Phishing Scam
- Domain Name Application Scam
- Direct TV Treatment of Joplin Tornado Victims Protest Message
- Diversity Visa Lottery Green Card Scam
- Becoming a Father or Mother Facebook Group Pedophile Warning Hoax
- Elephant 'Road Rage' in South Africa