Establishing Digital Trust: Don't Sacrifice Security for Convenience
"V3 received a number of reports from readers claiming to have been targeted by the scam on Thursday," writes V3.co.uk's Alastair Stevenson. "'On top of [the network outage] the phishers have started. As a non-O2 customer already had an email today from O2 supposedly with a link to login to my O2 account to activate new security measures to get back online,' wrote one V3 reader. 'Follow the link to its source and it's a site hosted in China. So for some O2 customers who might in desperation trying to login, it will be bad upon bad delivered from this outage.'"
"When you click on the link, users are directed to an 'O2 Security Update' account login page. ... According to several web domain registration sites IT Pro checked, the O2 Security Update site was registered just over a fortnight ago in China, casting doubts on its authenticity," writes IT PRO's Caroline Donnelly. "The email address used to direct users to the site was flagged on anti-phishing website, Millersmiles, in May for sending out dubious emails."
"O2 was unavailable to confirm the reports at the time of writing, but Kaspersky researcher David Emm told us that such an attack would fit in with cyber criminals' attack patterns," writes The Inquirer's Carly Page. "'We've become used to spammers and phishers piggy-backing all kinds of newsworthy stories -- natural disasters, major sporting events, gossip about the latest celebrity and more. Their aim is to cash in on such stories by trying to get people to respond to their spam messages,' Emm said."