A widespread phishing attack is underway, targeting businesses and consumers using Alibaba.com, the China-based e-commerce giant and global trading website.
Comodo Antispam Labs discovered the campaign, and said that the primary method of attack is a random phishing campaign that employs well-crafted spoofing methods. The firm explained in an analysis that the fake emails are being sent from the spoofed address feedback@service.alibaba.com. That means that to business or consumer, they appear to be sent from a legitimate email address.
The mails ask alibaba.com customers to click on a link to verify their account, in order to “cut down on spam and fraudulent emails.”
The real story is that these aren’t legit mails from legit addys at all. Instead, they’re coming from cyber-criminals who have set up a fake log-in page; when users log in to verify their information, the page steals the user names and passwords of alibaba.com customers, thereby allowing the perpetrators to gain access to account information.
The Comodo Antispam Labs team identified the alibaba.com phishing email through IP, domain and URL analysis.
The attack uses a fairly common approach, pointing out once again that phishers know how to make good use of social engineering. Like the recent spear phishing campaign in which users are being targeted by emails crafted to look like terror alerts from law enforcement agencies, spoofing features highly.
In that case, the mails were spoofing the Dubai Police Force with attachments disguised as valuable tips on how recipients could protect themselves, their companies and families from a nearby terror attack.
“Cybercriminals are getting more and more creative each day—trying to use breaking news in the world to try and take advantage of businesses and consumers and steal data, passwords and financial information,” said Fatih Orhan, director of technology for Comodo and the Comodo Antispam Labs.
Photo © wk1003mike