‘Game Over’ Phishing Attack
Please be aware that the FBI has posted a bulletin on a particularly successful malware attack that is currently active and poses a direct threat to anyone who utilizes online financial services such as online banking. The attack is very sophisticated, but starts as most others do, simply with the unsuspecting user receiving a fraudulent email. Emails may appear to be from a government or other “official” source – for example, Amazon, eBay, the Federal Reserve Bank or the Federal Deposit Insurance Corporation (FDIC). Clicking on the links in the email, or opening attachments, will cause malicious code to be silently downloaded and installed on your system, which then collect banking credentials and send these to a remote party for later misuse. This attack has been nicknamed the “Gameover” attack because once the user has unknowingly installed the malicious software, it’s usually “game over” for their finances.
These kinds of attacks are generally referred to as “phishing” attacks and are often difficult for many security systems to automatically mitigate. You are even more vulnerable on your personal computers at home.
You can read the FBI bulletin as well as a very good description of the attack at the links below. However, threats like these are persistent in our environment. We continue to recommend the following key practices to keep company and personal information safe online:
- DO: Be very careful when opening attachments or clicking links in emails that you receive, especially if the email seems odd (how did the FDIC get my work address?) or if the writing style in the email doesn’t appear to match up with the sender (indicating someone’s account may have been hijacked). If you do need to use the links or open the attachment and it looks suspicious, verify with the sender via some other means prior to doing so.
WHY: Phishing attacks (attacks that originate via a fraudulent communication) are growing in number and are often extremely successful. Attackers often masquerade as a legitimate source to trick users into trusting the contents. It generally takes only one mistake to end up as a victim of this type of attack, and often times the fact that you have been compromised can go undetected until it’s too late.
- DO: For home systems or systems not managed internally by IT, be sure to keep all operating system and applications patched and up to date. Use automatic updates when possible to make this a simple task.
WHY: An overwhelming percentage of software vulnerabilities that are exploited by hackers are known vulnerabilities, and that have had patches available for several months. Keeping your systems patched and current will reduce the potential for you to be a “target of opportunity”.
- DO: Change passwords for critical systems often, at least every 90 days. This includes important personal accounts such as email, online banking, and accounts tied to financial data (such as iTunes accounts). Be sure to use strong passwords that incorporate length and complexity. DO NOT USE DEFAULT PASSWORDS.
WHY: Often when credentials are stolen, they will not be immediately used. Changing your password often reduces the window of opportunity should your information get stolen. Using a longer, more complex password substantially decreases the potential for your password to be stolen successfully.
Original FBI bulletin on the “Gameover” Attack: http://www.fbi.gov/news/stories/2012/january/malware_010612/malware_010612
ZDNet article describing the “Gameover” Attack: