Beware of Heartbleed/OpenSSL Vulnerability Phishing Scams

It seems like whenever there is a major virus outbreak or vulnerability announced, such as the Heartbleed vulnerability, scammers and malicious hackers are not too far behind trying to cash in on the moment and innocent.

Here is a phishing email (http://en.wikipedia.org/wiki/Phishing) recently received in one of my not-so-important email accounts. One that is used mainly for signing up for things like demos of products or coupons and promo codes.

Usually those places end up re-selling your email account, thus increase spam/phishing emails directed to that account. So I never use any of my main/important email accounts in those situations and neither should you.

Below is the subject and body of the message, along with a screen capture of what it looked like.

SUBJECT OF SPAM MESSAGE: Heartbleed/OpenSSL vulnerability: password change recommended

 

BODY OF SPAM MESSAGE: (hyperlinks removed for precaution)

This is an important service update from Econsultancy

By now you’ve no doubt heard about the Heartbleed vulnerability, a serious bug which has been identified in the OpenSSL cryptographic library.

You have also likely heard from other companies asking you to change your password on their website.

At Econsultancy, we also recommend changing the password on your account as a precautionary measure.

Change your Econsultancy password

We have no reason to suspect that any Econsultancy data was compromised by the vulnerability and our servers were quickly updated to fix the issue.

Sorry for any inconvenience caused and thank you for your cooperation.

If you have any questions, please do get in touch.

The Econsultancy team

heartbleed-phishingscam

You can clearly see it looks like a nicely crafted warning from some place with a recommendation to change your password because of the recently announced Heartbleed vulnerability.

There were a couple tell tale signs that this wasn’t legit. For one, I never hear of this econsultancy service and two all the links were the exact same crypted format (when you hover over the link, it should display the actual address).

If you do get one of these, or similar, don’t click on any of those links within the email, go directly to the service provider’s website and read any of their alerts they may have.  Of course you can always call them and confirm that they indeed sent you an email.

Hopefully this will help anyone else who is starting to receive phishing emails based on the recent Zero-Day Heardbleed vulnerability. If you come across other similiar spam related to the heartbleed vulnerability, feel free to spam me, literally at spam (@) northwoodswebdesigns.com and will try to get it posted to warn others.