Trend Micro researchers were alerted to the discovery of a phishing attack that involves creating spoofed versions of web pages that ask for sensitive user information, such as login usernames, passwords and bank account numbers. Entering their information into such a page, the sensitive information is collected and sent to the cybercriminal responsible for the page itself, no doubt for malicious purposes. In this case, users are lead to a page where they must confirm their eligibility to win the supposed Reader's Digest cash prize, and it asks for their personal details. With the advertised event being confirmed false, it is also confirmed that whatever information is divulged in this page will be sent to cybercriminals.
Trend Micro recently received samples of an email message that poses as a letter from Reader's Digest India. It informs recipients that they are potential finalists of a supposed sweepstakes. The message then instructs them to click on the link provided in order to access the website so that they could qualify for the cash prize. However, the link instead leads to a phishing site, which requires users to disclose personal information such as their email addresses and the like. Cybercriminals are exploiting the online consumers' anticipation to cash in on lucrative deals, there are many who may be tricked by this latest phishing campaign.
Amit Nath Country Manager India and SAARC commented "It is advised users to inspect such email messages closely and to never click any of the links provided in these. It is typical for spammers to use established brands, such as Reader's Digest, or enticing contests to cloak their malicious schemes". He further added "Users should first verify with trusted sources about the existence of these promos to avoid becoming victims of such ruse. Contacting the organization purportedly behind the message by other means such as actual on-site visitation or a call on their hotline should also work as a way to verify if the message itself is in fact true".
Sometimes phishing emails are easy to spot with their poor grammar and spelling, completely unbelievable subject lines and misaligned copy. However, increasing amounts of phishing emails display official corporate logos and other designs that make them look quite legitimate. Phishing emails, like spam, are typically sent to large numbers of email addresses.