Kaspersky Lab experts warn of a new scam that uses το Windows Live ID ως δόλωμα για να αποσπάσει προσωπικές information stored in user profiles on services such as Xbox LIVE, Zune, Hotmail, Outlook, MSN, Messenger and OneDrive.
"Honest" phishing
Users receive email alerts that their Windows Live ID accounts are used to distribute spam and that they should be blocked.
In order to prevent the suspension of their accounts, users are asked to follow a link and update their details in order to comply with the supposed new security requirements of the service.
This is very similar to a typical phishing email, where followers link to fake websites that look like official ones and the data they import there is sent to the scammers.
However, Kaspersky Lab experts were surprised to find that the phishing email link was leading to the Windows Live (Windows Live ID) page and there was no apparent attempt to intercept victim's login information.
The gang of cybercriminals
Having followed the link to the email and after entering their account at live.com, users received a strange call from the service. An application is requesting permission to automatically log in to the account, view profile profile and contact list, and access user lists with personal and business email.
Fraudsters gained access to this technique through security holes in OAuth, the open license protocol.
Users who click "Yes" do not deliver their login information but provide their personal information, email addresses of their contacts, as well as aliases and actual friends' names.
Also, digital fraudsters could have access to other parameters, such as appointment lists and major events.
This information is more likely to be used for fraudulent purposes, such as spamming all contacts in the victim's address book ormovement spearphishing attacks.
«We have been aware of the security loopholes in the OAuth protocol for some time now. At the beginning of 2014, a student from Singapore he described Possible ways to steal a user's data after authentication. However, this is the first time we encounter cheats using a phishing email to practice these techniques.
A scam can use the information that is being stolen to create a detailed picture of the users, taking into account information about what they do, who they meet, who their friends, etc. This profile can then be used for criminal purposes,he said Andrey Kostin, Senior Web Content Analyst from Kaspersky Lab
To web application developers for Social Networks that use the OAuth protocol consists of:
- Avoid using open redirects from their web pages
- Create a white list of trusted addresses for redirects made using OAuth, as fraudsters can perform a hidden redirect to a malicious site by finding an application that can successfully attack and change the ' redirect_uri ».
Users are advised:
- Do not follow a link they receive via email or through personal messaging on social media
- Do not give unfamiliar applications the right to access personal data
- Ensure that they fully understand the access rights they grant to each application
- If they find that an app has already distributed spam or malware to their site, they can send a complaint to the social network administrator or web service administrator and the application should be blocked
- To maintain them fundamentals their data antivirusprograms and integrated anti-phishing protection solutions up to date
For more information, visit it Securelist.com.
