Kaspersky Lab experts warn of a new scam that uses Windows Live ID as a bait to retrieve personal information stored on user profiles on services such as Xbox LIVE, Zune, Hotmail, Outlook, MSN, Messenger and OneDrive.
"Honest" phishing
Users receive email alerts that their Windows Live ID accounts are used to distribute spam and that they should be blocked.
Για να εμποδίσουν την αναστολή της λειτουργίας των λογαριασμών τους, οι χρήστες καλούνται να ακολουθήσουν ένα link και να ενημερώσουν τα στοιχεία τους, ώστε να συμμορφωθούν με τις υποτιθέμενες νέες απαιτήσεις security of services.
This is very similar to a typical phishing email, where followers link to fake websites that look like official ones and the data they import there is sent to the scammers.
However, Kaspersky Lab experts were surprised to find that the phishing email link was leading to the Windows Live (Windows Live ID) page and there was no apparent attempt to intercept victim's login information.
The gang of cybercriminals
Having followed the link to the email and after entering their account at live.com, users received a strange call from the service. An application is requesting permission to automatically log in to the account, view profile profile and contact list, and access user lists with personal and business email.
Fraudsters gained access to this technique through security holes in OAuth, the open license protocol.
Users who click "Yes" do not deliver their login information but provide their personal information, email addresses of their contacts, as well as aliases and actual friends' names.
Also, digital fraudsters could have access to other parameters, such as appointment lists and major events.
This information is more likely to be used for fraudulent purposes, such as sending spam to all contacts in the victim's address book or starting spearphishing attacks.
«We have been aware of the security loopholes in the OAuth protocol for some time now. At the beginning of 2014, a student from Singapore he described Possible ways to steal a user's data after authentication. However, this is the first time we encounter cheats using a phishing email to practice these techniques.
A fraudster can use the intercepted information to create a detailed picture of users, taking into account information about what they are doing, who they will meet, who their friends are, etc. This profile can then be used for criminal purposes."he said Andrey Kostin, Senior Web Content Analyst from Kaspersky Lab
Social networking application developers using OAuth recommend:
- Avoid using open redirects from their web pages
- Create a white list of trusted addresses for redirects made using OAuth, as fraudsters can perform a hidden redirect to a malicious site by finding an application that can successfully attack and change the ' redirect_uri ».
Users are advised:
- Do not follow a link they receive via email or through personal messaging on social media
- Do not give unknown applications the right access to personal data
- Ensure that they fully understand the access rights they grant to each application
- If they find that an app has already distributed spam or malware to their site, they can send a complaint to the social network administrator or web service administrator and the application should be blocked
- To maintain their databases antivirusprograms and integrated anti-phishing protection solutions up to date
For more information, visit it Securelist.com.
