Fake “DNS Update” emails targeting site owners and admins

2020-06-30 12:43

The link took them to a "Surprisingly believable" phishing page with logos and icons that matched their service provider, and instructed them to enter their WordPress account username and password to start the update.

"The scam then shows you some fake but believable progress messages to make you think that a genuine 'site upgrade' has kicked off, including pretending to perform some sort of digital 'file signing' at the end," Sophos's security proselytiser Paul Ducklin explained.

Users who fall for the scam, enter their login credentials into the phishing site and don't have 2-factor authentication turned on are effectively handing control of their site to the scammers.

Ducklin advises admins never to log in anywhere through links sent via email, to turn on 2FA whenever they can, and to use a password manager.

"Password managers not only pick strong and random passwords automatically, but also associate each password with a specific URL. That makes it much harder to put the right password into the wrong site, because the password manager simply won't know which account to use when faced with an unknown phishing site," he noted.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/uvkthfmOl34/

#DNS #email