Heartbleed bug has shocked the whole world and infected millions of website. Now it is a new weapon of Phishers. They are now targeting web users by posing a fake phishing email on behalf US military Insurance service about to pretending themselves from Heartbleed Bug.
The Heartbleed is a security bug found in OpenSSL versions 1.0.1 to 1.0.1f. OpenSSL has already fixed Heartbleed vulnerability by releasing of 1.0.1g version.
We all know that phishers use sophisticated social engineering techniques to lure web users. This fake Heartbleed email compels the user to disclose their confidential information by clicking on link.
Symantec found some interesting features prove that, it is a phishing email. Besides, there are many symptoms to identify Phishing email.
- The Phisher used an old Microsoft outlook client version 6.00.2600.000, which is a doubtful because modern businesses never use desktop mail client to send security notifications. It is very sad that still many businesses use old email software that is also deemed risky from the security point of view.
- The second error that Symantec observed is grammatical mistake like use of word “has initiate”. It is quite possible that Phishers lack many times in writing English, as English is not their primary language. Therefore, there are highly chances of grammar errors in their writing. Phisher always try to focus on new topic to make fool users.
- The phishing email looks like a security alert coming from US military Insurance service that has a “Sign In” button. Generally government authorities letter do not cover such sign in buttons in email.
Symantec has also notified users in its advisory note to alert users from such phishing mail that requesting users to update their personal information. Users should avoid such phishing mail, and should not click on any links appeared in emails. If users want to update or change their personal information then, it is advisable to update credentials by directly visiting a website.