Contributor: Binny Kuriakose
Symantec has recently detected phishing emails related to the Heartbleed Bug. The phisher attempts to gather information by posing as a US military insurance service with a message about the Heartbleed bug.
The Heartbleed bug is a recently discovered security vulnerability affecting OpenSSL versions 1.0.1 to 1.0.1f. This vulnerability was fixed in OpenSSL 1.0.1g. Symantec’s security advisory gives more details on the bug and offers remediation steps.
Spammers and phishers are known to use trending news and popular topics to disguise their payloads. In the case of phishing emails, phishers often cite security concerns to legitimize and disguise their social engineering methods. The payloads of these emails attempt to compel the messages’ recipients into divulging sensitive information.
In this case, the phishers send the following email.
Figure 1. Preview of the Heartbleed phishing mail
There are several interesting attributes of this example which should be pointed out.
Although this is not an exhaustive list of identifying factors for phishing emails, it highlights some of the irregularities and inconsistencies often seen in phishing campaigns.
As detailed in the official Symantec Heartbleed Advisory, Symantec warns users to be cautious of any email that requests new or updated personal information. Users should not click on any password reset or software update links in these messages. If users need to update or change their personal information, it is best to do so by directly visiting the website.