Scam warning over Heartbleed fears
Security experts are warning the public to be on the lookout for fake pass word reset emails in the wake of the latest reports over the ‘Heartbleed’ bug .
Exploiting the confusion of advice surrounding passwords after the uncovering of the Heartbleed flaw in the internet’s most widely used piece of data protection software OpenSSL; opportunistic scammers have been sending fake emails surrounding password resets.
Many of these emails are ‘phishing ‘attacks containing links to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has.
These websites can sometimes look very similar to the legitimate site and allows the scammers to steal their victims’ identity or banking details.
Graham Culey, security analyst for Hotforsecurity.com writes: “an opportunistic cybercriminal could easily spam out a phishing attack disguised as a legitimate email from a web service asking users to reset their passwords.
“It’s easy to forge email headers, and to create an HTML email which looks very realistic. And all a bad guy needs to do is embed a link inside the email which pretends to go to a particular site’s login page, but actually goes to a bogus replica website designed to scoop up usernames and passwords.”
Action Fraud the UK's national fraud and internet crime reporting centre offered this advice: “Be suspicious of any unsolicited emails you receive, even if they are from companies you are familiar with, if they ask you to click on a link inside the email to reset your password rather than ask you to visit the website manually and login there instead.”
If you’re confused by the recent Heartbleed flaw security experts’ advice is to only change passwords on websites which have confirmed they have fixed the Heartbleed flaw.
Some have warned that anything else could actually be increasing the chances of your private information being taken.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.
