跳到主体内容

Live ID as a bait: Kaspersky Lab warns of a new scam

2015年5月21日

Experts are warning of a new scam that uses Windows Live ID as a bait to catch personal information stored in user profiles on services like Xbox LIVE, Zune, Hotmail, Outlook, MSN, Messenger and OneDrive.

Experts are warning of a new scam that uses Windows Live ID as a bait to catch personal information stored in user profiles on services like Xbox LIVE, Zune, Hotmail, Outlook, MSN, Messenger and OneDrive.

“Honest” phishing

Users receive warnings by email saying that their Windows Live ID accounts are being used to distribute unsolicited emails, so their accounts will be blocked. To stop their accounts being suspended, users are asked to follow a link and update their details to comply with the service’s new security requirements. This sounds very much like a typical phishing email. Victims are expected to click on links that will take them to fake sites imitating the official Windows Live page. The data they enter there will be sent to the scammers. So our experts were surprised that the link from the scam email did indeed go to the Windows Live website and there was no apparent attempt to get the victims’ logins and passwords.

What’s the trick?

Having followed the link in the email and successfully authorized the account on the official live.com site, users received a curious prompt from the service: an application requested permission to automatically log into the account, view the profile information and contact list and access a list of the users’ personal and work e-mail addresses. Scammers gained access to this technique through security flaws in the open protocol for authorization, OAuth.

Users who click “Yes” don’t give away their login and password credentials, but they do provide their personal information, the email addresses of their contacts and the nicknames and real names of their friends. It’s also possible to gain permission to access other parameters, such as lists of appointments and important events. This information is most likely to be used for fraudulent purposes, such as sending spam to the contacts in the victim’s address book or launching spear phishing attacks.

“We’ve known about security flaws in the OAuth protocol for quite a while: in early 2014, a student from Singapore described possible ways of stealing user data after authentication. However, this is the first time we have come across fraudsters using a phishing email to put these techniques into practice. A scammer can use the information intercepted to create a detailed image of users, including information on what they do, who they meet and who their friends are, etc. This profile can then be used for criminal purposes,” said Andrey Kostin, Senior Web Content Analyst at Kaspersky Lab.

Developers of web applications for social networks which use the OAuth protocol are advised to:

  1. avoid using open redirects from your sites
  2. create a white list of trusted addresses for redirects performed using OAuth, because fraudsters can perform a hidden redirect to a malicious site by finding an application that can be successfully attacked and changing its “redirect_uri” parameter.

Recommendations to users:

  1. do not follow links received via email or in private messages on social networking sites
  2. do not give unknown applications the right to access your personal data
  3. make sure you fully understand the account access rights that each application receives
  4. if you discover that an application is already distributing spam or malicious links on your behalf, you can send a complaint to the administration of the social networking site or web service and the application will be blocked
  5. keep your antivirus software databases and integrated anti-phishing protection up to date

To learn more, please read the blog post available at Securelist.com.

Live ID as a bait: Kaspersky Lab warns of a new scam

Experts are warning of a new scam that uses Windows Live ID as a bait to catch personal information stored in user profiles on services like Xbox LIVE, Zune, Hotmail, Outlook, MSN, Messenger and OneDrive.
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻