Malfeasants have embedded a phishing scam inside the Financial Reporting Council of Nigeria’s web site. The Council is legit: it’s Nigeria’s accounting standards and corporate governance oversight organisation. That role, says Netcraft, doesn’t make it a wizard at information security, because someone’s found their way in to an images directory on the Council’s web site and planted a phish there. The scam asks for users email address and password, and the phone number used as backup login creds for Gmail. As Netcraft points out, the scam’s a little unusual because most phishes go straight for bank account details. This effort looks like an attempt to cash in on those who use one password one multiple sites.
View full story
ORIGINAL SOURCE: The Register