Endpoint Protection

Webmail phishing was first reported earlier this year, but it has gained a higher profile in recent times. The call to action or general purpose of this attack is to obtain webmail credentials such as passwords and contact list email addresses. A number of different scenarios have been employed by webmail phishers to try and secure this information and have included:

Scenario 1

“We write to bring to your notice that we will be caring out some temporary maintenance on our service due to congestion in all email accounts and we are afraid that during this process email accounts of our customers will be deactivated; but just to avoid your email account from been deactivated and to enable your records remain in our database we advice you provide us with the below information or your email account will be suspended within 48 hours for security reasons.” (sic)

Scenario 2

“Due to spam complaints of email users in our [Name Removed] webmail system, our investigation shows that your email address is  compromised and is used to send out spam message in our [Name Removed] webmail  system. As a result, your Username will be disabled if you do not send us the required information within 24hrs.” (sic)

As with other phishing messages, these are adapted to look like they are coming from a specific organization and are then targeted towards members of that organization. One of the common features of webmail phishing is that the message is only in text. Unlike traditional phishing messages, the message does not contain a fraudulent URL link. The recipient is asked to use the address in the "Reply To" header or an email address in the message body to respond to the webmail phishing message.
 
It is clear that as long as the profit motive exists, the purveyors of phishing messages will continue to evolve and adapt their techniques to try and scam individuals and organizations.