Home Office website ‘owned’!

Yesterday we detected a remote SQL injection attack on a UK Home Office crime reduction website. Fraudsters used the exploit to host an Italian phishing website. The aim of this attack was to trick clients of a well known Italian bank into handing over their Internet login credentials.

Daily, we are seeing more and more phishing attacks. We advise internet users and online banking users in particular never to enter their credentials into any website which they were taken to by an email or instant messenger link. Always check that the website address is what you would expect ( i.e www.prevxxx.com and www.prevx.234234.com are not the same as www.prevx.com - this looks obvious but you wouldn’t believe how many people fall for it). Also, you should always check for https (and certificate information) when entering confidential information.

To read more about the attack please visit The Register who reported the story.