February 2, 2013 by huionn
Yesterday I read Kill the Password: Why a String of Characters Can’t Protect Us Anymore on Wired.com.
Out of curiosity, I checked my GMail spam box and found an email from “Facebook”
The catch is that the email was from firstname.lastname@example.org (American International Group).
I got the bait link in the email (don’t go to the site as the site is currently identified as malware site)
<a href="http://cozproject.com/alpert.html?fb=huionn" style="font-weight:bold;color:#fff;font-size:13px;text-decoration:none" target="_blank">Go To Facebook</a>
Google Chrome blocked me with malware alert when I tried to access the site.
What are noteworthy:
1) The email has been hacked by hacker to send email. The hackers uses legit email as it will be less suspicious to mail server.
2) The email look very similar to Facebook notification. People may just click the link to go to the infected site.
3. The website is likely a legitimate site that has been compromised (aka hacked).