Swathes of search engine poisoning and Tumblr hacking spotted in latest security threats report

The phishing of Tumblr, which allows users to share interesting web reports - including audio and video files - with their friends and colleagues, compromised around 8,000 accounts on the service, says the monthly report.

In addition, says the analysis, June saw scammers distributing rogue antivirus software by taking advantage of search traffic related to popular Pokemon video games, as well as luring users to fill out seemingly endless fake questionnaires.

Chris Boyd, senior threat researcher with GFI Software, said that the Tumblr phishing and spam attacks highlight the importance of building greater awareness about online threats and simple tactics we can all use to defend ourselves.

"Some of the attacks we saw in June were aimed at compromising social networking login credentials knowing that many people still use the same username and password for all their online activities, including banking, shopping and email", he said.

"It is important for users on any social networking site to approach content that looks out of place with care since, as seen on Tumblr, seemingly innocuous attacks can evolve into more serious threats", he added.

According to Boyd - aka Paperghost on Twitter - users should strengthen their passwords and vary them across all their online accounts to limit user risk and exposure if one is compromised.

The report notes that phishing scams have become increasingly common on social networking sites as scammers have become savvier and bolder in their attacks.

In recent months, says the analysis, scammers have used surveys, competitions and the promise of adult content to entice Internet users into divulging their personal information.

As the summer months continue to roll on, the report warns that internet users should be wary of topical threats, which are potential targets for fake antivirus attacks, search engine poisoning and survey scams.

These may include the final Harry Potter film and increasing interest in recently announced Republican presidential candidates.

 

What’s hot on Infosecurity Magazine?