It has been discovered that ISPs around the world are receiving fake copyright infringement notices and settlement demands in hopes that ISPs will pass it on to their customers. Lamar Bailey, Senior Director of Security R&D for Tripwire commented below.
Lamar Bailey, Senior Director of Security R&D at Tripwire:
“Phishing attacks are become very sophisticated and timely. The attackers are using current events and trends to trick targets into installing malware or disclosing personal information that is used in follow up attacks. The attacks can be very specific to the target which makes them harder to detect. This attack adds another layer to make it appear more legitimate by trying to trick the ISP with fake notices in hopes that the ISP will forward them to the end users. If successful the end user will be getting the fake notice from the real ISP which adds to the credibility from the users’ perspective. It may be time to re-evaluate email and start requiring PGP/GPG signing for communications between businesses and users.”