UK Home Office Crime Reduction Website Hosted Italian Phishing Scam
UK Home Office crime reduction website (crimereduction.homeoffice.gov.uk) was hacked on Monday. The attackers used the hacked website to host an Italian phishing website. Remote file inclusion exploit was used to launch the phished page off the web server hosting Crime Reduction website on homeoffice.gov.uk. As a result of the SQL Injection attack a page resembling the www.poste.it site was served up so that it appeared to come from the homeoffice.gov domain. Poste.it is a website of an Italian bank and is a frequent target of phishing attacks.
According to net security firm, phishing fraudsters used the POST method so that phished data submitted by victims was sent to them. It is unclear why they picked a government page located in the UK to host a phishing attack. Usually phishers pick or register a domain name for the fake website that looks as much as possible to the original website to confuse the victims.
The Home Office pulled the rogue content from its site early on Monday morning. This attack is another example of cybrecriminals abusing security exploits on trusted websites to serve up fraudulent content such as fake phishing pages or install malware. Home Office crime reduction website joins a long list of other UK government sites and US Department of Homeland Security website that were abused by attackers during last months. The fact this time it is a crime reduction website should be extra-embarrassing for this British government department.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.