Email Security Blog

The Heartache from Heartbleed Has Only Just Begun

Agari April 11, 2014 Cybercrime, DMARC
Fallback Featured Image

If you haven’t already, over the next several days you will get email notifications from various companies – from retailers that deliver your socks, to the card companies that manage your frequent flyer programs, to the bank that holds your mortgage – with a subject that includes the phrase “Security Update”. The email will suggest that you should change your password on the company’s site and some will include a helpful link to start the process.

The reason for this notification is the Heartbleed vulnerability in the OpenSSL library. This bug essentially means that passwords and other sensitive data from servers across the Internet may have been compromised. Security expert Bruce Schneier says Heartbleed “is an 11” on the scale of 1 to 10 because of the scale of the compromise and the type of information that may have been leaked. The bug impacts a significant number of services, companies and sites – estimates suggest about two-thirds of the world’s web servers. Companies that own these servers will need to update the software on these servers and many will notify their customers to change their passwords.

While many of the email notifications will be legitimate, criminals will use this opportunity to trick consumers into revealing passwords. They will do so by sending spoofed security-related emails purporting to come from popular brands and services. These spoofed emails will include password-reset links that take the recipients to fake sites that phish usernames, passwords and other sensitive information. This is a common pattern when a breach or vulnerability is revealed – criminals often attempt a one-two punch to get access to even more sensitive or valuable information from customers of the impacted company. This time, of course, the potential targets of such phishing attempts will be almost everyone on the Internet.

Even when you see an email you believe to be legitimate, do not click on links within the email to reset your password. Instead, go directly to the site or service in question.

Some of the top brands on the Internet, including Facebook, Yahoo! and JP Morgan Chase use an open standard called DMARC to protect their customers from such spoofing attacks. DMARC allows a company to ensure that only legitimate emails representing their brand are delivered. Consumers of brands that use DMARC are better protected from email attacks of all types, including the ones triggered by unfortunate circumstances like Heartbleed.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 18, 2019 Ronnie Tokazowski

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings…

Agari Blog Image

April 17, 2019 Fareed Bukhari

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Scammers know that impersonating a trusted government agency is an extremely effective way to trick…

Agari Blog Image

April 4, 2019 Crane Hassold

Evolving Tactics: London Blue Starts Spoofing Target Domains

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email…

Agari Blog Image

March 27, 2019 Ronnie Tokazowski

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

One of the trends that has been slowly creeping up across the BEC threat landscape…

Checking Email on Phone

March 19, 2019 James Linton

BEC Goes Mobile as Cybercriminals Turn to SMS

Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics…

mobile image