Thousands of business people using Microsoft Outlook Web Access are being targeted by spear phishing attacks.
Security firm Websense revealed that victims were being targeted by an email that looks like it is from their company's technical support, telling them they needed to click through to a site to apply mailbox setting changed due to a security upgrade'.
This is actually a phishing site, which is mocked up to look just like it is part of Microsoft's online email system, which lets users check Outlook accounts from the internet. Websense said it was seeing 30,000 of these messages per hour, and that they had low antivirus detection rates.
"It is spear phishing, but on a grand scale that we've never seen before," said Didier Guibal, vice president of worldwide sales for Websense, stating that only business users were targeted with this attack.
"Obviously they have profiled different companies and done their homework. Spear phishing is becoming very common, but to this level and to many different companies at the same time is very new."
Websense wouldn't name the companies involved, as it first needed to let them know they had been targeted.
Once the user reaches the phishing site they are required to fill in their security profile that allows a criminal to access their email account.
Additionally, Guibal revealed that if a user downloaded a file from the fake Microsoft Outlook Web Access page, their system would become part of a botnet called Zbot.
Guibal said: "This is now a [compromised] workstation within the network, behind the firewall with full access. Bots would be able to roam throughout the network."
