Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | The Best Holiday Gifts | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Top News Stories

author photo

Phishing Attack Targeting Home Routers with Default Settings

by on February 26, 2015
in Internet & Networking, News, Computers and Software, Computer Safety & Support, Blog :: 0 comments

TP-Link AC 1200 RouterMany of us neglect to change the default settings on our home routers, assuming that the tiny little box sitting in our house is safe. But that could be a huge mistake, according to a new report from security firm Proofpoint. The company says it has detected a four-week phishing campaign designed to quietly alter the settings on victims’ routers to steal online banking credentials and other sensitive personal data.

In the attack, which primarily targeted Brazilian Internet users, targets were sent an email referencing a fictitious unpaid bill from their ISP. A link inside that email directed unsuspecting victims to a malicious website that performs an attack on known vulnerabilities in UT Starcom and TP-Link routers. A script is then run to change the router’s domain name system (DNS) settings, allowing the crooks to redirect online banking sessions to spoof websites designed to steal login information.

The scariest part about this attack is that it operates under the radar – your anti-virus software won’t be able to detect it. “There is virtually no trace of this thing except for an email,” said Proofpoint Vice President of Advanced Security and Governance Kevin Epstein. “And even if your average user knows to look at his router’s DNS settings, he’s unlikely to notice anything wrong or even know what his normal DNS settings should be.”

Though this particular attack focused on Brazil, its mechanism could easily be repurposed to target those of us in the United States. Therefore, it’s important to change the default administrative credentials on your home router (i.e., its password) now before it's too late. Many routers have information about how to do this printed on a label on its underside. Otherwise, you can visit routerpasswords.com to look up information about your specific make and model.

For more information about this malicious new attack, and more information about checking and changing your router settings, visit Krebs on Security. You should check out Techlicious’s picks for the best PC security software to make sure you’re protected against other threats, as well.

[Image credit: TP-Link]



Discussion loading

© 2015 Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

site design: Juxtaprose