Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Phishing Attack Targeting Home Routers with Default Settings

by Fox Van Allen on February 26, 2015

TP-Link AC 1200 RouterMany of us neglect to change the default settings on our home routers, assuming that the tiny little box sitting in our house is safe. But that could be a huge mistake, according to a new report from security firm Proofpoint. The company says it has detected a four-week phishing campaign designed to quietly alter the settings on victims’ routers to steal online banking credentials and other sensitive personal data.

In the attack, which primarily targeted Brazilian Internet users, targets were sent an email referencing a fictitious unpaid bill from their ISP. A link inside that email directed unsuspecting victims to a malicious website that performs an attack on known vulnerabilities in UT Starcom and TP-Link routers. A script is then run to change the router’s domain name system (DNS) settings, allowing the crooks to redirect online banking sessions to spoof websites designed to steal login information.

The scariest part about this attack is that it operates under the radar – your anti-virus software won’t be able to detect it. “There is virtually no trace of this thing except for an email,” said Proofpoint Vice President of Advanced Security and Governance Kevin Epstein. “And even if your average user knows to look at his router’s DNS settings, he’s unlikely to notice anything wrong or even know what his normal DNS settings should be.”

Though this particular attack focused on Brazil, its mechanism could easily be repurposed to target those of us in the United States. Therefore, it’s important to change the default administrative credentials on your home router (i.e., its password) now before it's too late. Many routers have information about how to do this printed on a label on its underside. Otherwise, you can visit to look up information about your specific make and model.

For more information about this malicious new attack, and more information about checking and changing your router settings, visit Krebs on Security. You should check out Techlicious’s picks for the best PC security software to make sure you’re protected against other threats, as well.

[Image credit: TP-Link]


Internet & Networking, News, Computers and Software, Computer Safety & Support, Blog

Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.