19 November 2008 No Comment

The Trend Micro Content Security Team just discovered a phishing attack targeting Slingshot Communications, Inc. A phishing email pretends to update a customer’s existing account. It also includes the legitimate contact number of the company to make it seem authentic.

Figure 1. Phishing email sent to users

Figure 2. The Slingshot phishing site

Slingshot Communications, Inc. is the company that pioneered the business of prepaid Internet service. It is best known for its unique, stored value pay-as-you-go format of giving high-speed wireless Internet service to its customers. With these kind of services, unknowing users who might think that this is a legitimate notification from Slingshot, may volunteer their credentials and by that, phishers can now take advantage by using their accounts.

The malicious URLs used in this phishing attack are now blocked by the Trend Micro Smart Protection Network.