A new threat has emerged for email. This phishing attempt tries to trick users into ‘updating’ their Firefox browser. If they click, they’ll be redirected to a website that attempts to install ‘backdoor software‘ that can harm the end user’s machine.
The email made its rounds this weekend on unprotected email networks and is an example of the type of pernicious attacks that are so prevalent these days. Unlucky users who attempted to ‘upgrade their Firefox’ instead had a version of Mozilla Firefox 5.0.1 that included a pre-loaded password-stealing program installed. This could cause network breaches and regulatory compliance issues if done on a business network.
For regular users of Firefox, it’s doubtful this email was convincing. Firefox updates itself in most cases, so you wouldn’t have to visit a website to do it. Phishing attempts like this always rely on the fact that people aren’t knowledgeable about attacks or don’t follow basic security practices. For the ones who don’t, the consequences can be serious. A lost password can result in major data loss, which can be hugely disastrous to organizations, professionals, or businesses.
The complete text of the email is this:
A Firefox software update is a quick download of small amounts of new code to your existing Firefox browser. These small patches can contain security fixes or other little changes to the browser to ensure that you are using the best version of Firefox available.
Firefox is constantly evolving as our community finds ways to make it better, and as we adjust to the latest security threats. Keeping your Firefox up-to-date is the best way to make sure that you are using the smartest, fastest and . most importantly . safest version of Firefox available.
A Firefox update will not make any changes to your bookmarks, saved passwords or other settings. However, there is a possibility that some of your Add-ons won.t be immediately compatible with new updates.
For security reasons please update your firefox version now
Needless to say, this email should be ignored. If you get it, delete it at once without clicking links. Next, switch your email service to a cloud email security plan that eliminates all threats like this before they ever hit your corporate mail server.