Comcast phishing site contains valid TRUSTe seal

Security researchers from Sophos are reporting on an intercepted Comcast-themed phishing email, which contains a valid TRUSTe seal.

UPDATED with response from TRUSTe. Security researchers from Sophos are reporting on an intercepted Comcast-themed phishing email, which contains a valid TRUSTe seal.

More on the phishing email:

Like many other sites that are compromised to host phishing pages, this one appears to have been compromised through vulnerable FrontPage server extensions.Yes, I said FrontPage. The old Microsoft Office package used for building and publishing web sites. Microsoft discontinued support for FrontPage publishing extensions in 2006 and they have been the source of many web site vulnerabilities over the last 15 years.The fake page is an identical copy of the real Comcast XFINITY login page, and surprisingly includes a fully functional TRUSTe logo which may lend further credibility to the site.

Cybercriminals often take advantage of visual social engineering elements, by embedding logos of reputable and trusted brands in order to improve of authenticity of their bogus content.

Users are advised to keep in mind the fact that these security and privacy seals often have limited applicability in real-life situations, in particular in the process of ensuring a web site's CIA (Confidentiality, Integrity and Availability).

UPDATED, response from TRUSTe:

TRUSTe is taking appropriate steps to escalate and resolve the situation, as the company takes any attempt to mis-use its brand very seriously.TRUSTe encounters periodic attempts to mis-use its brand. The most common example is a company placing a copy of the TRUSTe Privacy Seal on their website without going through the certification process in some cases the site or page they place the seal on is designed to fraudulently collect customer information. TRUSTe has a well documented procedure to quickly have the seal removed - and when necessary have the site shut down.The particular instance you raise involved a different scenario whereby an unauthorized party placed a copy of TRUSTe's Privacy Seal onto a webpage and linked the Seal to TRUSTe's Privacy Validation Page.

Upon notification of this issue, TRUSTe initiated its escalation process to have the site shut down.As an added precaution, TRUSTe has identified some security changes which it is implementing to prevent the launch of a Privacy Validation Page linked to the un-authorized use of the Privacy Seal. The company will be rolling this feature out to all of its clients as quickly as possible.TRUSTe will also continue to maintain a separate online directory which enables a user to verify if a specific website they are visiting has been certified by TRUSTe and authorized to display the Privacy Seal plus link to the Privacy Validation Page.I hope this helps provide better insight into the issue and what's being done to resolve it both in the short and long term. Please let me know if you have further questions or are interested in speaking with a TRUSTe representative further.

Find out more about Dancho Danchev at his LinkedIn profile, or follow him on Twitter.

Show Comments